I am Niranjan Patil, security consultant, hacker , maker. Undercover #OPSEC proponent. A rebellious & bootstrapping entrepreneur with 15 years of experience. Helping businesses stay secure despite their resistance. Working on OPSEC.IN.
A CISSP and ISO 27001:2013 Lead Auditor.If hacking is defined as breaking things, adding new features, but occasionally extending their life, then I have earned the title.
What I Do (tl;dr)
Audit, Design & Consult on Data Security, Privacy and IT Infrastructure. Virtual CISO
- Comprehensive Security Audit • Payment Card Audit • SOC Implementation • Web Application Security Audit
- Cyber Crime Investigation & Forensics • Wireless Audit • Vulnerability Assessment & Penetration Test • Security Training
- Information Risk Management • ISO 27001 Implementation and Readiness Audit • Business Continuity Planning
At times, I work with Raspberry Pi, Arduino, Wifi/RF, computers, networks, software and electronic gadgets (and sometimes people), making them do things not designed to do.
My Work (detail)
- Investigated several cases including a high-profile multi-crore rupee cyber-theft in an international hospitality firm in Bangalore
- Investigation of website defacements, IP thefts, email compromise and other computer based security incidents
Web Security Audits
- Regular audit of a Cloud based HRMS and payroll solution with over 1500 clients
- Web audits of corporate portals, websites and ERP products of several firms
- Implemented ISMS based on ISO 27001:2013 for several medium and large clients
- Implemented full fledged ISMS based on ISO 27001:2005 in Sonata Software
- Maintained ISMS for several BFSI based clients in TCS for over two years
- Conducted Vulnerability Assessment on internal and external IT infrastructure in IT and non-IT firms
- Conducted extensive Penetration Test for several firms on exterprise web portals and Internet infrastructure
IT Security Audit and Implementation
- Conducted IT Audits on internal and external IT infrastructure of several IT and non-IT firms across India
- Designed and implemented security solutions like IPS, Perimeter Security, VPN, SIEM for IT services companies
- Close to 500 hours of ISO 27001 based internal security audit on firms with IT, banking, engineering, finance and pharma domains
- Due diligence and review of applications and contracts for compliance of data privacy regulations for banking and financial firms
- PCI DSS audit and review of e-commerce system of a large airliner
- Executed social engineering campaigns for several firms to demonstrate weakness in people and to bypass technical security controls
- More than 750 hours of training on Security awareness, administration and policies
What kind of hacking do you do?
At work we don't really call it hacking. We test computer systems, networks, software and hardware for the security that they are built with or claim to have. We sometimes use same techniques as black hat hackers (criminals) except that we would have obtained prior permission from the system owner.
So can you hack into anything?
No. There are millions of software and hardware that we haven't laid our hands on. There are people far better than us and we learn from them to break things every day.
And yes, probably the NSA can 'hack into anything'.
Can you help me hack my girl friend/someone's email account, computer or WiFi password?
Sorry. I don't do illegal stuff. Better yet, have you tried asking them?
Can you help me fix my computer for free? Hey, I am your best friend!
Sorry. I stopped doing it for free. Have you tried fixing it yourself, lazy bone?
How much do you charge to audit my website or firm?
Sorry. There is no one-price-fits-all type of work. It helps to know the scope and depth of the application or infrastructure. Do drop me a mail.
You mentioned NSA and hack, so we are here. We want....
Hey, thanks for stopping by. Can you please help me with password from your PRISM archives for a file 'MyFavPornColln.zip' of my 2005 archives? Hint: I used Windows XP and Huawei modem.