About
Advisory Board Member - Rutgers Cybersecurity Council - Rutgers University…
Articles by Sohail
-
Human-Centric Security vs. Generative AI
Human-Centric Security vs. Generative AI
A big part of the security thought process is to evaluate everything with a bit of skepticism. This sixth sense of…
-
Economic Wheel of Misfortune
Economic Wheel of Misfortune
History is always the best indicator of outcomes and possible consequences. We have heard very often that history…
5 Comments -
Social-Distancing To Social-Rehabilitation
Social-Distancing To Social-Rehabilitation
The whole world is currently focused on the Covid-19 vaccine. I started to think about life beyond this phase and came…
4 Comments -
Sr. SOC Analyst
Sr. SOC Analyst
Sr. SOC Analyst Responsibilities Technical analysis of network activity, monitors and evaluates network flow Analyze…
2 Comments -
Information Security Incident Management
Information Security Incident Management
I have started to notice that a lot of policy and process related documentation is composed for legal, compliance and…
1 Comment -
Data Centric Security Model
Data Centric Security Model
Information security at one time was really mostly about perimeter security. A whole lot of focus was on ingress points.
-
Social Media & Information Security Challenges
Social Media & Information Security Challenges
Most organization are still working to mature their Social Media practices. It’s luxury or unknown territory for some…
Activity
7K followers
-
Sohail Iqbal reposted thisSohail Iqbal reposted thisSecurity leaders are drowning in metrics but still lack clarity about risk. In this TechRadar Pro op-ed, Veracode CISO Sohail Iqbal breaks down the problem: it’s not visibility but what’s being measured. Traditional metrics like vulnerability counts and scan frequency don’t answer the question that matters most: Are we actually reducing risk? That disconnect leads to misplaced priorities, growing vulnerability backlogs, and confidence that isn’t grounded in outcomes. The solution is a shift to risk-based measurement. This is where exploitability, business impact, and remediation progress drive decisions. Until then, more data won’t translate into better security. #AppSec #CyberRisk #CISOWhy traditional metrics are giving CISOs a false sense of securityWhy traditional metrics are giving CISOs a false sense of security
-
Sohail Iqbal reposted thisSohail Iqbal reposted thisSecurity leaders are drowning in metrics but still lack clarity about risk. In this TechRadar Pro op-ed, Veracode CISO Sohail Iqbal breaks down the problem: it’s not visibility but what’s being measured. Traditional metrics like vulnerability counts and scan frequency don’t answer the question that matters most: Are we actually reducing risk? That disconnect leads to misplaced priorities, growing vulnerability backlogs, and confidence that isn’t grounded in outcomes. The solution is a shift to risk-based measurement. This is where exploitability, business impact, and remediation progress drive decisions. Until then, more data won’t translate into better security. #AppSec #CyberRisk #CISOWhy traditional metrics are giving CISOs a false sense of securityWhy traditional metrics are giving CISOs a false sense of security
-
Sohail Iqbal reposted thisSohail Iqbal reposted thisSecurity leaders are drowning in metrics but still lack clarity about risk. In this TechRadar Pro op-ed, Veracode CISO Sohail Iqbal breaks down the problem: it’s not visibility but what’s being measured. Traditional metrics like vulnerability counts and scan frequency don’t answer the question that matters most: Are we actually reducing risk? That disconnect leads to misplaced priorities, growing vulnerability backlogs, and confidence that isn’t grounded in outcomes. The solution is a shift to risk-based measurement. This is where exploitability, business impact, and remediation progress drive decisions. Until then, more data won’t translate into better security. #AppSec #CyberRisk #CISOWhy traditional metrics are giving CISOs a false sense of securityWhy traditional metrics are giving CISOs a false sense of security
-
Sohail Iqbal reposted thisSohail Iqbal reposted thisIn this recent piece from TechRadar Pro, Veracode's Sohail Iqbal outlines a growing disconnect between what security teams measure and the risk they’re actually managing. Activity-based KPIs like scan volume and vulnerability counts create the appearance of progress, while critical exposure quietly accumulates beneath the surface. The reality is that modern environments move too fast for point-in-time metrics to keep up. Risk lives in the gaps between scans, in unresolved backlog, and in vulnerabilities that remain exploitable for months. Security leaders need a different lens. Metrics should reflect real risk reduction, remediation effectiveness, and how quickly teams can eliminate exposure. Worth a read for anyone rethinking how they measure security performance. 👉 https://lnkd.in/eWAZ-jsD
-
Sohail Iqbal reposted thisSohail Iqbal reposted thisSecurity program metrics may be green, but that's deceiving. In this TechRadar Pro op-ed, Veracode CISO Sohail Iqbal explains how traditional AppSec metrics, such as vulnerability counts or scan volume, can create a false sense of progress. They measure activity, not outcomes. This is the gap CISOs now face: more findings, more dashboards, more reporting—without a clear view of whether risk is actually going down. Security metrics need to reflect real-world risk, not just technical output. That means: • Prioritizing exploitable vulnerabilities • Measuring remediation impact, not just detection • Aligning security outcomes to business risk Without that shift, organizations risk optimizing for the wrong signal. #Cybersecurity #AppSec #CISOWhy traditional metrics are giving CISOs a false sense of securityWhy traditional metrics are giving CISOs a false sense of security
-
Sohail Iqbal reposted thisSohail Iqbal reposted thisSecurity program metrics may be green, but that's deceiving. In this TechRadar Pro op-ed, Veracode CISO Sohail Iqbal explains how traditional AppSec metrics, such as vulnerability counts or scan volume, can create a false sense of progress. They measure activity, not outcomes. This is the gap CISOs now face: more findings, more dashboards, more reporting—without a clear view of whether risk is actually going down. Security metrics need to reflect real-world risk, not just technical output. That means: • Prioritizing exploitable vulnerabilities • Measuring remediation impact, not just detection • Aligning security outcomes to business risk Without that shift, organizations risk optimizing for the wrong signal. #Cybersecurity #AppSec #CISOWhy traditional metrics are giving CISOs a false sense of securityWhy traditional metrics are giving CISOs a false sense of security
-
Sohail Iqbal shared thisMore security metrics don’t always mean more security. If you’re measuring activity instead of risk, you may be getting the wrong signal. Read his thoughts in this TechRadar Pro article. #Cybersecurity #AppSec #VeracodeWhy traditional metrics are giving CISOs a false sense of securityWhy traditional metrics are giving CISOs a false sense of security
-
Sohail Iqbal shared thisThe Veracode 2026 State of Software Security (SoSS) report is almost here. In her latest blog, Katy Gwilliam shares key highlights from last year's report and gives a sneak peek at what's to come. Don’t miss the big reveal on Feb 24! #SoSS2026From Data to Action: Key Insights About Advancing Security Practices | VeracodeFrom Data to Action: Key Insights About Advancing Security Practices | Veracode
-
Sohail Iqbal shared thisThe 2026 State of Software Security report is live!! This year's SoSS report analyzed the scan data of 1.6 million apps to bring you the definitive look at the software security landscape. The findings are urgent: Security debt is rising, high-risk flaws are surging, and the supply chain remains a critical challenge. Download the report to see the data and the path forward:
-
Sohail Iqbal liked thisPleased to share that I’ve joined CenExel as Chief of Staff, reporting to the CEO. I’m inspired by CenExel’s patient-first mindset and commitment to excellence in clinical research. Excited to be part of such a remarkable organization and team!Sohail Iqbal liked thisWe’re excited to welcome Erin Monteverdi to CenExel as Chief of Staff! Erin is a senior executive with a distinguished record leading digital transformation, operational excellence, and value creation across Fortune 500 and private equity-backed healthcare organizations. In her role, Erin will lead strategy planning and execution, establish and oversee our centralized Project Management Office, and help drive key initiatives across our sites. She will also partner closely with our Executive Leadership Team and support M&A integration as CenExel continues to grow. We’re excited to have Erin on board as we continue to expand our impact in clinical research! #CenExel #ClinicalResearch #ExecutiveLeadership #HealthcareLeadership #ClinicalTrials #Biopharma #CRO #Growth #Innovation #DrugDevelopment
-
Sohail Iqbal liked thisSohail Iqbal liked thisWe’re proud to welcome Jibran Ilyas as a Technical Reviewer for our book, "Cybersecurity Transformation – How to Build a World-Class Program for SMBs." Jibran is a globally recognized #cybersecurity #leader and incident response #expert with over 15 years of experience, including more than a decade specializing in #IncidentResponse, #DigitalForensics, and #ThreatIntelligence. He currently serves as #Director at #Google (#Mandiant), where he leads high-impact cybersecurity initiatives and helps organizations respond to and recover from some of the world’s most sophisticated #cyberthreats. Throughout his career, Jibran has led #investigations into some of the largest and most complex #databreaches across the #financial, #technology, and #defense sectors—working closely with partners to track and bring major #threatactor groups to justice. His early research on memory-dumping #malware was among the first of its kind and was later recognized by Visa in a #DataSecurityAlert, highlighting his influence on the evolution of modern cybersecurity practices. A respected #thoughtleader, Jibran has presented at leading global #conferences including #DEFCON, #BlackHat, and the #Microsoft #DigitalCrimes Conference, sharing insights on #cybercrime, #adversarytactics, and incident response strategies. He has also developed and delivered digital forensics #training programs for the #cyberconferences globally. In addition to his industry leadership, Jibran serves as an #AdjunctProfessor at #NorthwesternUniversity, where he developed and teaches a #DigitalForensics and #IncidentResponse course—demonstrating his commitment to advancing cybersecurity #education and shaping the next generation of #practitioners. Recognized as one of Crain's Chicago Business #40Under40, Jibran combines deep technical expertise with real-world investigative experience and #strategic leadership. His ability to translate complex cyber incidents into #actionableintelligence brings exceptional depth and practical insight to our technical review process. Thank you, Jibran Ilyas—we’re excited to learn from your expert insights as we work toward democratizing cybersecurity excellence for SMBs globally! 🔗 Learn more: www.securitytransform.com 🚀 Join the global launch team and receive exclusive benefits, including a free digital copy of the book: https://lnkd.in/gDJHqqtV 👥 Meet our team of highly experienced and credible Technical Reviewers: https://lnkd.in/gYhVbzmH #Cybersecurity #IncidentResponse #DigitalForensics #ThreatIntelligence #CyberResilience #SecurityLeadership #CybersecurityTransformation #SMBCybersecurity #SecurityTransform #CT4 #TechnicalReviewers #googlemandiant #google #mandiant #IR #DFIR
-
Sohail Iqbal liked thisSohail Iqbal liked thisThere's significant chatter in the Defense Industrial Base community this weekend about a major managed service provider going dark. I won't name names — the information is still unconfirmed — but several credible voices in this space have validated what's circulating. If true, this affects dozens of GovCon clients, many of whom are handling sensitive data, active contracts, and compliance obligations. THIS IS A TRUE SUPPLY CHAIN PAUSE Moment. Here's what I'm seeing in real time: companies are rushing in with the "We're here for you" message. And yes — that's commendable in spirit. But before you post that offer, look in the mirror first. Do you actually have the capacity to absorb this client base with quality? Or are you going to burn them twice? And for organizations suddenly looking for a new MSP/MSSP — do not let urgency override judgment. This is exactly the moment underqualified vendors get in the door. Here is what you should be requiring from ANY vendor you engage with — non-negotiable: SECURITY & COMPLIANCE - Cyber Liability Insurance — minimum $5M per occurrence / $5M aggregate - Technology Professional E&O — minimum $5M per occurrence - Professional Liability Insurance — verified and current - General Liability — minimum $1M/$2M - Workers' Compensation — statutory limits + $1M employer liability - A.M. Best rating of A:VII or better - SOC 2 Type II attestation — completed, not in progress - FedRAMP authorization or equivalent federal-grade hosting certification IDENTITY & REGISTRATION - Active SAM.gov registration with verified UEI (formerly DUNS) - Valid CAGE Code — confirm it matches the entity performing the work, not a shell or affiliate PERSONNEL, CLEARANCE & STAFFING - Top Secret Facility Clearance (FCL) — verified through DCSA, not self-reported - Guaranteed U.S. citizens only — CONUS-based, no exceptions - Background checks and clearance documentation available on demand - Named key personnel with verifiable credentials — not bench vapor CONTRACTUAL - Full Terms and Conditions reviewed and signed before any access is granted - Client named as additional insured with waiver of subrogation on all applicable policies - Clear data handling, incident notification, and exit provisions If a vendor cannot produce every one of these items — do not engage. Period. Ask for Audited financial statements and customer references. The DIB does not need more opportunists. It needs qualified stewards of critical infrastructure. Do your due diligence. The urgency is real. The shortcuts are not worth it. #DefenseIndustrialBase #GovCon #Cybersecurity #CMMC #MDR #MSP #DueDiligence #FedRAMP #DCSA #DIB
-
Sohail Iqbal liked thisSohail Iqbal liked thisAs I see the 2 year mark of being in Dubai, and being at Majid Al Futtaim, it's time to glance up at the rear view mirror to see where I've come from. It's been my toughest challenge to date. Navigating a new workplace, a new job and team, and a new country and the customs of the UAE. Life is always full of challenges but a regional conflict and a black swan event at a Cloud DC provider is definitely not something I would have envisaged in my time in the UAE! It's amazing to be able to say I've aligned multiple processes, multiple technologies and put the right people in the right places. The business can see security events and incidents being investigated quicker than ever, security vulnerabilities identified and mitigated quicker than ever and confidence from the business that we are more cyber resilient than ever before. The job is never done, but our ability to "tread water" is where it should be. We consume less money, energy and chaos to keep the business secure. We provide the services the multiple business units expect from us in Global Solutions. The message is clear - we are improving, delivering and scaling at a great pace. Now back to the road ahead, it's amazing to have Michael Hughes join us as Application Security Manager! And fingers crossed for a potentially epic candidate for the Security Architecture Lead, it seems like the future looks bright - the team is growing and the challenges are coming thick and fast. We will be throwing more Threat Intelligence and more AI into a more proactive approach to Cyber Security in 2026. I'll post a few things in detail later this year but until then, I pray 2026 is treating you well and that halfway through you're on course for success too!
-
Sohail Iqbal liked thisSohail Iqbal liked this“It took [developers] roughly 150 minutes to find vulnerabilities with no plugin, and then that went down to 15 minutes with [our legacy tool that was not used much]. Then once we started to use Fix, it went from 150 minutes down to 12 minutes.” – AppSec Leader, Insurance Modern development teams are embracing AI to move faster, but speed can’t come at the cost of security. That’s where Veracode Fix comes in. Discover how developers are securing AI-generated code and accelerating remediation with confidence. Click to learn more: https://lnkd.in/e7b9Vuh9 #CustomerSuccess #AppSec #AIadoption
-
Sohail Iqbal liked thisThank you Matt Kunkel for your trust and partnership as I take on the CEO role at LogicGate. I’m grateful for your leadership and partnership over the past year. I’m excited that you are staying involved with LogicGate as we tackle the immense opportunities we have in front of us. We are at a pivotal inflection point, operating with real momentum during what is arguably the most transformative era in security and risk. GRC was made for the AI revolution, and LogicGate is poised to lead in this moment. Excited to continue to partner with you in this new capacity as we get after it - let’s go! #Leadership #GRC #AgenticEra #Innovation #LogicGateSohail Iqbal liked thisExciting Time at LogicGate. I am pleased to share that Diego Panama, LogicGate’s President and COO, has been named our next CEO, effective July 1, 2026. This is truly a 1+1=4 moment for LogicGate. I brought Diego into the company a year ago, knowing he was the right leader at this critical juncture. Since Diego joined, we've increased engineering efforts, reimagined our product roadmap for the Agentic era, and improved our Support and Services offerings. It’s been amazing to see Diego take the reins and drive incredible results. I am not going anywhere and remain as committed as ever to LogicGate, our mission, and our customers. I will step into an Executive Chairman role, working hand-in-hand with Diego to drive LogicGate’s capital strategy, strategic partnerships, and identify new opportunities and investments to advance our future growth. Additionally, I will continue to help shape the company’s strategic roadmap and serve as a trusted advisor to our strategic customers. And my two co-founders, Jon Siegler and Dan Campbell, remain deeply committed to LogicGate as well. Jon will step into an expanded role as Chief Product & Technology Officer, and Dan will continue as LogicGate’s Chief Architect. GRC was made for the AI revolution, and LogicGate is poised to lead in this moment. We have the best customers, a groundbreaking AI strategy, and we have Diego in place as CEO for this next, exciting phase of growth. We’re just getting started! Let's Go! https://lnkd.in/gHkdiAjy #Leadership #GRC #AgenticEra #Innovation #LogicGateLogicGate Appoints Diego Panama as Chief Executive OfficerLogicGate Appoints Diego Panama as Chief Executive Officer
-
Sohail Iqbal liked thisLast week, I had the pleasure of taking part in our Sales Kickoff. In just two days, I walked away with so many valuable lessons from hearing directly about our vision and direction to learning from incredible leadership across the organization. Huge shoutout to Brian Roche, Anthony Barkley, Ajay Nigam, and Sohail Iqbal for the insight, transparency, and inspiration. The time for cybersecurity is now, and I’m excited to be part of a team that’s not only building impactful solutions, but doing it with purpose and momentum.Sohail Iqbal liked thisHundreds of Veracoders, two continents, one vision: A world where software is developed secure from the start. This week, we brought together teams from across the Americas, EMEA, and LATAM for our FY27 Sales Kickoff. It was a high-energy day of alignment, connection, and celebrations as we get ready for an exciting year ahead. From inspiring sessions with our leaders Brian Roche, Karen Buffo, Ajay Nigam, to a standout conversation with our CISO Sohail Iqbal, the message was clear: we’re building on strong performance and gearing up for what’s next. Shoutout to all our award winners for demonstrating outstanding commitment to customers and going the extra mile to help us all succeed: Justin Posnik, MBA, David Fisher, Chris Dulin, Danielle Neill, Andrea M., Roy Shoemake, Boy Baukema, Ricardo Alvares Pereira Junior, Timothy Jarrett, Joe Ariganello, Chandler Wishart, April Sauer, Diego Devadas, Sergio C., Dr. Gerardo Quinones. Momentum is building. Let’s go! 🚀
-
Sohail Iqbal liked thisSohail Iqbal liked thisEvery year, I look forward to attending the New England Women’s Leadership Awards hosted by Boys & Girls Clubs of Dorchester. It is always an inspiring evening — not only because it celebrates extraordinary women and leadership, but because it reinforces something that matters deeply: when we elevate women leaders, we create stronger organizations, stronger communities, and stronger futures. Supporting an event that champions leadership, opportunity, and positive role models for the next generation is something I’m proud to be part of each year. A truly worthwhile cause, and a reminder of the impact that thoughtful leadership can have far beyond the room. Looking forward to next year already. #Leadership #WomenInLeadership #NEWLA #Boston #CommunityImpact #FutureLeaders #Veracode
Experience
-
-
-
-
-
-
-
-
-
-
-
Volunteer Experience
-
Sponsor education programs
Various schools in underprivileged areas
- Present 14 years 9 months
Education
I along with college friends started a non-profit ILM O Adab foundation to help schools in underprivileged areas to meet their educational needs and uplift educational standard
Other similar profiles
Explore more posts
-
Syed Izzat Maab Jaffar
🚨 90% of Companies Think Their Network is Secure… They’re Wrong. Let that sink in. Most “secure environments” are just: ✔ Default firewall configurations ✔ Outdated policies ✔ Zero real-time monitoring And the classic line… 👉 “We’ve never been hacked.” That’s not security. That’s luck… with an expiry date. Let’s be real 👇 If your organization has NEVER done: ❌ Penetration Testing ❌ Proper Network Segmentation ❌ Zero Trust Implementation Then you’re not secure. You’re just next in line. 💣 Hard Truth: Companies invest in hardware… But ignore strategy. And when things go wrong? IT becomes the scapegoat. 🔥 Unpopular Opinion: “Buying expensive firewalls doesn’t make you secure — knowing how to configure them does.” 💬 Let’s talk honestly: Do companies in your region truly invest in network security… or just do enough to feel secure? #CyberSecurity #ComputerNetworking #NetworkSecurity #InfoSec #ITInfrastructure #TechDebate #LinkedInTech #DigitalSecurity #ITProfessionals
-
Peter Luban
For too long, cybersecurity has leaned on compliance checklists, periodic pen tests, and static risk models that don't reflect how adversaries actually operate. We measure the presence of controls — not whether they work. That gap is what Jonathan Baker and I set out to address in our new book. It explores how Continuous Threat Exposure Management (CTEM) and MITRE INFORM work together to shift security from assumption to evidence — from "do we have controls?" to "do our defenses actually hold up against real-world adversary behavior?" The core idea: cyber readiness isn't a point-in-time achievement. It's an operational discipline. And it's measurable. If you're a security leader tired of answering "are we secure?" with narrative instead of data, this one's for you. #CTEM #AttackIQ #ExposureManagement #VulnIsDead https://lnkd.in/ewBZAepV
-
SNH TECHNOLOGIES
🚨 70% of small businesses close within 6 months of a major cyberattack. Don’t be a stat. A resilient business doesn’t just back up data. It defends, detects, and adapts. You need proactive monitoring and real-time threat intelligence so you don't just recover from a cyberattack—you resist it.
-
Chris Camacho
CISA’s New SIEM + SOAR Guidance Hits Home for Security Teams CISA just dropped new implementation guidance for SIEM and SOAR—and it’s refreshingly actionable. A few takeaways that resonated: • You don’t need all the logs—you need the right ones. • Response speed improves when context lives closer to the data. • SIEM and SOAR are only as good as the signals feeding them. This is exactly the kind of challenge we’ve been working to solve at Abstract Security. Our approach helps teams: • Prioritize what data gets ingested, enriched, or dropped—before it eats up budget or adds noise • Stream detections in real time, closer to where threats are observed • Deliver cleaner, more actionable inputs into SOAR workflows The goal isn’t more alerts—it’s faster decisions with better context. Worth a read if you’re evolving your SIEM, rationalizing data pipelines, or rethinking what “response-ready” should look like. CISA Guidance: https://lnkd.in/eZEDkJRm Our data strategy e-book: https://lnkd.in/eCvuiVcD #SIEM #SOAR #SecurityOps #Cybersecurity #ThreatDetection #SecurityDataStrategy
1 Comment -
Moch.IT | ServiceNow Partner
Your SOC isn’t underperforming. It’s under-equipped. Tip 1 → Integrate CMDB into SecOps ✔️ Every incident ticket should have asset + owner linked. Tip 2 → Use Threat Intel Feeds ✔️ Feed IOCs directly into correlation rules. Tip 3 → Automate Containment for Known Threats ✔️ Block IPs, isolate hosts instantly with playbooks. Tip 4 → Build Role-Based Dashboards ✔️ SOC leads see trends, analysts see action queues. Tip 5 → Keep a Library of Playbooks ✔️ Reuse proven workflows to cut response times. Containment speed isn’t about working harder. It’s about removing the manual steps slowing you down. Follow for more: https://lnkd.in/eM6bbun9 #ServiceNow #SecOps #SecurityIncidentResponse #Automation #ThreatIntelligence #ServiceNowConsulting
-
Bitsight
Your SOC is drowning in alerts. Your GRC team is buried in compliance checklists. But attackers? They’re exploiting the gap between the two. It’s time to align strategy with visibility. These 5 questions can help your GRC and SOC teams move beyond box-checking and prove real cyber resilience. 👉 Read the blog to start bridging the gap: https://ow.ly/JUta50XSi08 #CyberResilience #GRC #SOC #CyberSecurityLeadership #BitsightInsights
Explore top content on LinkedIn
Find curated posts and insights for relevant topics all in one place.
View top content