K. K. Mookhey

CISSP, CISA, CISM

Kanwal K. Mookhey (CISA, CISSP, CISM) is the Principal Consultant and Founder at Network Intelligence as well as the Founder of The Institute of Information Security . He is an internationally well-regarded expert in the field of IT governance, information risk management, forensic fraud investigations, compliance, and business continuity. He has more than a decade of experience in this field, having worked with prestigious clients such as Indian Navy, United Nations, Abu Dhabi & Dubai Stock Exchanges, State Bank of India, Atos Origin, Saudi Telecom, World Customs Organization, Capgemini, Royal & Sun Alliance, and many others.

His skills and know-how encompass risk management, compliance, business continuity, application security, computer forensics, and penetration testing. He is well-versed with international standards such as COBIT, ISO 27001, PCI DSS, BS 25999, and ITIL / ISO 20000.

He is the author of two books (Linux Security And Controls by ISACA, and Metasploit Framework, by Syngress Publishing), and of numerous articles on information security. He has also presented at conferences such as OWASP, Blackhat, Interop, IT Underground and others.

Profile

  • Certified Information Systems Security Professional (CISSP), ISC2
  • Certified Information Systems Auditor (CISA), ISACA
  • Certified Information Security Manager (CISM), ISACA
  • Certified in Risk and Information Systems Control(CRISC), ISACA
  • BS 7799 Lead Implementor from BSI
  • PCI DSS QSA
  • Security Architecture & Solutions Design
  • IT Governance, Risk Management & Compliance
  • Telecom and BFSI Security
  • SAP & ERP Auditing
  • Penetration Testing
  • Digital Forensics & Fraud Investigations
  • Cyber Laws
  • Compliance – ISO 27001, PCI DSS, SAS 70 / SOX, HIPAA
  • Business Continuity and Disaster Recovery
  • Cryptography
  • TCP/IP Security
  • Telecom Security
  • Application Security & Secure Coding
  • Well-versed with security of numerous
    • Operating Systems
    • Databases
    • Firewalls
    • IDS/IPS
    • Security Event Management solutions
    • Data Leakage Prevention solutions
    • Identity Management solutions
    • Network Access Control solutions
    • Unified Threat Management solutions
    • Anti-virus and Anti-spam solutions
  • Digital forensics tools and techniques
  • Commercial and open-source security assessment tools
  • Strong communication and inter-personal skills
  • Strong project management skills and know-how
  • Public speaking and presentation skills

Well-recognized as a trainer, and have won numerous accolades for hundreds of workshops conducted for prestigious clients such as:

Books List

Security Articles & Research

Articles List

Conferences

  • "Digital Forensics and Fraud Risk Management" at Intellectus Malaysia - Dec 2011
  • "View from the Trenches – how Hackers 0wn your network" at Virtual InteropDecember 2011
  • "Application Security – Enterprise Strategies" at SecurityByte Sept 2011
  • "Privileged ID Management" at ISACA Mumbai Chapter Annual Conference Nov 2011
  • "The Data Theft Epidemic in India"– ClubHACK Dec 2010
  • "Data Leakage Prevention" at Interop IndiaSep 2010
  • "Technology in Supply Chain Management Fraud Management"– Mumbai 2010
  • "Enterprise Encryption" at Asia Data Security Forum May 2010Malaysia
  • "Penetration Testing vs. Source Code Review" at OWASP Asia 2009 – New Delhi
  • "Risk-based Penetration Testing" at OWASP Asia 2008 – Taiwan
  • Interop India 2009 – Wireless Security and Chair of Session on Network Access Control
  • "Cyber security for Netizens" at Bangalore Cyber Security Summit, 2009
  • "Digital Forensics in Fraud Investigation" at Seminar on Fraud and Forensic Accounting, Mumbai 2009
  • "Business Web Application Testing", OWASP Asia 2008, Taiwan
  • "Web Application Security", Networld+Interop, Las Vegas 2005
  • "VPN Security Assessment", IT Underground 2005, Prague, Czech Republic
  • "Computer Forensics", Seminar on "Fraud Management", by Marcus Evans 2004, 2008, 2009

Press and Interviews

Ethical Hacking Training

This course goes deep down into depths of networking, systems, web applications, actual exploitation & helps beginners to take their confident first step towards information security field.

  • 6 Weeks Comprehensive Training
  • Built by Experienced Professionals
  • Regularly update on tools, techniques in course content