Who we are
Security Compass is an industry-leading information security firm that provides professional services and training to security-conscious companies. We bring extensive, internationally recognized, cross-industry experience to every client engagement. To our clients, we're not simply an information security company - we are trusted partners in the development of secure software.
The Security Compass Advantage
Our clients retain us for multiple engagements for many reasons:
- Unwavering dedication to professionalism and exceeding client expectations
- Combined expertise in software engineering and information security
- Software security thought leadership
- Clear, organized reporting with both strategic and tactical analysis
- Root cause analysis and detailed, collaborative remediation planning
- World-renowned training expertise, including development and teaching of SANS classes
The culture of Security Compass is derived from one founding principle: to provide our clients with best-in-industry expertise and customer service. Every member of our team is passionate about their work. We believe that engaged and motivated consultants lead to consistent customer satisfaction - and that consistent customer satisfaction leads to engaged and motivated consultants. We also understand that we have a responsibility to improve the state of software security, so we contribute regularly with initiatives such as the open-source Exploit-Me series of security testing tools.
The Security Compass management team is made up of experts with extensive information security and software engineering credentials. Every employee of Security Compass exudes a passion for the field of software security.
Founder and CEONishchal Bhalla, a noted expert and a published author, is an information security veteran with more than 15 years of experience as a developer and network security administrator. As the founder of Security Compass, SD Elements and more recently SecurityByte, Nish not only manages and gives direction to the company, but also is actively involved in researching various attack vectors.
Sahba Kazerooni manages Security Compass's internationally renowned consultants on cutting-edge consulting and training engagements across North America and around the world. His personal skillset ranges from hands-on assessments in application penetration testing, threat modeling, and source code review, to security advisory and technical training. Sahba has an advanced knowledge of the Software Development Life Cycle (SDLC) as well as the intricacies of the Java programming language. He is an internationally renowned speaker on software security topics, having delivered presentations at reputable security conferences around the world and having been recognized as an expert in application security by publications such as IT World Canada and the Information Security Media Group.
Director of Training
Oliver Ng leads all aspects of Security Compass' Training division including development of training products, courses and strategy. Oliver's unique experience has him involved with software development, regulatory compliance, ethical hacking, building ITSec teams and now eLearning. His consulting experience has led him through recognized Fortune 500 companies across the globe. He uses this understanding to address how each organization can get the best value from Security Compass' Training programs be it from an out of the box training solution or a custom tailored one.
Oliver is active in the development community. He has helped build open source tools for IBM AppScan, Security Compass' student learning tool ExploitMe Mobile, as well as other mobile apps. He's been asked to speak for conferences at SC Congress, ISACA, AppSecDC, SecurityByte and more.
Director of Consulting
Tak Chijiiwa brings to Security Compass over 12 years of IT security & privacy experience. He has been involved in a wide spectrum of information security strategy and advisory engagements for various Fortune 500 clients globally in the government, healthcare, financial, education, utilities and transportation sector.
Tak holds Honors Bachelor of Mathematics in Computer Science from the University of Waterloo. He also holds CISSP and CSSLP certifications. At Deloitte, he managed a team as well as performed the field work for security initiatives such as the incorporation of governance policies and standards, performing threat risk assessments, privacy compliance reviews, the implementation and review of infrastructure, architecture design, application development practices, auditing against both internal and external regulations, implementation of vulnerability management frameworks and assessment based work.