Volunteer Work in Cybersecurity Nonprofits | Interview with Aruneesh Salhotra
Welcome to Secure and Simple podcast. In this podcast, we demystify cybersecurity governance compliance with various standards and regulations and other topics that are of interest for consultants, CISOs, and other cybersecurity professionals. Hello. I'm Dejan Kosutic, the CEO and adviser and the host of Secure and Simple podcast. Today, we have a very, very interesting guest.
Dejan Kosutic:His name is Aruneesh Salhotra, and he's the volunteer in various cybersecurity NGOs or nonprofits like OWASP, Purple Book Community, Cyber Future Foundation, InfraGard. But he's also an investor in security companies and board member of security startups and cyber security advisor. So in today's podcast you'll learn what different types of cyber security non governmental organizations exist and how actually they can help you in your work. So welcome to the show Arunish.
Aruneesh Salhotra:Thank you, Dejan. Thank you for having me and I'm glad to at least share my perspective on the nonprofit.
Dejan Kosutic:Great to have you here. So what what actually inspired you to join so many cybersecurity nonprofits?
Aruneesh Salhotra:I think I'm not sure, like, what inspired me. I can pinpoint to any specific instance, but over the years, I would say, like, last fifteen, twenty years, I've been part of, nonprofits, which are not so much geared towards cybersecurity, but it's more community driven. Like, I volunteer time, teaching at a school or I I spend time, being in a hospital. Right? And I've been doing it for the last almost, like, fifteen, sixteen years.
Aruneesh Salhotra:And most of the credit goes to my wife who is in social work by profession itself. Right? So it naturally comes to me. And, I would say with everything that's happening in the cybersecurity world dating back to maybe, like, ten years, I think it's a very natural thing that you kind of look at that aspect. Right?
Aruneesh Salhotra:And one of the things that I would say, I I love learning, and I love sharing it. So right? So whatever I've learned, there is no point of just, holding it back to myself. Right? If you can actually create like a forum where all that education or the the knowledge that you have gained can be embodied to the whole community, it becomes an important aspect.
Aruneesh Salhotra:Right? And, like, being a researcher by heart, I always look at opportunities where I can learn more and promote or share more to the community.
Dejan Kosutic:This is really a great way to approach and I believe that lots of people really benefit from these kind of nonprofits. And how do actually these I mean, you're really a volunteer in in several of these nonprofits. And and what what are the key differences between these nonprofits, these non governmental organizations?
Aruneesh Salhotra:Like, between different nonprofit itself, the one key difference that I would say is the focus area. Like, OWASP, which is something that ideally is very dear to my heart itself, and I'm trying to actually bring it to the next level itself, whether it's in terms of, like, conferences, speaking to companies which are using the WASP technologies or project itself, whether it's always top 10, LLM top 10, AI exchange, you name it.
Aruneesh Salhotra:So I think the focus area is is different. Right? Like, PurpleBook community is a community of application security professionals across the world. Like, before I moved into security full time, I didn't find any forum where you can actually go in and like learn about, okay, what other companies, other organizations in different countries are doing. Right?
Aruneesh Salhotra:So it naturally came together at the right time, almost like four or five years ago where a public community has around like 300 members across the globe. So they talk about those things. OAuth fundamentally has been like, started off like OAuth top 10 based on web application. It went up like API, serverless. And with AI coming in, looking at the AI, there is a function within the data space. So fundamentally, think like the focus area for most of these foundation is slightly different. Eclipse and Apache foundation is another one where initially started with open source. Right? Like most of these applications that we know about today is based on like open source, libraries that we currently use. Apache was probably one of the the initial foundation that was started. Right? So their focus was more towards application development, making sure, like, we avoid the duplication itself. And, of course, they are actually to be more relevant in the current climate.
Aruneesh Salhotra:They also take on other responsibility, not just being focused on what they started with. Right? So adding more and more feathers in their cap itself.
Dejan Kosutic:And are there some nonprofits, I mean, cybersecurity nonprofits that are more, let's say, more oriented towards governance, cybersecurity governance, organizational aspects, not only technical ones?
Aruneesh Salhotra:I think OWASP would be one thing that I would, probably point out. Eclipse Foundation is another important one. If we can talk about the European cyber cyber resilience act itself, which is coming in 2027, They're like spirit heading that particular effort along with the policy makers in Europe itself. Mhmm. So these are, like, two foundation that I would say, like, are are more geared toward the governance aspect.
Aruneesh Salhotra:If you talk about OWASP, has a project around security assessment or maturity ascent for security program itself. Right? So those would be two foundation that I would say are like are definitely relevant. And there are more. Right?
Aruneesh Salhotra:And I'm not saying that I only like Wasp and Eclipse, etcetera. Right? But these are, the two foundation that I feel that I'm more aligned with. I mean, like, the Linux Foundation is is definitely out there, which is also doing, like, some phenomenal work with open SSF aspect also.
Aruneesh Salhotra:But I think Eclipse and OWASP is definitely something that I would encourage more and more people to actually partake and and get involved.
Dejan Kosutic:Great. And if I understood well, there are also foundations or NGOs that focus more on people aspect, on training. Can you say a little bit about that? How do these or what do these foundations focus on?
Aruneesh Salhotra:I think from an education perspective, I mean, you take any project or any foundation for that matter itself. Right? There is the education aspect because it's not just looking at creating the tools or creating, like, the material itself. Right? How do you impart the the information that's getting created to the community itself. Like, one of the project that I'm in involved called OWASP AI Exchange. There is the the project was really started to ensure we have, a blueprint for organizations to adopt AI safely and securely. So the project is basically focused on the mapping of, threats against the control itself. Right?
Aruneesh Salhotra:But the heavy element of this one is, the education aspect. Right? How do you take the material that has been created to the masses itself? And one, one key, not the objective, but more of achievement for OASVI exchange was the material that we have created and the the with over, like, 100 different authors was adopted by EU, AI act itself.
Aruneesh Salhotra:It's it's going through the process of, like, getting refined and, public comments, But that's, like, one of the the key achievement that we had is, like, we created all this, like and there are, like, other forums, other policymakers that that want to actually work on this one. So very glad and very happy to share that some of this one was also shared in those particular forums.
Dejan Kosutic:This is really a great achievement. And what would you say out of all of these NGOs, are, let's say, having the biggest impact? I mean, okay, influencing, let's say, UA Act is obviously a big thing. So would you say that all WASP is really having the biggest impact or are some other organizations that actually have such a big impact worldwide?
Aruneesh Salhotra:I think given the world that we are living in, AI is definitely a talk of the town every single day. There is a conference on AI that's happening. Right? So I would say, like, it's more situational and contextual.
Aruneesh Salhotra:Like, back in the days, some of the AppSec projects were more relevant. These days, with AI becoming, like, more and more, like, relevant on on a daily basis. Right? How do you protect your AI applications when you're enabling AI into your business operations? It's alright.
Aruneesh Salhotra:So what can you do on on that particular front? Right? So I think based on the current context, I think OWASP AI exchange is definitely one of the the important project that I would say. OWASP has another project for LLM top 10, like, what would, like, the the top 10 issues related to. LLM itself, now it's like rebranded as like Gen AI, OAuth Gen AI project.
Aruneesh Salhotra:And again, there is another, like, initiative within OAuth, which is focused on the CRA, the European CRA that we talked about a few minutes ago. And and given all that, it also translates into other foundation. Like ECLIPSE Foundation is we are heading speaking to the European Union itself, the policymakers to say, we would be fronting, collating all the information from the community aspect, which would actually feed into the CRA.
Dejan Kosutic:This is really very, very interesting how actually this this, I would say, interaction between NGOs and and, well, basically government and lawmakers is is happening. And what would you say actually is part of this success? So how did actually OS become so influential and so important for, well, for governments?
Aruneesh Salhotra:Actually, let me actually take take a step back on on this one. Right? There is a one point that I wanted to share was, yes, you have, like, all these, unions and policymakers. They want to actually implement something. Right?
Aruneesh Salhotra:But they don't have the army or the expertise, that they need to actually create all this guidance together. Right? So they actually depend on all these foundations because you cannot go to private entities because then it might be slightly more biased. So you need to have to come to foundation which is impartial itself, like giving and be the voice for every possible company or every possible, like, organization out there. Right?
Aruneesh Salhotra:Only then you can actually go to that particular level. So I think it's important from a foundation aspect to be neutral itself. And was for Eclipse have been like a very neutral organization itself. It's not like biased towards one particular company or one particular technology. It's kind of like a very flat line itself. And many people come and talk about what needs to be done. And that's, if you take how the OWASP first project l l m not l l m. OWASP top 10 came about, which is more, industry based, like a survey talking about what are the top 10 issue that plagued the web application itself. Right? And that particular thing has become, like, more of a template talking world. What are the top 10 for other technologies out there? Right?
Aruneesh Salhotra:And I think the the the success for OWASP or any other foundation has been about how instrumental they have been to actually bring the community together. I mean, like, if you look at the number of followers that OWASP has, it's close to 300,000 followers. Right? And out of the I would say, like, at least half of them would be, like, active members, etcetera.
Aruneesh Salhotra:Like, listening what's happening and really tuned in. Right? So I think it's important, to realize that a foundation is successful by the number of volunteers and the people who are, like, adopting those particular thing. Right? If you create, like, a nonprofit, which has maybe 10 people, you might not be that particularly successful.
Aruneesh Salhotra:But if you have, like, a nonprofit where a lot of people really want to actually contribute and they believe in the mission, I think it actually goes a very long way. And that brings the credibility at a government level and also at industry level.
Dejan Kosutic:This is great because I just wanted to mention, I mean, governments could also speak to, let's say, other bodies like ISO, the International Standardization Organization, or, I don't know, USNIST, are also government founded organizations that deal with standards. And yet they also speak to OWASP, But I guess this is exactly because of what you mentioned. It has a large, I would say, number of volunteers, and it has a large credibility because of it. Obviously, this is why governments probably consider OWASP as important as, let's say, ISO or NIST.
Aruneesh Salhotra:And in fact, like, we talked about the NIST and ISO itself. I mean, like, so part of the leadership, we actually have a regular touch point with ISO and NIST organizations also.
Aruneesh Salhotra:So it's not like we are only looking at, like, creating whatever we are doing in silos itself. Like, it's also important to actually look at, like, partnership and and collaboration with other entities, not just in a particular region, not just within US or UK or Europe, right, looking what's what needs to be done in Asia Pacific and Japan and other regions itself. Right? So I think it's important to have all these different collaborations and a sounding board in other entities also.
Dejan Kosutic:Right. Now, if let's say someone is a consultant or let's say security officer or a CISO and wants to join and volunteer in some of these organizations, what would you recommend? How to choose? I mean, one cannot really be active in, I don't know, dozens of them. So let's say if you want to pick one or two or three, how do you actually choose?
Aruneesh Salhotra:I think it depends what your focus or what your intent is. Like, if you really want to contribute a particular technology or a particular area, you can look at some of that because what is, what are, like, some of the projects that are out there, which is relevant for that specific field. Let's say you're doing something in application security. I would say definitely OS would be a very good foundation to start with because there are a lot of projects which are focusing on that specific area. Like, if you're looking something with the regulation and stuff, there would be projects which are there at Eclipse Foundation or even an OS.
Aruneesh Salhotra:Looking at the supply chain aspect, Linux Foundation is a perfect example where the OpenSSFS is, like, driving a lot of efforts in that specific area. So it just depends what your intents are, like where you're coming from. Are you a CISO? Are you more of a practitioner? Are you coming from a compliance or legal background?
Aruneesh Salhotra:So I think it just depends on the persona and also the relevancy of that particular project against what your intent is.
Dejan Kosutic:And then once you join such an organization, how much time do you actually have to invest? So let's say that you will join, I don't know, one or two of these organizations. So what is kind of an expected time time investment if you volunteer?
Aruneesh Salhotra:I would say based on my relation with all these different foundation, it depends on the kind of persona that you're coming in as. Like, I would say, like, there are, three personas. One persona is looking at the I'm gonna actually consume and read the material itself. The other one is around, like, I'm gonna actually help contribute towards a particular thing. And the third persona is more on the leadership level.
Aruneesh Salhotra:Like, of course, if you're at a leadership level, the amount of effort that you have to put in for growing the project result is gonna be significantly much more than, like, the persona number one and persona number two. But let's say most of the people that I I would say kind of fall in line with where they're contributing fall into the persona level two where they really are contributing towards a project. So it could be anywhere from, like, one hour per, per week to maybe, like, six hours per week. It just depends, of how much you want to actually take on, what specific function. And and, again, like most of these foundations are more voluntary led organization itself.
Aruneesh Salhotra:So there is no, like, a strict guidance. You need to actually devote, one hour per week. Right? Mhmm. Or three hours per week.
Aruneesh Salhotra:And and even in a couple of projects that I'm involved in, there are people who would actually go on a long leave, for example. Right? But there are, like, other people who can actually step in and take those responsibilities. So it's, like, kind of like a, very flexible. And, again, for a persona level three itself, which is leadership itself, I think that becomes like a tricky area.
Aruneesh Salhotra:But you don't always have to be at the the leadership level. Right? You can actually still be at the contributor level.
Dejan Kosutic:And this, let's say, contribution, is this usually asynchronous so you can do it actually in your own time? Or do you have to usually participate in some meetings? Or how does this usually work?
Aruneesh Salhotra:Most of the project that I would say that I'm involved in, some work is happening asynchronously. But every week or every two weeks, we would have, like, a meeting at a at a project level, at the project leadership level, talking on, okay, where the things are going, where, like, this other, like, work streams are within that specific project are coming together, what the road map is. So I think some part of work is happening asynchronously, but other work is happening where you actually collaborate and come together almost on a regular basis. The cadence is at least at a at a biweekly, if not monthly. So it just depends.
Dejan Kosutic:And I mean, lots of people are obviously asking themselves, okay, what do I get out of this? They usually think about not only in terms of, I don't know, some kind of altruistic approach, they also think what can they get? What kind of benefit can they get?
Dejan Kosutic:So, from your experience, what do you actually, as a volunteer there, how can this help you in your business?
Aruneesh Salhotra:Think being a business owner myself, I would say it has definitely got brought in like a lot of credibility to me as as a as a name or my business itself. But again, like, I if if I truly speak about, like, how other companies can take advantage of this one in in a positive sense, and, again, like, advantages can be construed in, like, more of a negative and a positive way. But I think, like, getting the recognition, like, being one of the thought leaders, let's say, in AI adoption or something in application security or supply chain, it just depends where you're coming from. Right? Like, thought leadership is is is very important.
Aruneesh Salhotra:I mean, like, I have, like, brought in, like, multiple people in OAuth Foundation over the past one year, for example. Right? And everybody's coming with a different intent. Somebody wants to contribute towards, with no strings attached. Some are looking to get, like, more branding, more awareness. And there is nothing wrong in any of those areas. Right? Because essentially, if you're like a business owner or or if you're like a consultant, you want to ensure like you understand the technology or the regulations more than anybody else out there. Right?
Aruneesh Salhotra:So I think being in the forefront, it's it's gonna be an important aspect. I see, like, a lot of people, including myself, write blogs on on this particular stuff. Right? What's happening? What's coming down the pipe?
Aruneesh Salhotra:Having early access to all the work that's happening, which might become like a standard. Eventually, it's it's gonna be important. So the dialogue, the the possibility of the dialogue that actually it brings to the table is is enormous. Mhmm.
Dejan Kosutic:Especially because all of these consultants that are trying to increase their market share, trying to find the next clients, I think this thought leadership is extremely important for them and actually that they are recognized as such. And do you find this kind of a volunteer work also good for networking? I mean, meeting people?
Aruneesh Salhotra:Oh, absolutely. Absolutely. Again, like, if I go back to my earlier example for PurpleBook community, before I started working in the application security space, I hadn't I probably knew, like, maybe two or three people in the industry that knew that, okay, they were working. But having access to 300 plus people, it it just changes the whole thing. You have different chapters in different geographic locations, whether it's in New York or Bay Area or Singapore or India. I think there are a lot of chapters. And even if you take about any foundation, for example, right, the more and more people come together in in the foundation or a specific project, you learn different perspective, different viewpoints. Again, like what's happening in The US or or or Europe, in terms of regulation might be very different what's happening in Taiwan and Japan and Singapore or Australia itself. So I think it changes the perspective and opens into appreciating what's happening in other places also.
Dejan Kosutic:Yeah. Great.
Aruneesh Salhotra:And sometimes relationships, like, was a long wish. Like, you might be ending up in the same conference. Maybe it's an international conference. You actually need people that you already know about. Right?
Dejan Kosutic:And it definitely probably opens up completely new business opportunities you never dreamt of. Right? So it's probably something that Exactly.
Dejan Kosutic:Great. And speaking of these continents, do you feel that these NGOs have a specific, let's say, geographic focus? So are there are some of these nonprofits more focused on, let's say, America, I mean, North America or South America or Europe? What is your impression there?
Aruneesh Salhotra:I think most of the foundations probably started in a specific region. Let's say, some organizations started in US, for example, or some organizations started in Europe or Belgium or somewhere in the world. Right? I think it comes to a point you realize, like, you cannot operate those foundations focused in a specific region itself. Right?
Aruneesh Salhotra:Again, there are gonna gonna be, like, nonprofit which are specific to a particular region. But if you are looking at, making sure your foundation itself is globally applicable and respected, you actually have to see, okay, I'm gonna actually create more footprint in other regions. Mhmm. Like, one of the things that's happening in OASVI exchange, for example, is initially, it was focused for looking at the regulations and threats primarily on on Europe and and US. But I think there are a lot of, like, authors who actually come in from other parts of the world, whether it's in Middle East or, all the way, to Australia itself.
Aruneesh Salhotra:Right? So I think many organizations have realized that it's it's gonna be, like, a more of a global footprint if they want to be actually more relevant in this global economy. Mhmm. Yeah. Organization and industries are, like, not just focused in one specific region, but it's, like, across the globe.
Dejan Kosutic:Okay. There there are, you know, some professionals who are skeptics about these, you know, professional organizations, and they basically say that this is a waste of time. So how do you actually comment on these people who don't see the benefit in actually volunteering in cybersecurity nonprofits? So what do you think of these skeptics and what is your, let's say, argument when they say that this is simply a waste of time?
Aruneesh Salhotra:I'm pretty sure there are skeptics for every single thing. Fortunately, I've not come across, such people till date itself where they don't believe, like, any foundation which is, like, really looking to make a change. But, again, like, thinking out loud where they might be coming in. Like, people might have concerns about duplication. Like, there might be, like, foundations x foundation a, b, c, which might be working on something similar.
Aruneesh Salhotra:So they might be, like, concerned about the duplication, or they might be concerned about that things move, like, not as fast in in in like, in companies and their enterprises, right, where decisions are being happening, like, on on a daily basis. Right? So one of the things that I can say like foundations itself are slow by I wouldn't say like slow, like as extremely slow, but I think like they're slow by design itself, right? Because they want to ensure, if you are making a decision, every part of that community is kind of aligned with that one. Like, you go for like a public comment, for example. You open it for comments. So I think that might be another reason why people might be skeptical about, like, all these foundation or the project itself. But from my perspective, till date, I have not come across people who actually think otherwise itself. Right?
Aruneesh Salhotra:That you're not they're not contributing to something meaningful in their career itself.
Dejan Kosutic:Good. Let's speak a little bit about your your involvement in in these OWASP projects. So if understood well, this is OWASP AI exchange and OWASP AI BOM.
Dejan Kosutic:Right? Can you tell a little bit about these projects and and what do you do and and what is the the goal of these projects?
Aruneesh Salhotra:Absolutely. So so OWASP AI Exchange is specifically focused on providing guidance for organization which are looking to actually bring in AI into their organization both safely and securely, etcetera, providing, like, a blueprint for them, where they truly understand, like, the threats, what threats exist in in in in in in their organization or in their application, and what kind of control they actually can institute, to ensure those, possible threats are not exploited. Right? So this is a project which started almost, like, nineteen months ago, like, early part of, like, 2024. And during the inception, I got involved.
Aruneesh Salhotra:And how I got involved is, again, like, a very interesting thing. Like like everybody else, I was a user for AI in 2023, but I really want to actually get into the weeds, understand, like, how everything is happening. So I started a research group. We are, like, 11 or 12 of us. We used to meet every two weeks.
Aruneesh Salhotra:Fast forward, like, 2024, beginning of the year, I saw, like, a post by the lead for OWASP Way Exchange, Rob, who had commented about starting, like, a project like this one. And I really wanted to actually get involved because, like, really want to actually learn. But if you actually have like army of people which are like kind of collaborating together, your pace at what you can actually learn is far greater than like what handful of people can do together. Right? So that was my involvement with OWASP AI Exchange.
Aruneesh Salhotra:Initially, I looked at, different aspects of of bringing more relevance to AI exchange into the community itself, looking at having more presence for OWASP Exchange in different conferences, different blogs, different articles that were published. And one of the things that I really have realized in in the last almost like six, seven years, that even if it's a nonprofit, people are working as a volunteer itself. Sometime you definitely need the money or the sponsorship aspect. Right? Where, let's say, your organization cannot sponsor you to present at a conference.
Aruneesh Salhotra:So you want the project itself to cover your T and E, right, your travel and expense, or maybe cover some part of that cost itself. Right? So so sometime early this year, I also started looking at the sponsorship aspect. And I made, like, a I would not say, like, a lofty goal, but I definitely made, like, a decent goal for the project itself to raise like x amount of dollars for the year. And happy to say that, by the end of the year, not that we will not be able to at least, like, meet that particular goal.
Aruneesh Salhotra:We might be at a 1.5 x for that particular thing, right, which helps everybody who's contributing day in, day out in terms of like, yes, recognizing them, doing the merchandise, going to different, conferences which are like more locally or maybe internationally itself. Right? And there are so many people who are part of this particular project who have taken advantage of this and have been duly recognized.
Aruneesh Salhotra:So that's for the OWASP AI exchange, OWASP AI sorry, OWASP AI BOM, which is artificial, intelligence, the bill of material, which is the the full translation on that one. That's a new project. And, in fact, like, particular project has been kicked off. And there are, like, few very big names, in terms of the vendors who are, like, looking to actually support that particular project itself. And it it actually looks at collaborating with other relevant project like OWASP CycloneDX, which is kind of like a format of how do you actually construct, like, a bill of material.
Aruneesh Salhotra:OWASP AI Exchange is looking at maturing that particular thing in terms of the operationalizing of the the BOM that has been created. It's one thing to actually ensure, like, you have created something, but when something, something hits the fan, for example, right, how do you actually what is your step one? What is your step number two? Right? Let's say there is a breach in an organization.
Aruneesh Salhotra:You should have, like, some sort of a guidance, which is kind of, very standardized. So that project is specifically focused on the operationalizing of operation operationalization of the bill of material in in your specific companies. Mhmm.
Dejan Kosutic:And if I may ask about this project, OWASP AI Exchange. So if understood well, this is about applying certain controls to mitigate the threats or, let's say, security risks related to AI, right? And how is this related to, let's say, ISO 42,001? Because it's also about managing, let's say, risks related to AI.
Dejan Kosutic:So how do we actually build or do we actually build on top of 42001? Or is this something more in parallel? Or how did you what is the concept there?
Aruneesh Salhotra:I really like this particular question. Right? Like, I had the almost a similar question when I joined the the project itself back in, 2024. So I think it's not looking to actually replace or being an alternate standard. It's actually putting all these material together so that other standards which are like more relevant can use this intelligence into developing their standards.
Aruneesh Salhotra:Like we feed into ISO, NIST and other regulations out there, right? So it is not meant for being like a regulation or a standard by itself, but it's more of like providing different aspects of, like, a we your threats, for example, or your controls or or your mitigation itself. Right? Which kind of feeds into all these different standard itself. Right?
Aruneesh Salhotra:So it is not a standard. It's more of, like, empowering other standards which are being developed.
Dejan Kosutic:Good. So let's let's wrap up the the call and just the last question maybe today.
Dejan Kosutic:So what do you suggest to, let's say, other security officers officers and consultants, cybersecurity consultants? So what would be kind of their top things to keep in mind if they want to start working as a volunteer for cybersecurity nonprofits?
Aruneesh Salhotra:Yeah. I think like a couple of points definitely come to mind. One point was exactly on your line, right? Is this project itself relevant for me? Look at some sort of like a synergy that you can actually bring to the project with your expertise itself, right?
Aruneesh Salhotra:Definitely look at, like, why is it important for you? You're contributing that particular time. Understand the ROI around this one, the amount of time that you're spending. You might be actually working for a client, but I think, like, spending your time to a nonprofit itself, first of all, gives you, like, like, some sort of a comfort and also, like, appreciation for the the nonprofit nature of things. And the second aspect, which we talked about earlier was, like, having a thought leadership recognition for that specific domain against your name. So which definitely increases the the footprint for your company itself. Let's say you're in the services company or in the vendor space.
Aruneesh Salhotra:It definitely goes a long way. Definitely, they'll realize try to realize the ROI on on on the time that you're spending with this one. And sometime you might be shaping, the standard itself. Right? Which many people don't really don't understand or, like, even realize.
Aruneesh Salhotra:Like, what you might be thinking, what if it actually becomes like a standard or part of a particular standard itself. Right? Mhmm. Like, your thought process should not be or or or or your thought leadership should not be just confined to yourself.
Aruneesh Salhotra:It can be shared with the community and and foundation itself. Right? So thinking on those lines is an important aspect as well.
Dejan Kosutic:And I guess, also what we mentioned, before the call is that you have to feel good about it. Right? You have to also somehow feel that you contribute also to, let's say, to other people and help them actually achieve their goals as well. Yes.
Dejan Kosutic:Great. So thank you very much for the call. I actually learned a lot about these non governmental organizations. So it was really a pleasure talking to you. And so, yeah, thanks again.
Aruneesh Salhotra:And thank you for having me. Thank you.
Dejan Kosutic:Great. And thank you everyone for listening or watching this podcast and see you again in two weeks time in our new episode of Secure and Simple podcast. Thanks for making it this far in today's episode of Secure and Simple podcast. Here's some useful info for consultants and other professionals who do cybersecurity governance and compliance for a living. On Advisor website, can check out various tools that can help your business.
Dejan Kosutic:For example Conformio software enables you to streamline and scale ISO 27,001 implementation and maintenance for your clients. The white label documentation toolkits for NIS2, DORA, ISO 27,001 and other ISO standards enable you to create all the required documents for your clients. Accredited Lead auditor and Lead implementer courses for various standards and frameworks enable you to show your expertise to potential clients. And a learning management system called Company Training Academy with numerous videos for NIS2, DORA, ISO 27,001 and other frameworks enable you to organize training and awareness programs for your clients workforce. Check out the links in the description below for more information.
Dejan Kosutic:If you like this podcast, please give it a thumbs up, it helps us with better ranking and I would appreciate if you share it with your colleagues. That's it for today, stay safe!
