K.K. Mookhey - Ethical Hacking course, Certified Professional Hacker, Certified Information Security Consultant, CEH, CHFI, Vulnerability Assessment, Source Code Review, Application Security Training, Database Security, Computer Forensics Training, Network Security, Operating System Security, Ethical Hacking Workshop, Mumbai, India, Mumbai, Delhi, Bangalore, Chennai, Hyderabad, Bahrain, Kuwait, Dubai, Riyadh, Singapore, Malaysia, Hong Kong, Europe, USA, North America

Company
- About Us
- Strengths
- Forums
- Contact Us
Training
Careers
Clients
- Testimonials
Partner with us

Testimonials

KK and his team did a brilliant job in guiding us towards the 27001 certification. Their approach was very methodical and systematic right from the stage of gathering requirements in the initial stages to the documentation work and then trainings and audit readiness stages. In fact what I liked the most about their approach was that he focussed on transferring his knowledge to us which has enabled us to sustain the improvements even without his involvement. They never restricted themselves to the scope of the contract. They were willing to that extra mile to make sure that it added business value to us."

- Prabhanjan Pandurang,
Director, Quality and Continuous Improvement
Integreon

KK is a smart security professional and a great presenter as well.

- Anton Chuvakin,
Director of PCI Compliance Solutions
Qualys

Kanwal is one of the most dynamic, innovative and hardworking individuals I have met in the Information Security space. His past work and achievements speak for himself.

- Kartik Shinde
Manager
KPMG

Working with KK is a real pleasure. He has excellent management and analytical skills. He knows his job very well and is really good at managing customer expectations in a complex project environment.

- Hasan Qutbi,
Partner
Solution Intelligence FZ LLC

K. K. Mookhey

K. K. Mookhey - Principal Consultant

Kanwal K. Mookhey (CISA, CISSP, CISM) is the Principal Consultant and Founder at Network Intelligence as well as the Founder of The Institute of Information Security . He is an internationally well-regarded expert in the field of IT governance, information risk management, forensic fraud investigations, compliance, and business continuity. He has more than a decade of experience in this field, having worked with prestigious clients such as the The Indian Navy, United Nations, Abu Dhabi & Dubai Stock Exchanges, State Bank of India, Atos Origin, Saudi Telecom, World Customs Organization, Capgemini, Royal & Sun Alliance, and many others.

His skills and know-how encompass risk management, compliance, business continuity, application security, computer forensics, and penetration testing. He is well-versed with international standards such as COBIT, ISO 27001, PCI DSS, BS 25999, and ITIL / ISO 20000.

He is the author of two books (Linux Security And Controls by ISACA, and Metasploit Framework, by Syngress Publishing), and of numerous articles on information security. He has also presented at conferences such as OWASP, Blackhat, Interop, IT Underground and others.

Profile

Certifications

Certified Information Systems Security Professional (CISSP)
Certified Information Systems Auditor (CISA)
Certified Information Security Manager (CISM)
BS 7799 Lead Implementor from BSI

Areas of Expertise

IT Governance, Risk Management & Compliance
SAP & ERP Auditing
Penetration Testing
Forensics & Fraud Investigations
Digital Forensics & Cyber Laws
Compliance – ISO 27001, PCI DSS, SAS 70 / SOX, HIPAA
Security Architecture
Business Continuity and Disaster Recovery
Telecom and BFSI Security

Technical Skills

Cryptography
TCP/IP Security
Telecom Security
Application Security & Secure Coding
Well-versed with security of numerous

Operating Systems
Databases
Firewalls
IDS/IPS
Security Event Management solutions
Data Leakage Prevention solutions
Identity Management solutions
Network Access Control solutions
Unified Threat Management solutions
Anti-virus and Anti-spam solutions

Digital forensics tools and techniques
Commercial and open-source security assessment tools

Other skills

Strong communication and inter-personal skills
Strong project management skills and know-how
Public speaking and presentation skills

Training skills

Well-recognized as a trainer, and have won numerous accolades for hundreds of workshops conducted for prestigious clients such as:

Reserve Bank of India
The Indian Navy
Institute of Chartered Accountants of India
ISACA Mumbai Chapter

Security Articles & Research

Articles List

Demystifying Web Application Firewalls
http://searchsecurity.techtarget.in/tip/0,289483,sid204_gci1517111,00.html
TechTarget, SearchSecurity

Auditing IT Project Management
http://www.theiia.org/itaudit/features/in-depth-features-5-1-08/auditing-it-project-management/
IT Audit, by the Institute of Internal Auditors, May 2008

Key Strategies for Implementing ISO 27001
http://www.theiia.org/ITAuditArchive/?aid=2047&iid=440
IT Audit, by the Institute of Internal Auditors, February 2006

Evaluating Application Security Controls
http://www.theiia.org/ITAuditArchive/?aid=2682&iid=541
IT Audit, by the Institute of Internal Auditors, June 2007

Penetration Testing of IPSec VPNs
http://www.securityfocus.com/1821

Common Criteria an overview
Information Systems Control Journal by ISACA, Volume 1, 20

The Metasploit Framework (3-part article)
http://www.securityfocus.com/1789

Common Security Vulnerabilities in e-commerce systems
http://www.securityfocus.com/infocus/1775

Detection of SQL Injection and Cross-site Scripting Attacks
http://www.securityfocus.com/infocus/1768

Auditing Oracle Security
http://www.theiia.org/itaudit/index.cfm?fuseaction=forum&fid=5509

Open Source Tools for Security and Control Assessment
Information Systems Control Journal by ISACA, Volume 1, 2004

Apache Security Controls and Auditing
Information Systems Control Journal by ISACA, Volume 5, 2003

Books List

Linux Security, Audit and Control Features, published by ISACA
Metasploit Framework – Syngress Publishing
The Ultimate Startup Guide

Conferences

"Enterprise Encryption" at Asia Data Security Forum May 2010 – Malaysia
"Penetration Testing vs. Source Code Review" at OWASP Asia 2009 – New Delhi
"Risk-based Penetration Testing" at OWASP Asia 2008 – Taiwan
Interop India 2009 – Wireless Security and Chair of Session on Network Access Control
"Cyber security for Netizens" at Bangalore Cyber Security Summit, 2009
"Digital Forensics in Fraud Investigation" at Seminar on Fraud and Forensic Accounting, Mumbai 2009
"Business Web Application Testing", OWASP Asia 2008, Taiwan
"Web Application Security", Networld+Interop, Las Vegas 2005
"VPN Security Assessment", IT Underground 2005, Prague, Czech Republic
"Computer Forensics", Seminar on "Fraud Management", by Marcus Evans 2004, 2008, 2009

Press and Interviews

"The intrusion prevention system selection guide for India", SearchSecurity, TechTarget
http://searchsecurity.techtarget.in/generic/0,295582,sid204_gci1368974,00.html

Over 1900 websites defaced in first three months of 2010, InformationWeek, April 12
http://www.informationweek.in/Security/10-04-12/Over_1900_Indian_websites_defaced_in_first_three_months_of_2010.aspx

TCS.com site access changed by modification of DNS entries
http://searchsecurity.techtarget.in/news/article/0,289142,sid204_gci1381061,00.html#

"Neo has a new business model", Economic Times, Front Page, 11th September 2004
http://infotech.indiatimes.com/articleshow/msid-847169,flstry-1.cms

Linux Security, Audit and Control Guidance Featured In New Book from Information Systems Audit and Control Association
"Tips for ferreting out vulnerable code", Loop, August 2004
"Security Assessment Methodology – Cover Story", Network Magazine, December 2001

"Linux Based Firewall Case Study", March 2004