Who we are
Security Compass is an industry-leading information security firm that provides professional services and training to security-conscious companies. We bring extensive, internationally recognized, cross-industry experience to every client engagement. To our clients, we're not simply an information security company - we are trusted partners in the development of secure software.
The Security Compass Advantage
Our clients retain us for multiple engagements for many reasons:
- Unwavering dedication to professionalism and exceeding client expectations
- Combined expertise in software engineering and information security
- Software security thought leadership
- Clear, organized reporting with both strategic and tactical analysis
- Root cause analysis and detailed, collaborative remediation planning
- World-renowned training expertise, including development and teaching of SANS classes
The culture of Security Compass is derived from one founding principle: to provide our clients with best-in-industry expertise and customer service. Every member of our team is passionate about their work. We believe that engaged and motivated consultants lead to consistent customer satisfaction - and that consistent customer satisfaction leads to engaged and motivated consultants. We also understand that we have a responsibility to improve the state of software security, so we contribute regularly with initiatives such as the open-source Exploit-Me series of security testing tools.
The Security Compass management team is made up of experts with extensive information security and software engineering credentials. Every employee of Security Compass exudes a passion for the field of software security.
Founder and CEONishchal Bhalla, a noted expert and a published author, is an information security veteran with more than 15 years of experience as a developer and network security administrator. As the founder of Security Compass, SD Elements and more recently SecurityByte, Nish not only manages and gives direction to the company, but also is actively involved in researching various attack vectors.
Vice PresidentRohit Sethi is a specialist in building security controls into the software development life cycle (SDLC). He has helped improve software security at some of the world's most security-sensitive organizations in financial services, software, e-commerce, healthcare, telecom and other industries. Rohit has built and taught SANS courses on Secure J2EE development. He also created the OWASP Design Patterns Security Analysis project.
Sahba Kazerooni manages Security Compass's internationally renowned consultants on cutting-edge consulting and training engagements across North America and around the world. His personal skillset ranges from hands-on assessments in application penetration testing, threat modeling, and source code review, to security advisory and technical training. Sahba has an advanced knowledge of the Software Development Life Cycle (SDLC) as well as the intricacies of the Java programming language. He is an internationally renowned speaker on software security topics, having delivered presentations at reputable security conferences around the world and having been recognized as an expert in application security by publications such as IT World Canada and the Information Security Media Group.
Vice President of SalesChris Faciana has more than 15 years of experience in direct sales and sales management for small to mid-sized software security companies. He has been the top producing sales associate at the majority of companies he has worked for including, and most recently, Cenzic Inc. He was also the top producer and Director of Inside sales at Solsoft, Director of Sales at RiskWatch Inc. and the #1 sales associate at PGP Inc. Mr. Faciana holds an MBA from Arizona State University and is a volunteer recruiter for the US Secret Service Electronic Crimes Task Force in Phoenix, AZ.
Director of Training
Oliver Ng leads all aspects of Security Compass' Training division including development of training products, courses and strategy. Oliver's unique experience has him involved with software development, regulatory compliance, ethical hacking, building ITSec teams and now eLearning. His consulting experience has led him through recognized Fortune 500 companies across the globe. He uses this understanding to address how each organization can get the best value from Security Compass' Training programs be it from an out of the box training solution or a custom tailored one.
Oliver is active in the development community. He has helped build open source tools for IBM AppScan, Security Compass' student learning tool ExploitMe Mobile, as well as other mobile apps. He's been asked to speak for conferences at SC Congress, ISACA, AppSecDC, SecurityByte and more.
Director of Consulting
Tak Chijiiwa brings to Security Compass over 12 years of IT security & privacy experience. He has been involved in a wide spectrum of information security strategy and advisory engagements for various Fortune 500 clients globally in the government, healthcare, financial, education, utilities and transportation sector.
Tak holds Honors Bachelor of Mathematics in Computer Science from the University of Waterloo. He also holds CISSP and CSSLP certifications. At Deloitte, he managed a team as well as performed the field work for security initiatives such as the incorporation of governance policies and standards, performing threat risk assessments, privacy compliance reviews, the implementation and review of infrastructure, architecture design, application development practices, auditing against both internal and external regulations, implementation of vulnerability management frameworks and assessment based work.
Regional Director, India Operations
Vishal Asthana, CISSP is our Regional Director for India Operations. Prior to this, he was part of the central security team at Symantec which was responsible for building a culture of proactive application security across development teams' end-to-end development lifecycle (SDLC). This was accomplished by use of a combination of quantitative and qualitative activities. Quantitative activities included threat modeling, application penetration tests, false positive analysis and issue prioritization etc. Qualitative activities included generic/customized security training, business case preparation etc.
He is passionate about security aspects in Agile development environments and is the lead author for SAFECode’s paper Software Security Guidance for Agile Practitioners released in July 2012. Before this, he presented Symantec's work in the Agile Security area at Security Development Conference 2012 and SOURCE Barcelona 2010.
Vishal has 13+ years of technical and techno-management experience obtained in the US and India across diverse industries (Software/Hardware security product companies, reprographics, BPO). He holds a Master’s Degree in Electrical Engineering from the University of Southern California (USA) and a Bachelor’s Degree in Electronics and Telecommunication from the University of Chennai (India).