Home Company Security Assessment Training News & Events SC Labs Contact

Learn about our security assessment services

Learn about our
industry-leading application security training

Access our articles and white papers on application security topics

Management

The Security Compass management team is made up of experts with extensive information security and software engineering credentials. Every employee of Security Compass exudes a passion for the field of software security.

Nish Bhalla Founder
	Nishchal Bhalla, a noted expert and a published author, is an information security veteran with more than 10 years of experience as a developer and network security administrator. As the founder of Security Compass, Nish not only manages and gives direction to the company, but also is actively involved in researching various attack vectors. Experience Nish is a frequent speaker on emerging security issues. He has spoke at reputed Security Conferences such as BlackHat Europe, Reverse Engineering Conference, HackInTheBox, Shmoocon, CSI, and ISC2's Infosec Conference. He has also created and taught the Exploiting & Defending classes for Security Compass. Prior to joining Security Compass, Nish was a Principal Consultant at Foundstone, where he performed numerous security reviews (Web Application / Code / Policy) for major software companies, as well as online banking, trading, and e-commerce sites. He also helped develop and teach the Secure Coding, the Ultimate Hacking, the Ultimate Web Hacking, and the Ultimate Hacking Expert classes. Prior to working at Foundstone, Nish provided engineering and security consulting services as an independent consultant to a variety of organizations including Sun Microsystems, Lucent Technologies, TD Waterhouse, and The Axa Group. Accomplishments Nish is a noted expert in application security and has delivered talks and training sessions. He is scheduled to speak at RSA, CSI and other conferences during 2008. Nish has been interviewed by and quoted in many publications including CSO Online and Government News. He has written articles and been published in security portals such as Security Focus and hackin9. Nish has also co-authored and contributed to many books including Hacking Exposed Web Applications (2nd Edition), Buffer Overflow Attacks: Detect, Exploit & Prevent, Windows XP Professional Security, HackNotes: Network Security and Writing Security Tools and Exploits. Nish has also been involved in open source projects such as YASSP and OWASP, and is the chair of the Toronto Chapter of OWASP. Certification and Education Nish holds a Masters in Parallel Processing from Sheffield University, is a post-graduate in Finance from Strathclyde University and a has a Bachelor of Commerce from Bangalore University.
Don Pollicino, CISSP Director of Business Development - Northeast Region
	Don Pollicino has over 20 years experience in information systems technologies including systems development, systems integration, network security, and consulting management. As Director for Business Development, Don is responsible for all aspects of the sales process for the Northeast Region. Prior to joining Security Compass, Don held a similar position with Clear Skies Security, LLC, an Atlanta-based startup consultancy specializing in application security. Experience Don was Regional Service Delivery Manager for International Business Machines (IBM) Professional Security Services where he led a team of security specialists in delivery of client projects for the Eastern and Federal Districts. Don was Director of Professional Security Services for Internet Security Systems (ISS) when IBM acquired ISS. Prior to ISS, Don was Director of Technology Services for a major national consultancy with practice areas in networking, systems integration, and knowledge management. In that role he led teams in the design and development of information technology and knowledge management systems, network security infrastructure design, and management consulting for many of the nation's largest companies. Accomplishments Don's professional experience includes project management for a software provider specializing in fixed-income derivatives trading. He led the implementation of large-scale document imaging systems for a major vendor in that space. Don spent several years in pre-sales engineering and sales positions for one of the US's largest hardware and software providers.
Rohit Sethi, CISSP, CSSLP Director of Professional Services
	Rohit Sethi joined Security Compass as its second full-time employee. With a combined background in information security and software engineering, Rohit is recognized internationally as an expert in the emerging field of application security. In his role at Security Compass, Rohit is responsible for managing Security Compass' internationally renowned consultants on cutting-edge consulting and training engagements across North America and around the world. He is leading development and instruction of the SANS Institute's Secure Coding in Java class. Experience Rohit has provided security consulting and training services to primarily Fortune 1000 clients in financial services, healthcare, utilities, telecommunications, media, and software. He has led and delivered engagements for a variety of service offerings, including application security architecture, design, and code reviews; threat analysis; penetration testing; application security program enhancement; vendor security assessments; identity management strategy; customer data privacy assessment; security governance strategy; threat risk assessments; SOX, BS7799 and PCI audit and remediation; and segregation of duties analysis and remediation. Rohit has also developed and taught courses on a wide variety of topics, including web application security exploitation, secure coding in J2EE, application security awareness, application security for managers, and general information security awareness. Prior to joining Security Compass, Rohit was a security consultant at Deloitte and a developer/business analyst at Automatic Data Processing (ADP). Accomplishments Rohit is a noted expert in application security and has delivered or will be delivering talks or training sessions at the RSA Conference in San Francisco; CSI National in Washington DC; CSI SX in Las Vegas; SANS Conferences in Toronto, Orlando, and Washington DC; Shmoocon in Washington DC; SecTor in Toronto; Infosecurity Toronto and New York; ISC2's Secure Leadership Series in Toronto and Calgary; and TASK and Federation of Security Professionals in Toronto. Rohit has written articles on aspect-oriented programming and security, application classification, and centralized logging for the prestigious Web Application Security Consortium and leading industry-recognized security portal Security Focus. He has been interviewed and quoted by Computer World and IT World Canada. Certification and Education Rohit holds an Honours Bachelor of Science in Computer Science with Software Engineering Specialization from the University of Western Ontario in Canada. He is a Certified Information Systems Security Professional (CISSP), Certified Secure Software Lifecycle Professional (CSSLP), and a Sun Certified Java Programmer.
Sahba Kazerooni Practice Lead, Software Assessment Services
	Sahba Kazerooni is a security consultant with a strong background in J2EE software architecture and development. Since joining as Security Compass' third full-time employee, Sahba has established himself as a critical part of the organization's daily operations. He leads the Software Assessment Services practice which delivers Security Compass' one-of-a-kind in-depth security services. He also leverages his field experience to deliver security training to individuals from all parts of an organization. Experience Sahba is an expert in software security. His skillset ranges from hands-on assessments in application penetration testing, threat modeling, and source code review, to security advisory and technical training. He has an advanced knowledge of the Software Development Life Cycle (SDLC) as well as the intricacies of the Java programming language. Among other training tailored towards all phases of the SDLC, Sahba delivers a developer-focused Java secure coding class through the SANS Institute. Throughout his career Sahba has worked for and built relationships with many Fortune 500 organizations in various sectors such as finance, healthcare, retail, airline and transportation. Prior to joining Security Compass, Sahba was involved in the end-to-end implementation of a web-based workforce management solution. Accomplishments Sahba is an internationally renowned speaker on security topics, and has delivered presentations at reputable security conferences around the world such as BlackHat Security Conference in Amsterdam, IDC WebSec, Source Boston, and RSA Conference. Sahba has also been recognized as an expert in application security by publications such as IT World Canada and the Information Security Media Group. Certification and Education Sahba has a B.Sc. in Computer Science with Software Engineering specialization from the University of Western Ontario.