Who I am#
I’m Rishipal Yadav — a CISSP-certified cybersecurity professional based in Gurugram, India. I hold an M.Eng in Cybersecurity from the University of Maryland, College Park (where I was selected as an RSA Conference Security Scholar ‘24), and a B.Tech in Computer Engineering from SVNIT, Surat.
My career has taken me from building production security infrastructure at HSBC, to running an end-to-end ISO 27001 program at Cyble, to advising Fortune-scale clients on data governance and GenAI risk at PwC, to leading enterprise GRC audits at Uniqus Consultech. Across all of it, the thread has been the same: making security rigorous, practical, and human.
I’m also the person writing not your CISO — straight talk on cybersecurity for practitioners who are tired of jargon and theatre.
What I focus on#
GRC & regulatory compliance — I’ve implemented and audited against ISO 27001, NIST CSF 2.0, the RBI Cyber Resilience Framework, and NIST RMF. My interest is in how organisations translate regulatory requirements into security programs that actually work operationally, not just on paper.
Cloud security — I’ve worked across GCP, AWS, and Azure, including building Microsoft Purview-based DLP solutions and advising on secure GenAI adoption (Copilot for M365). I’m particularly interested in cloud-native data governance and the security implications of AI integration into enterprise environments.
Geopolitics & nation-state threats — How do state-sponsored actors target critical infrastructure, and how do we measure and model that risk? My research at UMD applied the Strategic Disruption Index to US pipeline infrastructure. This sits at the edge of cybersecurity and public policy, which is where I find the most interesting problems.
Academic research — I believe practitioners who publish make the field better. My work on attack surface measurement for US county governments was published through UMD’s School of Public Policy. I’m interested in computational approaches to measuring and communicating cyber risk at a policy level.
Certifications#
| Credential | Issuer |
|---|---|
| CISSP | (ISC)² |
| GIAC Security Essentials (GSEC) | GIAC / SANS |
| Associate Cloud Engineer (GCP-ACE) | Google Cloud |
| Certificate of Cloud Security Knowledge (CCSK) | CSA |
| Azure Fundamentals (AZ-900) | Microsoft |
| Diploma in Cyber Law | Asian School of Cyber Laws |
Recognition#
RSA Conference Security Scholar ‘24 — Selected as part of a competitive cohort of early-career security professionals recognised by the RSA Conference. Learn more about the program →
Skills & tools#
GRC frameworks — ISO 27001, NIST CSF 2.0, RBI Cyber Resilience Framework, NIST RMF, PCI-DSS
Security tools — Microsoft Purview, IBM Guardium, Wireshark, Burp Suite, Nmap, Nessus, Metasploit, GoPhish, ZAP
Cloud platforms — Google Cloud Platform, Microsoft Azure, Amazon Web Services
Programming — Python, Bash, Java, C, SQL (MySQL, MongoDB), Git, HTML/CSS
Featured writing#
Academic contributions#
Technical Program Committee — ICISPD International Conference on Information Security, Privacy and Digital Forensics · NIT Goa Reviewing and providing feedback on submitted research papers across information security, privacy, and digital forensics.
Technical Program Committee — ISPDA International Conference on Security, Privacy and Data Analytics · SVNIT, Surat Reviewing and providing feedback on submitted research papers across security, privacy, and data analytics.
Guest Speaker — SVNIT, Surat Invited to speak across multiple Short Term Training Programs (SSTPs):
- Security Risk Assessment and Management — STTP on Cyber Threat Intelligence and Digital Forensics (March 2021)
- Software Development and Web Security — STTP on Cyber Security and Penetration Testing (January 2021)
- Industry Perspective on Cybersecurity — STTP on Blockchain Technologies and Internet of Things (December 2020)
Get in touch#
I’m open to conversations about GRC, cloud security, critical infrastructure research, or the state of the industry. Reach me at yadav.rishipal001@gmail.com or on LinkedIn.