Home Company Security Assessment Training News & Events SC Labs Contact

Learn about our security assessment services

Learn about our
industry-leading application security training

Access our articles and white papers on application security topics

Management

The Security Compass management team is made up of experts with extensive information security and software engineering credentials. Every employee of Security Compass exudes a passion for the field of software security.

Nish Bhalla Founder
	Nishchal Bhalla, a noted expert and a published author, is an information security veteran with more than 15 years of experience as a developer and network security administrator. As the founder of Security Compass, SD Elements and more recently SecurityByte, Nish not only manages and gives direction to the company, but also is actively involved in researching various attack vectors. Experience Nish is a frequent speaker on emerging security issues. He has spoken at reputable Security Conferences such as BlackHat Europe, Reverse Engineering Conference, HackInTheBox, Shmoocon, CSI, and ISC2's Infosec Conference. He has also created and taught the Exploiting & Defending classes for Security Compass. Prior to joining Security Compass, Nish was a Principal Consultant at Foundstone, where he performed numerous security reviews (Web Application / Code / Policy) for major software companies, as well as online banking, trading, and e-commerce sites. He also helped develop and teach the Secure Coding, the Ultimate Hacking, the Ultimate Web Hacking, and the Ultimate Hacking Expert classes. Prior to working at Foundstone, Nish provided engineering and security consulting services as an independent consultant to a variety of organizations including Sun Microsystems, Lucent Technologies, TD Waterhouse, and The Axa Group. Accomplishments Nish is a noted expert in application security and has delivered talks and training sessions at conferences such as RSA, CSI and BlackHat. Nish has been interviewed by and quoted in many publications including CSO Online and Government News. He has written articles and been published in security portals such as Security Focus and hackin9. Nish has also co-authored and contributed to many books including Hacking Exposed Web Applications (2nd Edition), Buffer Overflow Attacks: Detect, Exploit & Prevent, Windows XP Professional Security, HackNotes: Network Security and Writing Security Tools and Exploits. Nish has also been involved in open source projects such as YASSP and OWASP, and is the chair of the Toronto Chapter of OWASP. Certification and Education Nish holds a Masters in Parallel Processing from Sheffield University, is a post-graduate in Finance from Strathclyde University and a has a Bachelor of Commerce from Bangalore University.
Rohit Sethi, CISSP, CSSLP Vice President, Product Development
	Rohit Sethi joined Security Compass as its second full-time employee. With a combined background in information security and software engineering, Rohit is recognized internationally as an expert in the emerging field of application security. In his role at Security Compass, Rohit is responsible for managing Security Compass' internationally renowned consultants on cutting-edge consulting and training engagements across North America and around the world. He is leading development and instruction of the SANS Institute's Secure Coding in Java class. Experience Rohit has provided security consulting and training services to primarily Fortune 1000 clients in financial services, healthcare, utilities, telecommunications, media, and software. He has led and delivered engagements for a variety of service offerings, including application security architecture, design, and code reviews; threat analysis; penetration testing; application security program enhancement; vendor security assessments; identity management strategy; customer data privacy assessment; security governance strategy; threat risk assessments; SOX, BS7799 and PCI audit and remediation; and segregation of duties analysis and remediation. Rohit has also developed and taught courses on a wide variety of topics, including web application security exploitation, secure coding in J2EE, application security awareness, application security for managers, and general information security awareness. Prior to joining Security Compass, Rohit was a security consultant at Deloitte and a developer/business analyst at Automatic Data Processing (ADP). Accomplishments Rohit is a noted expert in application security and has delivered or will be delivering talks or training sessions at the RSA Conference in San Francisco; CSI National in Washington DC; CSI SX in Las Vegas; SANS Conferences in Toronto, Orlando, and Washington DC; Shmoocon in Washington DC; SecTor in Toronto; Infosecurity Toronto and New York; ISC2's Secure Leadership Series in Toronto and Calgary; and TASK and Federation of Security Professionals in Toronto. Rohit has written articles on aspect-oriented programming and security, application classification, and centralized logging for the prestigious Web Application Security Consortium and leading industry-recognized security portal Security Focus. He has been interviewed and quoted by Computer World and IT World Canada. Certification and Education Rohit holds an Honours Bachelor of Science in Computer Science with Software Engineering Specialization from the University of Western Ontario in Canada. He is a Certified Information Systems Security Professional (CISSP), Certified Secure Software Lifecycle Professional (CSSLP), and a Sun Certified Java Programmer.
Sahba Kazerooni Director of Professional Services
	Sahba Kazerooni is a security consultant with a strong background in J2EE software architecture and development. Since joining as Security Compass' third full-time employee, Sahba has established himself as a critical part of the organization's daily operations. He leads the Software Assessment Services practice which delivers Security Compass' one-of-a-kind in-depth security services. He also leverages his field experience to deliver security training to individuals from all parts of an organization. Experience Sahba is an expert in software security. His skillset ranges from hands-on assessments in application penetration testing, threat modeling, and source code review, to security advisory and technical training. He has an advanced knowledge of the Software Development Life Cycle (SDLC) as well as the intricacies of the Java programming language. Among other training tailored towards all phases of the SDLC, Sahba delivers a developer-focused Java secure coding class through the SANS Institute. Throughout his career Sahba has worked for and built relationships with many Fortune 500 organizations in various sectors such as finance, healthcare, retail, airline and transportation. Prior to joining Security Compass, Sahba was involved in the end-to-end implementation of a web-based workforce management solution. Accomplishments Sahba is an internationally renowned speaker on security topics, and has delivered presentations at reputable security conferences around the world such as BlackHat Security Conference in Amsterdam, IDC WebSec, Source Boston, and RSA Conference. Sahba has also been recognized as an expert in application security by publications such as IT World Canada and the Information Security Media Group. Certification and Education Sahba has a B.Sc. in Computer Science with Software Engineering specialization from the University of Western Ontario.
Oliver Ng Director of Training
	Oliver Ng is the Director of Training at Security Compass. In this role, he is responsible for assisting clients in their educational IT Security needs and driving Security Compass’ training programs to meet the constantly evolving security landscape. Experience Oliver has a well-rounded background with a focus on penetration testing, threat risk assessment, code review and software development. His experience includes providing Application Security consulting for some of the most visible and sensitive public sector applications in Canada. Starting out at RIM as a software developer, penetration testing at Deloitte and independently consulting, Oliver has since led numerous engagements assisting Fortune 500 companies and public sector clients across Canada, US and Europe and brings well-rounded insight throughout his varied experience. Accomplishments Oliver was responsible for project managing and architecting the one of the highest trafficked web applications for RIM. He has helped numerous clients improve the security posture of their financial applications during his consulting career and is responsible for helping public sector clients establish and implement a security strategy for Penetration Testing of their vast infrastructure. Oliver has spoken/taught at AppSecUSA 2010, SC Congress Toronto 2010 and ISACA Chapter Meetings. Certification and Education Oliver is a CISM, CISSP and CISA and carries a B.Computing from Queen’s University.