Ali Khan Interview prep for PWC

Show video

Assalamu alaikum. and uh uh on the road. and a dedicated teams. it's important

the noble companions. They're they are the best, right? They are the best of the generations, right? Uh it's so a WCR in in organizations PWC See you there. the most important to continue.

LinkedIn profile. the coco. What's up? what's that? Oh, thank you see Be careful. Okay. So, uh Linkedin. So, it's it's very

important. So, go to that helps a lot. So, very professional communication, communication. How are you doing? Good. You job. inshallah

So, yeah. or cyber security. So, Ai Ai managerial experience as a Mi Good. analytical mind. Uh uh. analyze So they need troubleshooters and drinks. fortunately Salman for Pakistani, they are very good troubleshooters and thinkers Take care.

business. automation. Que Quebec. Power Electric Utilities, for some reason, I don't know why I'm uh it's a child So, it is very important. uh IOT internet of things, implementations, industries, on the road. Take it. You have got

a new uh refineries uh mining tones, 1012345 zoning. CIS controls, CISA. uh ransom, problem here. say that like different different frameworks, different methodologies, you know, all these kinds of things. You know, I'm I'm just a traveler.

You know, I'm just a hitchhiker. So, I'm you know, hitchhiking over here in uh through the through the labyrinth of cyber security and government compliance So, record this you recorded it. that are amazing with your introductory to introduce yourself. thirty-second pitch. You don't Tomorrow's 32nd so you're oh you have to pitch pitch Yeah, I would love to You can have the box There's a new platform. uh a platform to it. maybe when you make it, take it. If I have to translate

that into English, it will be the bounties. You know, uh the bounties. Uh it's a platform that has been created by Illuminati of MIT and Stanford and all these top guys and what they have done is they have been Casa and CIO of major organizations the one of my mentor, he himself has been a uh uh in Europe and North America and uh basically uh but he knows Haggerty Haggerty.

He's one of the partners at PWC say yeah, he is Peter. Hi, Peter. Ha ha. a very Ukrainian name. Uh well and uh from the Gr 8 minutes or so. Peter.

pronou nced a very difficult to pronunciation. Get your time. It's so we go to a he's a he's a he's a partner at PWC. Uh take care. Wait a minute. things you know. uh plus

they're **** so many other things. So, we are implementing and we are creating this Capture the Flag C Tf where we give you a scenario and then we give you a controlled description and then we give you control objective and then we ask you to hunt for the for the CT capture the flag. controlled description, control objective of control, objective control, Let's spearhead business development efforts performed technical presentations and demos for customers, partners, the prophets and the and the messages were speakers were speakers, Quran, So, Islam speakers, we are speakers. They're going to and

we are the speakers of the truth So, you need to be a speaker. 8 minutes. of ignorance. So, I have a meeting. Doctor is our meeting. uh we

may have to cut this short because Cambridge it ignorance. Okay. What is the time? uh it it can think about it. We'll let the acres. because you need to mention all of these three things. They are very very important for you. Otherwise, um in the in the picture, very casually as I will just be as uh nice like normal just again, for you go and relax physics. uh inshallah.

who participate in uh Take care. I have to see. you. a detailed explanation of it's 27007 27 thousand. 27019. electric car. A TSI. road vehicl e. electrical, BMW 408. 2700.

A national electrical. grid US. You can be great. in the same guidelines, guidelines, CIP, was exactly Simpson Simpson. Did you get exactly 2717 and 27013 integrated implementation. 275

FBI. of in properly. Soma. uh area of securing and breaking them up and securing them up.

So, mention this because I go can you say this is our goal to get uh the job You know, the Federal Reserve. Anyway, the point is you have to present yourself 27 27400 implementations. So, if you make me stand in front of a customer, and they are talking about all these key areas, I can abs manage those that conversation into a very proactive and also be and I I'm able to understand PWC services, what they're offering and I do know that you have a long list of services that we can that we can potentially offer to the customers then I can absolutely. You know, once I learn the products, give me a month or 2 months time to understand, consume, you know, uh digest all that information, you know, maximum 3 months time, then I will be in a position and even like on the first month of my, you know, within the company, I will be in a position to sell your services because what they're looking for, PWC are sellers, sellers, and dos. So, you have to sell the service in front of the customer and then, you also have to deliver it as well. So,

PWC this is why they are number one, right? So, keep this in mind. So, they are looking for those people. what we have a track record for the academic profile. You can look at my

academic profile once I make up my mind to do something. I go for it, you know, and I will get it done. By all means necessary, I will get it done. You know, uh all the and all the allowable means necessary, not doesn't mean that we get it done. No, no, no. but you know, whatever it is applicable, you know, I try my best uh uh saying that I try my best. It

is it will be an understatement more than enough to know I always deliver 100% that That's that's the goal with which I come to the office when I'm when I'm at some place and I'm working, you know, my goal is to deliver 100% from day one. Take care. So, advice on IOT cyber governance and management approaches I read this. So, by the way, we are working on creating a unified risk and compliance framework that unified risk and compliance framework can help organizations manage it and the OT aspect because they're both different. The IT the IT. the they're both managed. For example, if you have to do vulnerability suspension, and vulnerability sus, take care.

for example, If you have to deliver this, the key thing you have to, you know, we have to convert to the customers and to the clients sometimes they may not know. sometimes they may know by experience is that if if we can. the IT and the OT infrastructure performing vulnerability assessment in in a similar manner, The whole IT the whole OT Forex will go down possibly it can go down. So, you have to treat the IT and OT is cyber security risk in the issues with a very different approach and that is why we have created this unified risk and compliance framework to get uh through which we are making these labs and we are advocating what? you have to look for and how you have to look for. So, absolutely, I can advise I can be in, you know, I'm still learning but then I'm still learning. You know, I'm I

still consider myself as a learner and even after 10 years while working at PWC and if you ask me, you know, are you still a learner? I will always be a learner. Right. Right. Because you're always learning new things. Take it. So, I'm still learning and going through that process and. Absolutely. You know, I can advice because uh sometimes you have to infuse things from different industry, different perspectives, you know, because client is unique. Every client is unique and their cyber security risks is dictated by their business requirements, right? So, for example, if there's Hydro Quebec, Quebec, you know, it's a company based in Quebec, it's different. Uh their business

requirements are different. On the contrary, if you look at Electra or any of these powers over here in Ontario, the requirements are different. They are both electrical grids. However, They both supply, you know, uh electrical powers and whatnot but we have to look into their business requirements, their business requirements. Hydro Quebec is different over here in Ontario. It's a completely different because some of those are dictated by Quebec over here.

Some of them are declared by the Ontario. So, you have to mention these things and you mentioned here statements are going to go back to the job description when you're answering a question. Okay, exactly. Okay, we're going to give a to mimic that. So, this

is how you work here for you. I said, develop industry and IOT cyber security strategies are aligned with our client's business and IT strategy. You to get. So, you need to develop those industrial IOT cyber security strategies. The way

you know, I thrive in uh in uh within the and the ICS industry It's uh if you look at my degree, if you look at my work experience and all those kinds of things, this is what I've been day one. You know, I've been working right Absolutely. You know, uh we can create these unified risk and compliance frameworks, Cyber security frameworks, a unified approach to manage security issues, network issues, you know, all these kinds of things. Absolutely. I can do, right. I mean, think about IO

IO gives different kind of data. They can be MTD protocol. They can be different. You know, WiFi Zig, different kinds of protocols working in I. Right. So, these protocols are unique. They they have cyber

security vulnerabilities, issues, concerns, you know, risk concerns, privacy concerns, etcetera, etcetera. So, we have to develop strategies. As for the industry and align it with the spectrum client business requirements. This is what we're looking for.

Cyber security. It's not it's how you, yeah, definitely be yourself. Take care. I I-0. TOT and other CPS

devices again by the way, Um standards and utilize it. you get some names. three. don't look any machines. have to.

yours. Uh you know, I can use Ness. I can use uh you know, all the commercials available. to uh predominantly we use open source like Alien world Open, vast, vast, one day all these kinds of goods. Absolutely. Uh but if there is

a specific tool like the paid version of salmon or the paid version of calls, you know, uh that is consumed by either PWC or by the customers. you know, we can do that. You know what I mean? All these cannons are you insert the I you insert the sub Nd, you insert those things.

you schedule the time you you select the threshold, the user interface. system. Absolutely. You know, that is something I love and I thrive on.

It could be utilized right? of complying to. these are daring to the security standards and requirements. So, you know, depending on what I'm looking at, what I need to comply with, I can do all of these things, Threat intelligence, collection, risk assessment, risk ranking initiatives to help our clients prioritize mitigation and relational activities. Those

key example to me just say for example, threat intelligence of opens, it It spews out all the information. What's the information? So, you have a lot of information. There's a lot of information overlooked. So, we have to assess this this information, right? So, the best thing is that if you have a threat intelligence, uh you know, feed coming into into these applications, we can connect the dots, right? So, we should mitigate those attacks on the outside which you know, how can we look into the inside having tools like observe IT or dark or something similar. So, lot of data but

depending on the scenario depending on what I'm tackling. and once I understand the business requirements, I can, you know, I can give you a genetic answer but that won't hold anymore. but if you explain to me what exactly do I have to deal with? what are their business requirements? Because the risk needs to be mitigated. If you know, we can

either accept this mitigate risk the risk. We can't deny the risk. We can't. There are only three options we have.

There's no fourth option. Sometimes, organizations go for the fourth option. Dennis, you know, put it on, you know, put it under the under the rug and then my is a routine. We can't

do that. No, Right. So, we have to assess what that scenario is. If it's a web application, uh you know, residing in Dmc or if she's It's assessment. implementation and management of advanced security technologies for networking system security within the industry IT systems. is uh What's up? profiling. Take care.

for example, of open source components that we can use. We can use aid. We can use Jenkins. We can use and and we can piece of all those things together to create a solution similar to this where the data streams comes from Uh you know, you know, threat intelligence officers. Uh it comes from observe similar solution like observe it comes from Dos for the inside of the inside the thread reduction. It comes from Sem for compliance purposes, etcetera, etcetera and then we can create and create profiles and personas. That's one of the things I'm part of right now. Uh you know,

You may have a similar solution or they may have a similar processes. You know, it's not necessarily that you have to focus on technology. The most important element in any organizations is people and processes, you know, uh nine out of ten times. you can know if you have the right people, they are trained and they have the right processes. There is no need for technology. The technology and processes and what I've seen is like, you know, people and processes are the most important element and if you spend time on that organizations spend time on that uh you know, then we can absolutely secure the customer and if you ask me if the customer ask me, how can we improve our people and processes then, I will tell them this is a bit of a joke comes in You have to consume PWC Consulting Services because he started consulting services.

Basically, tell them this is where it comes in. You know, and I and so to be, you know, if you know your product and you if you know the standard, then you can be a good, you know, salesman as well. You know, the reason I was there was because he knew about his product and he was honest, if he knew about your product and you're honest, you will be successful. Take it easy. with the car. You see? me? in Islam.

Data science of the Islam. Cyber security. The problem with the Ummah is so Uh Jovita. they used to wear. I had big beards together. They

used to recite Quran and they used to work inside the masjid Mas So, they were philosophers. They were scientists. They were scholars. These are the kind of people we need. of colonialism. about your religion or your normal education is I like to get and that is one of the things. That's it. it. so that's one of

the things. So, work with other uh PWC, cyber security, privacy professionals, tomorrow uh uh ticket and participate in the industry groups and guide PWC contributions in order to further uh for creating a secure digital society and they're teaching all of these courses in Twenty-six plus languages. You know, if you speak Russian, Portuguese, Spanish, Arabic, Mandarin, I mean English, whatever language you speak around the world, uh predominantly, they're focusing on Twenty-six plus languages spoken by 6, billion people in the six six. You know, 6.5000000000 people in the world. So that's a pretty big you know that they are targeting right now and we can absolutely uh you know, should look into partnering with these guys. You know, I'm I'm

assuming that I, you know, I got this job. That's why I'm saying we should take care about, you know, what what you will bring to this world life I'm going through that right now in the next 3 months. If you come to me and ask me, I'm a Ahmed Ali. Ali, Ali, Ali, Uh you know, a uh we need to uh work with uh with a with a with a with the ICS mentor who is right now migrating all of that. Uh you know, level five

areas and level two and level three areas as for the 62443 standard into the cloud How can we secure it? I'll be ready by that, right? And this is what you need to focus on. It's tastes good. Try it. I'll say it. and the whole pack makes Twenty-four muffins is one of them.

You know, the whole pack together makes Twenty-four. Well, it's it's a ticket. Okay. in the manufacturing in the labs? in case scenario, in capture the flags. So, I'm already doing all of these things is your job description.

They don't get overwhelmed by that. If you don't know much about me, need to ask. Just ask good questions. Four to five, You know, like so that you can show your interest in my questions. Would you in

direction you like ask them like questions so that they know that you're interested in them and the difference of the job Muhammad he told me that you already have a unified compliance uh within the GIC practices. Are you using the same one or similar one? uh within, you know, within the within this this line of practice as well. you know, because it just like I mean, my role Is it going to be more uh performing you know, 62443 or ISO 27001 implementation or ISO 27019. uh compliance and stuff like that or I mean, what is going to be because the the job description that that was sent to me is pretty broad. What exactly am I going to do to it? so there are couple of things you have to mention Uh uh but because the things that I'm doing right now, it opens doors for me to work in the club right in the in the devos areas. You know, I'm I'm sharpening up my skill set and whatnot. So, no matter what you

whatever you throw me in, I can do that. So, my question is like, do we, do you expect me to develop solutions as well using open source technologies or participate in those discussions? Take care. Uh and Autumn. uh developing frameworks and stuff like that. I mean, what is it? 5050? I mean, because uh you know, I'm both I'm a hands on person and I'm also very expressive and very uh you can say I can articulate my understanding of the business requirements and articulate those business requirements uh in the best manner to in order to comply or to adhere to those compliance requirements, right. or made those compliance requirements, right? Or to certify them. What kind of

things? Because it's hands on. Hands on architecture designing 62443, I want to become uh you know IEC 62443 cyber security master cyber security expert, right? So, uh So, when the company will sponsor that, I mean, I want to do every year, You know, uh it has four parts and uh my cybersecurity certificates. There are not too many people in the world who have that. It's an expensive exercise. So, I want to become,

I want to achieve certificate 1234 to become an expert, right? Uh cyber security expert because that will give a lot of credits and a lot of credibility to a team that you know, either me or you know, a couple of guys should do that, right? So, it focuses on all of those things. Take it or can we can, you know, can we look into that? I mean, uh that is one of the things that I really would like to do. So, the company will be sponsoring my education. Uh you know, uh it's

not that much three. $4000. but I don't know. right. So, basically, take care. So, there are multiple ways of doing it. So, I mean, How can we do this? I really want to do all of these things and uh go for it, right? So, you inshallah, inshallah, uh PWC

2021-08-14

Show video