<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Rishipal Yadav on Rishipal Yadav · not your CISO</title><link>https://rishipalyadav.github.io/</link><description>Recent content in Rishipal Yadav on Rishipal Yadav · not your CISO</description><generator>Hugo -- gohugo.io</generator><language>en</language><copyright>© 2026 Rishipal Yadav</copyright><lastBuildDate>Thu, 24 Apr 2025 00:00:00 +0000</lastBuildDate><atom:link href="https://rishipalyadav.github.io/index.xml" rel="self" type="application/rss+xml"/><item><title>The Audit Room Has Two Stories And Neither Is the Full Truth</title><link>https://rishipalyadav.github.io/posts/audit-room-two-stories/</link><pubDate>Thu, 24 Apr 2025 00:00:00 +0000</pubDate><guid>https://rishipalyadav.github.io/posts/audit-room-two-stories/</guid><description>&lt;blockquote&gt;&lt;p&gt;&lt;em&gt;This article was originally published in &lt;a href="https://medium.com/dark-roast-security" target="_blank" rel="noreferrer"&gt;Dark Roast Security&lt;/a&gt; on Medium. &lt;a href="https://notyourciso.medium.com/the-audit-room-has-two-stories-and-neither-is-the-full-truth-06fb15fe3341" target="_blank" rel="noreferrer"&gt;Read the full post →&lt;/a&gt;&lt;/em&gt;&lt;/p&gt;
&lt;/blockquote&gt;&lt;p&gt;Every audit room has two stories playing simultaneously. The auditor walks in with a checklist, a mandate, and the quiet authority of an independent assessor. The auditee walks in with months of prep, a defensive posture, and the knowledge that something will be found — the only question is what.&lt;/p&gt;
&lt;p&gt;The problem is neither side is telling their story particularly well. And that communication gap is where audits go from being useful to being theatre.&lt;/p&gt;</description></item><item><title>Cyber Risk to US Pipeline Critical Infrastructure — A Strategic Disruption Analysis</title><link>https://rishipalyadav.github.io/research/pipeline-critical-infrastructure-sdi/</link><pubDate>Wed, 01 May 2024 00:00:00 +0000</pubDate><guid>https://rishipalyadav.github.io/research/pipeline-critical-infrastructure-sdi/</guid><description>&lt;p&gt;&lt;strong&gt;Course:&lt;/strong&gt; ENPM808 — Independent Study, University of Maryland&lt;br&gt;
&lt;strong&gt;Advisor:&lt;/strong&gt; &lt;a href="https://spp.umd.edu/our-community/faculty-staff/charles-harry" target="_blank" rel="noreferrer"&gt;Prof Charles Harry →&lt;/a&gt;, School of Public Policy, UMD College Park&lt;br&gt;
&lt;strong&gt;Period:&lt;/strong&gt; 2024&lt;br&gt;
&lt;strong&gt;Focus:&lt;/strong&gt; Geopolitics, critical infrastructure, computational risk modelling&lt;/p&gt;
&lt;hr&gt;

&lt;h2 class="relative group"&gt;Summary
 &lt;div id="summary" class="anchor"&gt;&lt;/div&gt;
 
 &lt;span
 class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"&gt;
 &lt;a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#summary" aria-label="Anchor"&gt;#&lt;/a&gt;
 &lt;/span&gt;
 
&lt;/h2&gt;
&lt;p&gt;This independent study explored the cybersecurity ecosystem around US critical infrastructure — specifically pipeline networks — through a computational and policy lens. The research examined the intersection of cybersecurity frameworks and geopolitical risk, focusing on how nation-state actors could target energy infrastructure and how that risk can be quantified.&lt;/p&gt;</description></item><item><title>Security Awareness Training: A Design Thinking Project</title><link>https://rishipalyadav.github.io/posts/security-awareness-design-thinking/</link><pubDate>Sat, 27 Apr 2024 00:00:00 +0000</pubDate><guid>https://rishipalyadav.github.io/posts/security-awareness-design-thinking/</guid><description>&lt;blockquote&gt;&lt;p&gt;&lt;em&gt;This article was originally published on &lt;a href="https://notyourciso.medium.com" target="_blank" rel="noreferrer"&gt;not your CISO&lt;/a&gt; on Medium. &lt;a href="https://notyourciso.medium.com/security-awareness-training-a-design-thinking-project-c06686163480" target="_blank" rel="noreferrer"&gt;Read the full post →&lt;/a&gt;&lt;/em&gt;&lt;/p&gt;
&lt;/blockquote&gt;&lt;p&gt;During the last semester (Spring 2024) of my Master of Engineering in Cybersecurity at the University of Maryland, College Park, I joined the Innovation Fellowship cohort at the Academy for Innovation and Entrepreneurship. The project: apply design thinking to security awareness training.&lt;/p&gt;
&lt;p&gt;Security awareness training has a reputation problem. Compliance teams love it. Employees hate it. And the data on whether it actually changes behaviour is, at best, mixed. The question I started with was: what would security awareness training look like if you designed it the way a product designer would — starting with the user, not the policy?&lt;/p&gt;</description></item><item><title>About</title><link>https://rishipalyadav.github.io/about/</link><pubDate>Mon, 01 Jan 2024 00:00:00 +0000</pubDate><guid>https://rishipalyadav.github.io/about/</guid><description>&lt;h2 class="relative group"&gt;Who I am
 &lt;div id="who-i-am" class="anchor"&gt;&lt;/div&gt;
 
 &lt;span
 class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"&gt;
 &lt;a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#who-i-am" aria-label="Anchor"&gt;#&lt;/a&gt;
 &lt;/span&gt;
 
&lt;/h2&gt;
&lt;p&gt;I&amp;rsquo;m Rishipal Yadav — a CISSP-certified cybersecurity professional based in Gurugram, India. I hold an M.Eng in Cybersecurity from the &lt;strong&gt;University of Maryland, College Park&lt;/strong&gt; (where I was selected as an &lt;strong&gt;RSA Conference Security Scholar &amp;lsquo;24&lt;/strong&gt;), and a B.Tech in Computer Engineering from &lt;strong&gt;SVNIT, Surat&lt;/strong&gt;.&lt;/p&gt;
&lt;p&gt;My career has taken me from building production security infrastructure at HSBC, to running an end-to-end ISO 27001 program at Cyble, to advising Fortune-scale clients on data governance and GenAI risk at PwC, to leading enterprise GRC audits at Uniqus Consultech. Across all of it, the thread has been the same: making security rigorous, practical, and human.&lt;/p&gt;</description></item><item><title>Academic Contributions</title><link>https://rishipalyadav.github.io/academic-contributions/</link><pubDate>Mon, 01 Jan 2024 00:00:00 +0000</pubDate><guid>https://rishipalyadav.github.io/academic-contributions/</guid><description>&lt;p&gt;Beyond writing and research, I contribute to the academic security community as a peer reviewer and invited speaker. I believe practitioners who engage with academic work make both worlds better — research gets grounded in operational reality, and practice gets informed by rigorous inquiry.&lt;/p&gt;
&lt;hr&gt;

&lt;h2 class="relative group"&gt;Technical Program Committees
 &lt;div id="technical-program-committees" class="anchor"&gt;&lt;/div&gt;
 
 &lt;span
 class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"&gt;
 &lt;a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#technical-program-committees" aria-label="Anchor"&gt;#&lt;/a&gt;
 &lt;/span&gt;
 
&lt;/h2&gt;

&lt;h3 class="relative group"&gt;ICISPD — International Conference on Information Security, Privacy and Digital Forensics
 &lt;div id="icispd--international-conference-on-information-security-privacy-and-digital-forensics" class="anchor"&gt;&lt;/div&gt;
 
 &lt;span
 class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"&gt;
 &lt;a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#icispd--international-conference-on-information-security-privacy-and-digital-forensics" aria-label="Anchor"&gt;#&lt;/a&gt;
 &lt;/span&gt;
 
&lt;/h3&gt;
&lt;p&gt;&lt;strong&gt;NIT Goa&lt;/strong&gt;&lt;/p&gt;</description></item><item><title>Experience</title><link>https://rishipalyadav.github.io/experience/</link><pubDate>Mon, 01 Jan 2024 00:00:00 +0000</pubDate><guid>https://rishipalyadav.github.io/experience/</guid><description>&lt;h2 class="relative group"&gt;&lt;a
 class="!rounded-md bg-primary-600 px-4 py-2 !text-neutral !no-underline hover:!bg-primary-500 dark:bg-primary-800 dark:hover:!bg-primary-700"
 href="https://rishipalyadav.github.io/resume.pdf"
 target="_blank"
 
 role="button"&gt;
 
Download resume (PDF) →

&lt;/a&gt;

 &lt;div id="hahahugoshortcode8s0hbhb" class="anchor"&gt;&lt;/div&gt;
 
 &lt;span
 class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"&gt;
 &lt;a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#hahahugoshortcode8s0hbhb" aria-label="Anchor"&gt;#&lt;/a&gt;
 &lt;/span&gt;
 
&lt;/h2&gt;

&lt;h2 class="relative group"&gt;Current role
 &lt;div id="current-role" class="anchor"&gt;&lt;/div&gt;
 
 &lt;span
 class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"&gt;
 &lt;a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#current-role" aria-label="Anchor"&gt;#&lt;/a&gt;
 &lt;/span&gt;
 
&lt;/h2&gt;

&lt;h3 class="relative group"&gt;Assistant Manager — Cybersecurity · Uniqus Consultech
 &lt;div id="assistant-manager--cybersecurity--uniqus-consultech" class="anchor"&gt;&lt;/div&gt;
 
 &lt;span
 class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"&gt;
 &lt;a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#assistant-manager--cybersecurity--uniqus-consultech" aria-label="Anchor"&gt;#&lt;/a&gt;
 &lt;/span&gt;
 
&lt;/h3&gt;
&lt;p&gt;&lt;strong&gt;Gurugram, India · August 2025 – Present&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;Leading enterprise-scale GRC engagements across financial services and regulated industries.&lt;/p&gt;</description></item><item><title>Measuring the Integrated Cyber Attack Surface Across US County Government Networks</title><link>https://rishipalyadav.github.io/research/cyber-attack-surface-county-governments/</link><pubDate>Mon, 01 May 2023 00:00:00 +0000</pubDate><guid>https://rishipalyadav.github.io/research/cyber-attack-surface-county-governments/</guid><description>&lt;p&gt;&lt;strong&gt;Institution:&lt;/strong&gt; University of Maryland — School of Public Policy&lt;br&gt;
&lt;strong&gt;Advisor:&lt;/strong&gt; &lt;a href="https://spp.umd.edu/our-community/faculty-staff/charles-harry" target="_blank" rel="noreferrer"&gt;Prof Charles Harry →&lt;/a&gt;, School of Public Policy, UMD College Park&lt;br&gt;
&lt;strong&gt;Period:&lt;/strong&gt; Fall 2022 – Spring 2023&lt;br&gt;
&lt;strong&gt;Full paper:&lt;/strong&gt; &lt;a href="https://osf.io/hf3sn/" target="_blank" rel="noreferrer"&gt;Read on OSF →&lt;/a&gt;&lt;/p&gt;
&lt;hr&gt;

&lt;h2 class="relative group"&gt;Summary
 &lt;div id="summary" class="anchor"&gt;&lt;/div&gt;
 
 &lt;span
 class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"&gt;
 &lt;a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#summary" aria-label="Anchor"&gt;#&lt;/a&gt;
 &lt;/span&gt;
 
&lt;/h2&gt;
&lt;p&gt;This research developed a methodology to measure and compare the integrated cyber attack surface of US county government networks — a sector that is often overlooked in cybersecurity policy discussions despite being responsible for critical local services.&lt;/p&gt;</description></item><item><title>LinkedIn OSINT for a Quick Background Check: A Guide for HR</title><link>https://rishipalyadav.github.io/posts/linkedin-osint-background-check/</link><pubDate>Thu, 27 Apr 2023 00:00:00 +0000</pubDate><guid>https://rishipalyadav.github.io/posts/linkedin-osint-background-check/</guid><description>&lt;blockquote&gt;&lt;p&gt;&lt;em&gt;This article was originally published on &lt;a href="https://notyourciso.medium.com" target="_blank" rel="noreferrer"&gt;not your CISO&lt;/a&gt; on Medium. &lt;a href="https://notyourciso.medium.com/linkedin-osint-for-a-quick-background-check-a-guide-for-hrs-f63dc6b6ac74" target="_blank" rel="noreferrer"&gt;Read the full post →&lt;/a&gt;&lt;/em&gt;&lt;/p&gt;
&lt;/blockquote&gt;&lt;p&gt;Most organisations run background checks before someone joins. But the standard checks - employment verification, criminal records — often miss what&amp;rsquo;s hiding in plain sight on LinkedIn. Open source intelligence (OSINT) techniques, applied to a public professional profile, can surface inconsistencies, red flags, and gaps that formal checks don&amp;rsquo;t catch.&lt;/p&gt;
&lt;p&gt;This guide is for HR professionals and hiring managers who want to use LinkedIn more systematically as part of due diligence — without crossing into surveillance.&lt;/p&gt;</description></item><item><title>ChatGPT Policy for Your Organisation: The CISO's Concern</title><link>https://rishipalyadav.github.io/posts/chatgpt-policy-ciso-concern/</link><pubDate>Sun, 09 Apr 2023 00:00:00 +0000</pubDate><guid>https://rishipalyadav.github.io/posts/chatgpt-policy-ciso-concern/</guid><description>&lt;blockquote&gt;&lt;p&gt;&lt;em&gt;This article was originally published on &lt;a href="https://notyourciso.medium.com" target="_blank" rel="noreferrer"&gt;not your CISO&lt;/a&gt; on Medium. &lt;a href="https://notyourciso.medium.com/chatgpt-policy-for-your-organisation-the-cisos-concern-dcc073fa161f" target="_blank" rel="noreferrer"&gt;Read the full post →&lt;/a&gt;&lt;/em&gt;&lt;/p&gt;
&lt;/blockquote&gt;&lt;p&gt;ChatGPT has been a buzzword for some time now. Be it a new product built on top of it or another capability announcement, just when you think the hype has peaked, something new drops. And through all of it, security teams have been quietly scrambling to figure out what their policy actually is.&lt;/p&gt;
&lt;p&gt;This is not a technical breakdown of how large language models work. This is a practitioner&amp;rsquo;s take on the questions a CISO — or anyone responsible for security — needs to answer before their organisation gets too comfortable with ChatGPT in the workflow.&lt;/p&gt;</description></item><item><title>You Must Remove Text Message Two-Factor Authentication</title><link>https://rishipalyadav.github.io/posts/remove-sms-two-factor-authentication/</link><pubDate>Sat, 18 Feb 2023 00:00:00 +0000</pubDate><guid>https://rishipalyadav.github.io/posts/remove-sms-two-factor-authentication/</guid><description>&lt;blockquote&gt;&lt;p&gt;&lt;em&gt;This article was originally published on &lt;a href="https://notyourciso.medium.com" target="_blank" rel="noreferrer"&gt;not your CISO&lt;/a&gt; on Medium. &lt;a href="https://notyourciso.medium.com/you-must-remove-text-message-two-factor-authentication-df0b43e55e5d" target="_blank" rel="noreferrer"&gt;Read the full post →&lt;/a&gt;&lt;/em&gt;&lt;/p&gt;
&lt;/blockquote&gt;&lt;p&gt;Last night, just before I went to sleep, I decided to check Twitter. The first thing I saw was the announcement that Twitter was removing SMS-based two-factor authentication for non-Twitter Blue users. The reaction was predictably split — some celebrated, some panicked.&lt;/p&gt;
&lt;p&gt;Both reactions missed the point.&lt;/p&gt;
&lt;p&gt;SMS-based 2FA is not secure. It is better than a password alone, but SIM-swapping attacks have made it a weak link that sophisticated attackers exploit routinely. The Twitter decision — however poorly communicated — is directionally correct. The question for security teams and individuals alike is: what replaces it?&lt;/p&gt;</description></item><item><title>Bridging the Skill Gap in Cybersecurity — Hire Generalists, Create Specialists!</title><link>https://rishipalyadav.github.io/posts/bridging-skill-gap-hire-generalists/</link><pubDate>Fri, 20 Jan 2023 00:00:00 +0000</pubDate><guid>https://rishipalyadav.github.io/posts/bridging-skill-gap-hire-generalists/</guid><description>&lt;blockquote&gt;&lt;p&gt;&lt;em&gt;This article was originally published on &lt;a href="https://notyourciso.medium.com" target="_blank" rel="noreferrer"&gt;not your CISO&lt;/a&gt; on Medium. &lt;a href="https://notyourciso.medium.com/bridging-the-skill-gap-in-cybersecurity-hire-generalists-create-specialists-1a730e84b521" target="_blank" rel="noreferrer"&gt;Read the full post →&lt;/a&gt;&lt;/em&gt;&lt;/p&gt;
&lt;/blockquote&gt;&lt;p&gt;I have seen a lot of posts about the skill gap, unrealistic hiring expectations, and the number of open security roles. Most of them circle the same frustration: organisations want five years of experience in a technology that has existed for two, and then complain they can&amp;rsquo;t hire.&lt;/p&gt;
&lt;p&gt;But I think the framing is wrong. The skill gap isn&amp;rsquo;t primarily a supply problem — it&amp;rsquo;s a hiring and development problem. Organisations have been optimising for the role they need filled today, not the practitioner they need in three years.&lt;/p&gt;</description></item><item><title>Cybersecurity Roadmap 2023: How Do I Start in Cybersecurity?</title><link>https://rishipalyadav.github.io/posts/cybersecurity-roadmap-2023/</link><pubDate>Fri, 13 Jan 2023 00:00:00 +0000</pubDate><guid>https://rishipalyadav.github.io/posts/cybersecurity-roadmap-2023/</guid><description>&lt;blockquote&gt;&lt;p&gt;&lt;em&gt;This article was originally published on &lt;a href="https://notyourciso.medium.com" target="_blank" rel="noreferrer"&gt;not your CISO&lt;/a&gt; on Medium. &lt;a href="https://notyourciso.medium.com/cybersecurity-roadmap-2023-how-do-i-start-in-cybersecurity-6117386e1e88" target="_blank" rel="noreferrer"&gt;Read the full post →&lt;/a&gt;&lt;/em&gt;&lt;/p&gt;
&lt;/blockquote&gt;&lt;p&gt;How do I start in cybersecurity? What basic skills do I need to get into cybersecurity?&lt;/p&gt;
&lt;p&gt;These are the questions I get most often — from students, from software engineers eyeing a pivot, from IT professionals who want to move into security. There is no single right answer, but there are a lot of wrong approaches, and this guide is my attempt to cut through the noise.&lt;/p&gt;</description></item><item><title>Operational Security 101</title><link>https://rishipalyadav.github.io/posts/operational-security-101/</link><pubDate>Wed, 04 Jan 2023 00:00:00 +0000</pubDate><guid>https://rishipalyadav.github.io/posts/operational-security-101/</guid><description>&lt;blockquote&gt;&lt;p&gt;&lt;em&gt;This article was originally published in &lt;a href="https://osintteam.blog" target="_blank" rel="noreferrer"&gt;OSINT Team&lt;/a&gt; on Medium. &lt;a href="https://notyourciso.medium.com/operational-security-101-79697f48cbaf" target="_blank" rel="noreferrer"&gt;Read the full post →&lt;/a&gt;&lt;/em&gt;&lt;/p&gt;
&lt;/blockquote&gt;&lt;p&gt;Last week, Andrew Tate got into a Twitter fight with Greta Thunberg, both taking jibes at each other. It got ugly — and the next day, Romanian authorities used a pizza box visible in his response video to confirm his location and arrest him.&lt;/p&gt;
&lt;p&gt;You genuinely could not write a better operational security case study.&lt;/p&gt;
&lt;p&gt;Operational security, or OPSEC, started as a military concept — protecting information about your own operations from an adversary who might use it against you. In the digital age, it applies to everyone: activists, executives, journalists, and apparently influencers who pick fights on Twitter.&lt;/p&gt;</description></item><item><title>So You Do Not Want to Become a CISO Anymore?</title><link>https://rishipalyadav.github.io/posts/so-you-dont-want-to-become-a-ciso/</link><pubDate>Sun, 09 Oct 2022 00:00:00 +0000</pubDate><guid>https://rishipalyadav.github.io/posts/so-you-dont-want-to-become-a-ciso/</guid><description>&lt;blockquote&gt;&lt;p&gt;&lt;em&gt;This article was originally published on &lt;a href="https://notyourciso.medium.com" target="_blank" rel="noreferrer"&gt;not your CISO&lt;/a&gt; on Medium. &lt;a href="https://notyourciso.medium.com/so-you-do-not-want-to-become-a-ciso-anymore-4436a0c724a9" target="_blank" rel="noreferrer"&gt;Read the full post →&lt;/a&gt;&lt;/em&gt;&lt;/p&gt;
&lt;/blockquote&gt;&lt;p&gt;There has been quite a chatter in the security community for the last couple of weeks. It is always some discussion — be it a new breach, a new framework, or a regulatory shift — but this one felt different.&lt;/p&gt;
&lt;p&gt;The conversation: is the CISO role broken? Between the SolarWinds aftermath, the SEC charging CISOs personally, the expectation of omniscience with the authority of a middle manager, and the burnout rates — a lot of security professionals who once had the CISO job as their north star are quietly reconsidering.&lt;/p&gt;</description></item><item><title>Educate Your Team — Do Not Chase When It Comes to Security</title><link>https://rishipalyadav.github.io/posts/educate-your-team-dont-chase/</link><pubDate>Mon, 05 Sep 2022 00:00:00 +0000</pubDate><guid>https://rishipalyadav.github.io/posts/educate-your-team-dont-chase/</guid><description>&lt;blockquote&gt;&lt;p&gt;&lt;em&gt;This article was originally published on &lt;a href="https://notyourciso.medium.com" target="_blank" rel="noreferrer"&gt;not your CISO&lt;/a&gt; on Medium. &lt;a href="https://notyourciso.medium.com/educate-your-team-do-not-chase-when-it-comes-to-security-b39925df078a" target="_blank" rel="noreferrer"&gt;Read the full post →&lt;/a&gt;&lt;/em&gt;&lt;/p&gt;
&lt;/blockquote&gt;&lt;p&gt;&lt;em&gt;&amp;ldquo;Hey, could you please complete the security training, it was due two days ago?&amp;rdquo;&lt;/em&gt;&lt;/p&gt;
&lt;p&gt;If that message sounds familiar — either as the person sending it or the one ignoring it — your security awareness program has a problem. And the problem isn&amp;rsquo;t that people are lazy or don&amp;rsquo;t care about security. The problem is that you&amp;rsquo;ve built a compliance exercise and called it a culture.&lt;/p&gt;</description></item><item><title>Back to Office: But What About Security?</title><link>https://rishipalyadav.github.io/posts/back-to-office-security/</link><pubDate>Thu, 28 Jul 2022 00:00:00 +0000</pubDate><guid>https://rishipalyadav.github.io/posts/back-to-office-security/</guid><description>&lt;blockquote&gt;&lt;p&gt;&lt;em&gt;This article was originally published on &lt;a href="https://notyourciso.medium.com" target="_blank" rel="noreferrer"&gt;not your CISO&lt;/a&gt; on Medium. &lt;a href="https://medium.com/@notyourciso/back-to-office-but-what-about-security-9971b00fa0ba" target="_blank" rel="noreferrer"&gt;Read the full post →&lt;/a&gt;&lt;/em&gt;&lt;/p&gt;
&lt;/blockquote&gt;&lt;p&gt;Things are back to normal, and everyone is returning to their offices. Some are ecstatic about free food, coffee, and office gossip. Others are dragging their feet. And most security teams are somewhere in between — quietly aware that two years of remote-first work has created some habits that don&amp;rsquo;t translate well to shared physical spaces.&lt;/p&gt;</description></item><item><title>My Cybersecurity Journey</title><link>https://rishipalyadav.github.io/posts/my-cybersecurity-journey/</link><pubDate>Wed, 25 May 2022 00:00:00 +0000</pubDate><guid>https://rishipalyadav.github.io/posts/my-cybersecurity-journey/</guid><description>&lt;blockquote&gt;&lt;p&gt;&lt;em&gt;This article was originally published in the &lt;a href="https://www.isc2.org/Insights/2022/05/Journey-Into-Cybersecurity-Conversations-with-Cyber-Newcomers-Part-1" target="_blank" rel="noreferrer"&gt;(ISC)² blog&lt;/a&gt; and cross-posted on &lt;a href="https://notyourciso.medium.com" target="_blank" rel="noreferrer"&gt;not your CISO&lt;/a&gt; on Medium. &lt;a href="https://notyourciso.medium.com/my-cybersecurity-journey-f3260df7541" target="_blank" rel="noreferrer"&gt;Read the full post →&lt;/a&gt;&lt;/em&gt;&lt;/p&gt;
&lt;/blockquote&gt;&lt;p&gt;I found my first position at a college placement fair. I began working as a software engineer building a digital security platform at HSBC — designing the backend for secure authentication and authorisation for mobile banking apps. It was more of a software development job, but I had to learn a lot about security concepts to actually do it well.&lt;/p&gt;</description></item><item><title>Preserving Location Privacy</title><link>https://rishipalyadav.github.io/research/preserving-location-privacy/</link><pubDate>Wed, 01 Jan 2020 00:00:00 +0000</pubDate><guid>https://rishipalyadav.github.io/research/preserving-location-privacy/</guid><description>&lt;p&gt;&lt;strong&gt;Institution:&lt;/strong&gt; Sardar Vallabhbhai National Institute of Technology (SVNIT), Surat&lt;br&gt;
&lt;strong&gt;Published:&lt;/strong&gt; Springer, 2020&lt;br&gt;
&lt;strong&gt;Full paper:&lt;/strong&gt; &lt;a href="https://link.springer.com/chapter/10.1007/978-981-15-4542-9_1" target="_blank" rel="noreferrer"&gt;Read on Springer →&lt;/a&gt;&lt;/p&gt;
&lt;hr&gt;

&lt;h2 class="relative group"&gt;Summary
 &lt;div id="summary" class="anchor"&gt;&lt;/div&gt;
 
 &lt;span
 class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"&gt;
 &lt;a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#summary" aria-label="Anchor"&gt;#&lt;/a&gt;
 &lt;/span&gt;
 
&lt;/h2&gt;
&lt;p&gt;This senior year project investigated techniques for preserving the location privacy of mobile users — a problem that has grown significantly with the proliferation of location-aware applications and services.&lt;/p&gt;
&lt;p&gt;The research reviewed and evaluated existing privacy-preserving mechanisms including k-anonymity, differential privacy approaches applied to location data, and obfuscation strategies, with a focus on their practical trade-offs between privacy guarantees and service utility.&lt;/p&gt;</description></item></channel></rss>