About
My goal is to leave the world a better, more secure and trustworthy place.
I've…
Articles by Omkhar
-
Strong authentication's ultimate side channel attack - Helpful people
Strong authentication's ultimate side channel attack - Helpful people
A couple of days ago, Brian Kerbs wrote about the inherent weaknesses in the handling of customer authentication…
12 Comments -
Security, and Defensive Lines.
Security, and Defensive Lines.
With the fall soon upon us, many are thinking about defensive lines. While for most in the USA, this is an epic…
6 Comments -
Security Architect? Oh ya... - part 4
Security Architect? Oh ya... - part 4
Well, looks like we got to the end. Here we are, the last part of my series on security architecture.
7 Comments -
Security Architect? Oh ya... - part 3
Security Architect? Oh ya... - part 3
In the first part of this multipart series, we started with our problem statement – why is security architecture so…
5 Comments -
Security Architect? Oh ya... - part 2
Security Architect? Oh ya... - part 2
In the first part of this series, I describe an interesting problem – why is security architecture such a hard…
9 Comments -
Security Architect? Oh ya.. - part 1
Security Architect? Oh ya.. - part 1
Over almost a decade, I’ve held the title of security architect - or some variant thereof, including but not limited…
17 Comments
Activity
-
Phoronix noticed this week that Intel archived its Open Ecosystem Community and Evangelism program. My old bio was apparently the last one standing…
Phoronix noticed this week that Intel archived its Open Ecosystem Community and Evangelism program. My old bio was apparently the last one standing…
Liked by Omkhar Arasaratnam
-
When your why comes to the office…Today was a great day! Usual suspects, different vibe. To all the single parents, single mothers- I see you…
When your why comes to the office…Today was a great day! Usual suspects, different vibe. To all the single parents, single mothers- I see you…
Liked by Omkhar Arasaratnam
Experience
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Licenses & Certifications
Publications
-
Privacy Requirements and Realities of Digital Public Goods
USENIX SOUPS 2024
-
Practical Guide to Cloud Migration – Google - Site Reliability Engineering
O'Reilly
For a collection of essays on Organizational Transformation, we asked colleagues across Google — solutions architects, security engineers, software engineers, SRE, and more — to share their guidance on what it means to "move to the Cloud”.
Other authors -
-
Auditing Cloud Computing: A Security and Privacy Guide
Wiley
Companies are increasingly looking to Cloud Computing to improve operational efficiency, reduce head counts, and help with the bottom line. But security and privacy concerns present a strong barrier to entry. In an age when the consequences and potential costs of mistakes could quickly become catastrophic for companies that handle confidential and private customer data, auditors and IT security professionals must develop better ways of evaluating the security and privacy practices of Cloud…
Companies are increasingly looking to Cloud Computing to improve operational efficiency, reduce head counts, and help with the bottom line. But security and privacy concerns present a strong barrier to entry. In an age when the consequences and potential costs of mistakes could quickly become catastrophic for companies that handle confidential and private customer data, auditors and IT security professionals must develop better ways of evaluating the security and privacy practices of Cloud services. Auditing Cloud Computing presents a collection of white papers written by renowned thought leaders in the field of auditing Cloud Computing to show you how to audit your company's hosted services.
Providing a holistic view to this elastic, on-demand service, Auditing Cloud Computing is your one-stop reference to Cloud Computing and the many questions that may arise during preparation of an audit program or throughout the course of an audit or assessment. Edited by renowned information security researcher and practitioner Ben Halpert, this volume gathers a team of prominent Cloud experts who have labored to provide insight into many aspects that you and your organization will encounter during your foray into the Cloud.Other authors -
-
The IBM eServer BladeCenter JS20
IBM Corporation, International Technical Support Organization
See publicationBlade servers are a relatively new technology. They have captured industry focus
because of their modular design, which can reduce cost with a more efficient use
of valuable floor space. They offer simplified management, which can help to
speed such tasks as installing, reprovisioning, updating, and troubleshooting
hundreds of blade servers. You can do all of this remotely using one graphical
console with IBM® Director systems management tools.
In addition, blade servers…Blade servers are a relatively new technology. They have captured industry focus
because of their modular design, which can reduce cost with a more efficient use
of valuable floor space. They offer simplified management, which can help to
speed such tasks as installing, reprovisioning, updating, and troubleshooting
hundreds of blade servers. You can do all of this remotely using one graphical
console with IBM® Director systems management tools.
In addition, blade servers provide improved performance by doubling current rack
density. By integrating resources and sharing key components, costs decrease
and availability increases.
The IBM Eserver® BladeCenter™ boasts innovative modular technology,
leadership density, and availability. It was designed to help solve a multitude of
real-world problems.
This IBM Redbook takes an in-depth look at the IBM Eserver BladeCenter
JS20. This is a two-way blade server for applications requiring 64-bit computing.
It is ideal for computer-intensive applications and transactional Internet servers.
This IBM Redbook helps you to install, tailor, and configure the IBM Eserver
BladeCenter JS20. -
Linux: Why It Should Replace Your Windows NT Domains
IBM Corporation, International Technical Support Organization
-
Migrate Exchange 5.5 to Domino on Linux
IBM Corporation, International Technical Support Organization
-
Open Your Windows with Samba on Linux
IBM Corporation, International Technical Support Organization
-
An Architectural View of Security for Cloud
The Open Group (White Paper W116)
-
Making Security Policies Fit-for-Purpose
A Practical Guide to Cloud Migration (O'Reilly/Google SRE)
Patents
-
OPTIMIZING ON DEMAND ALLOCATION OF VIRTUAL MACHINES USING A STATELESS PREALLOCATION POOL
Filed US9229711B2
See patentA method, computer system, and computer program product for allocating virtual machines in a stateless preallocation pool on a computing device is provided. In response to determining that a virtual machine is to be removed from an active pool in a computing device, it is determined whether the virtual machine is to be moved to a preallocation pool of the computing device. In response to determining that the virtual machine is to be moved to the preallocation pool, the virtual machine is…
A method, computer system, and computer program product for allocating virtual machines in a stateless preallocation pool on a computing device is provided. In response to determining that a virtual machine is to be removed from an active pool in a computing device, it is determined whether the virtual machine is to be moved to a preallocation pool of the computing device. In response to determining that the virtual machine is to be moved to the preallocation pool, the virtual machine is cleansed of stateful data by removing unique information about the virtual machine's prior allocation while in the active pool. The virtual machine is moved to the preallocation pool. In response to determining that the virtual machine is needed in the active pool, the virtual machine is moved from the preallocation pool to the active pool.
-
Programmatically selecting a service provider based on assured quality of service attributes
Filed US8868709B2
A method including querying a service provider for functional and nonfunctional qualifications of the service provider to provide a service having functional and nonfunctional requirements; responsive to input from the service provider, receiving by a requestor the functional qualifications and nonfunctional qualifications of the service provider including attesting by a third party, not the service provider or requestor, to at least the nonfunctional qualifications of the service provider;…
A method including querying a service provider for functional and nonfunctional qualifications of the service provider to provide a service having functional and nonfunctional requirements; responsive to input from the service provider, receiving by a requestor the functional qualifications and nonfunctional qualifications of the service provider including attesting by a third party, not the service provider or requestor, to at least the nonfunctional qualifications of the service provider; evaluating the functional qualifications and attested to nonfunctional qualifications of the service provider; and selecting a service provider having functional and attested to nonfunctional qualifications complying with the functional and nonfunctional requirements of the requestor. The method may be performed on one or more computing devices. Also disclosed is a computer program product.
Other inventors -
-
Externalized data validation engine
Filed US 13/052220
See patentA method and system of externalized data validation. Data input to applications is received. Metadata specifying types of the received data is received. Methods to cleanse the received data are determined based on the metadata. Based on the determined methods and received metadata, a validation engine external to the applications cleanses and validates the received data. The validated data is sent to the applications for use by the applications. Via a subscription service and without requiring…
A method and system of externalized data validation. Data input to applications is received. Metadata specifying types of the received data is received. Methods to cleanse the received data are determined based on the metadata. Based on the determined methods and received metadata, a validation engine external to the applications cleanses and validates the received data. The validated data is sent to the applications for use by the applications. Via a subscription service and without requiring updates to the applications, a service provider provides dynamic updates of the validation engine to mitigate newly identified events associated with input to the applications.
-
SECURING SENSITIVE DATA FOR CLOUD COMPUTING
Filed US 12/883248
See patentA system and associated method for securing sensitive data in a cloud computing environment. A customer system has proprietary data as a record stored in a database. The customer system associates a hashing directive with the record prior to sending the data out to a cloud for computing services. The hashing directive classifies each data field of the record into sensitive and transactional. The hashing directive controls a mode of hashing, either one-way hashing or two-way hashing for each…
A system and associated method for securing sensitive data in a cloud computing environment. A customer system has proprietary data as a record stored in a database. The customer system associates a hashing directive with the record prior to sending the data out to a cloud for computing services. The hashing directive classifies each data field of the record into sensitive and transactional. The hashing directive controls a mode of hashing, either one-way hashing or two-way hashing for each sensitive data field associated with the hashing directive. A cloud receives the record secured according to the hashing directive and process the record to generate a result value for a cloud process result field of the record. The customer system reconstitutes the record the record according to the mode of hashing indicated in the hashing directive.
-
TRUST ASSERTION USING HIERARCHICAL WEIGHTS
Filed US 12/782860
See patentAn illustrative embodiment provides a computer-implemented method for access control by trust assertion using hierarchical weights. The computer-implemented method comprises obtaining an access request for an asset, identifying a trust value associated with a set of paths associated with the access request to form an identified trust value. The identified trust value is compared with a required trust value and a determination as to whether the identified trust value is greater than or equal to…
An illustrative embodiment provides a computer-implemented method for access control by trust assertion using hierarchical weights. The computer-implemented method comprises obtaining an access request for an asset, identifying a trust value associated with a set of paths associated with the access request to form an identified trust value. The identified trust value is compared with a required trust value and a determination as to whether the identified trust value is greater than or equal to the required trust value is made. Responsive to a determination that the identified trust value is greater than or equal to the required trust value, access to the asset is permitted.
-
OPTIMIZING ON DEMAND ALLOCATION OF VIRTUAL MACHINES USING A STATELESS PREALLOCATION POOL
Filed US 12/782743
See patentA method, computer system, and computer program product for allocating virtual machines in a stateless preallocation pool on a computing device is provided. In response to determining that a virtual machine is to be removed from an active pool in a computing device, it is determined whether the virtual machine is to be moved to a preallocation pool of the computing device. In response to determining that the virtual machine is to be moved to the preallocation pool, the virtual machine is…
A method, computer system, and computer program product for allocating virtual machines in a stateless preallocation pool on a computing device is provided. In response to determining that a virtual machine is to be removed from an active pool in a computing device, it is determined whether the virtual machine is to be moved to a preallocation pool of the computing device. In response to determining that the virtual machine is to be moved to the preallocation pool, the virtual machine is cleansed of stateful data by removing unique information about the virtual machine's prior allocation while in the active pool. The virtual machine is moved to the preallocation pool. In response to determining that the virtual machine is needed in the active pool, the virtual machine is moved from the preallocation pool to the active pool.
-
TRUST ASSERTION USING HIERARCHICAL WEIGHTS
Filed CA 2675701
See patentAn illustrative embodiment provides a computer-implemented method for access
control by trust assertion using hierarchical weights. The computer-
implemented method comprises obtaining an access request for an asset, identifying a trust value
associated with a set of paths associated with the access request to form an identified
trust value.
The identified trust value is compared with a required trust value and a
determination as to whether the identified trust value is…An illustrative embodiment provides a computer-implemented method for access
control by trust assertion using hierarchical weights. The computer-
implemented method comprises obtaining an access request for an asset, identifying a trust value
associated with a set of paths associated with the access request to form an identified
trust value.
The identified trust value is compared with a required trust value and a
determination as to whether the identified trust value is greater than or equal to the required
trust value is made. Responsive to a determination that the identified trust value is greater
than or equal to the required trust value, access to the asset is permitted.
Projects
-
Workcell - https://github.com/omkhar/workcell
- Present
Code securely at the speed of yolo!
Workcell runs coding agents inside a bounded local runtime on Apple Silicon macOS: a dedicated Colima VM plus a hardened container inside that VM. It supports Codex, Claude Code, and Gemini through thin provider adapters that seed each provider's native control plane without pretending provider config is the security boundary.
This project is for teams that want local agent velocity without turning the host home directory, keychain, provider…Code securely at the speed of yolo!
Workcell runs coding agents inside a bounded local runtime on Apple Silicon macOS: a dedicated Colima VM plus a hardened container inside that VM. It supports Codex, Claude Code, and Gemini through thin provider adapters that seed each provider's native control plane without pretending provider config is the security boundary.
This project is for teams that want local agent velocity without turning the host home directory, keychain, provider state, or local sockets into the trust boundary.
Recommendations received
4 people have recommended Omkhar
Join now to viewMore activity by Omkhar
-
Me right now while doing some vuln research...
Me right now while doing some vuln research...
Shared by Omkhar Arasaratnam
-
the staggering pace of ai advancement will push every business to rapidly adapt- my colleagues and i at JPMorganChase put together 10 actions you…
the staggering pace of ai advancement will push every business to rapidly adapt- my colleagues and i at JPMorganChase put together 10 actions you…
Liked by Omkhar Arasaratnam
-
"Do you know the ledge?" Rakim - Long Island 0-day Researcher The last 10 days, everyone's had an opinion on Mythos and GPT 5.4-Cyber. Having spent…
"Do you know the ledge?" Rakim - Long Island 0-day Researcher The last 10 days, everyone's had an opinion on Mythos and GPT 5.4-Cyber. Having spent…
Posted by Omkhar Arasaratnam
Other similar profiles
Explore more posts
-
The Cyber Security Hub™
Download Pentera Labs Report - revealing three new critical injection points in the ingress-nginx controller, building on Wiz’s IngressNightmare CVE. These overlooked vulnerabilities could let attackers hijack traffic, spoof headers, or reach unauthorized backend services - They exist in one of the most widely used ingress controllers in Kubernetes, putting countless environments at risk. This research highlights how small misconfigurations can lead to major exposure in modern cloud-native architectures. What’s Inside: ✅ 3 new injection vulnerabilities in ingress-nginx ✅ How attackers find and exploit CVEs in open source ✅ Actionable tips to secure your Kubernetes environment https://lnkd.in/eHtX6EdP
1 Comment -
CYBER DEFENSE MAROC
Not all alerts are created equal. Master alert triage by focusing on context: asset criticality, attack vector, and threat intelligence. Prioritize what threatens your crown jewels first, then tackle the noise. Efficient triage = faster response, less burnout. Your SOC’s secret weapon? Smarter, not harder. 🔍 #Cybersecurity #AlertTriage
-
SNH TECHNOLOGIES
🚨 70% of small businesses close within 6 months of a major cyberattack. Don’t be a stat. A resilient business doesn’t just back up data. It defends, detects, and adapts. You need proactive monitoring and real-time threat intelligence so you don't just recover from a cyberattack—you resist it.
-
Certified Threat Modeling Professional (CTMP)
Most organizations treat incident response (IR) as a checklist. But attackers don’t follow checklists. That’s where threat modeling comes in—giving IR teams the ability to: 🔍 Spot attack paths before adversaries use them 📊 Simulate attacker behavior across the kill chain ⚡ Prioritize high-impact risks 🛡️ Build defenses that adapt as threats evolve 👉 Read more from OWASP’s Threat Modeling resources: https://lnkd.in/gFBEcsy9 📌 If you like our posts, follow Certified Threat Modeling Professional (CTMP). We regularly create & share tips/resources & content on DevSecOps, Container Security, Threat Modeling, Cloud Native, & more. #ThreatModeling #IncidentResponse #CyberSecurityStrategy #ProactiveDefense #TripwireInsights
1 Comment -
Silverfort
Disconnected IAM tools and siloed systems leave blind spots attackers exploit. To fix that, Gartner predicts that by 2028, 70% of CISOs will rely on Identity Visibility and Intelligence Platforms (IVIPs) to continuously monitor and shrink their IAM attack surface. Get the research to learn how IAM leaders can use visibility, observability, and remediation to break identity silos, boost resilience, and improve operational efficiency. Download now to discover: ⛓️💥 Why fragmentation equals risk—and how to eliminate it 🔍 How visibility and observability strengthen modern identity strategies 👀 What a unified view across connected and disconnected systems delivers in hybrid environments ⚠️ When to leverage ITDR to detect and respond to identity-based threats ✅ Who exists in the IVIP ecosystem for unified visibility and identity security Get your copy: https://lnkd.in/gPQZtSRu #IVIP #IAM #CISO #CybersecurityResilience
-
Rajdharma Technologies Pvt. Ltd
Executive Risk Visibility Across Multi-Cloud CISOs manage threats. Boards govern exposure. GovIntel provides a consolidated board-ready dashboard showing: • Total financial exposure • Risk distribution by cloud • Critical findings overview • Leadership accountability mapping Built for CEOs, CFOs, and CISOs who need governance clarity — not technical noise. #CloudRisk #BoardLevel #CyberGovernance
-
LogZilla Corporation
Your SOC analysts are drowning. Thousands of alerts. Most are noise. The real threats hide in the chaos. What if AI could: 🟠 Extract IOCs automatically 🟠Map to MITRE ATT&CK techniques 🟠Correlate across your entire environment 🟠Generate the exact remediation commands That's not future tech. That's LogZilla AI SecOps, running today. Read Full Blog: https://lnkd.in/g4KVDbiC #SecOps #ThreatDetection #AI #Cybersecurity #SOC
1 Comment
Explore top content on LinkedIn
Find curated posts and insights for relevant topics all in one place.
View top content