Sivanathan

So I have sort of finished vibe coding my first version of the app idea that I had. Tested with a few friends and received pretty good feedback. First time putting it out here. It’s an e-learning app to master the skills of “managing your boss”. It can be accessed at the link below. DM me for a discount/promo code. thehumanpremium.replit.app

@alphaque @tevanraj So what’s the reason?

@tevanraj If , as you say, expats get paid more than locals for the same role and job, why do companies not want to hire locals and book more profit? There has to be a reason that they are paying more to expats to do the same thing, right?

“country’s high-salaried expatriate population – estimated at 140,000 people – pumped about 75 billion ringgit ($19bn) into the domestic economy and contributed approximately 100 million ringgit ($25m) in taxes each year.” Average monthly salary ≈ RM44,000 – RM45,000

@sureshdr Actually what supposed to be the value?

Seriously contemplating whether it’s worthwhile to keep MBOT certification alive … I see zero value on a Ts. title

Having worked with a number of CFOs already, they hate vague cyber risks and the whole impact x likelihood matrix. But I realise that they love scenario analysis. Because scenarios have price tags. “If Scenario A happens, it costs us $2M in 4 hours." That gets a budget approved.

@sureshdr @dasmodeler @rameshgopalkr @alphaque LOL! But they do exist, and sadly they are “really good” at their jobs.

Cc @sivanathans @dasmodeler @rameshgopalkr @alphaque

@sureshdr Strategic planning without risk management embedded, good luck with that.

@sivanathans The usual reason is that they’re operational and don’t need to worry about strategy “stuff”

If your 2LoD team isn't invited to the strategic planning meetings, your organization isn't taking risk seriously.

Most people stay because they have to - mortgages, school fees, kids. They suck it up, but they stop caring. They just survive. By the time the Board notices the culture problem, the top talent is already gone and the brand is hollowed out. Undoing that takes years, not a single HR offsite.

Or turn up the audio volume

What can actually tell you which 80% of vulnerabilities you can ignore because they don't lead to a critical business impact?

@alphaque What’s the latest?

@sivanathans Like the current targeted campaign against audit and tax firms?

MFA is essential, but it’s not bulletproof. Just discussed a spear-phishing attack with a peer - Employee gets an email about "bonuses & increments" 🤣 - No malware. Just a PDF with a QR code. - QR code moves the attack out of band to a personal phone. By switching to a phone, the user bypasses corporate browser controls. - The attacker used an AiTM proxy to serve a perfect-looking login page. - User enters MFA, attacker steals the session cookie, and they're in.

Most CISOs are drowning in data but starving for insight. Scenario-led thinking is the only way to clear the fog. Who’s actually doing this well right now?

Risk assessments that focus on impact vs. likelihood without a specific threat scenario don’t really work. If the how is not modelled you are not managing your risk effectively.

You know what is the " Mike Tyson" moment of leadership: everyone has a plan until they get punched in the face by a toxic / narcissistic boss.

In the last 6 months, I’ve had 4 different bosses. Most people would see that as a career nightmare. When the person you report to keeps changing, you can't rely on "getting to know them over time." You need a repeatable system to build trust and alignment in days, not months. I’ve spent the last 2 weeks sharing these reflections in my newsletter. sivanathan.substack.com/p/the-art-of-m…

My plumber, who is also my electrician would be very happy to see this chart. He is already making plenty of money with his elusive skill sets. How do I know this? His schedule is always full and he is not cheap. This radar chart highlights a fascinating (and for some, slightly unnerving) gap between what AI can do and what it is actually being used for across different job sectors. While white-collar jobs are seeing massive theoretical coverage by AI, the blue-collar trades remain largely untouched. We can automate a legal brief much faster than we can automate a robot that can navigate a cluttered basement to find a water leak.

Being obsessed with one idea used to be a bottleneck. But now We’re living in a time where the tools to test, build, and break things are everywhere. The hard part isn't the work anymore, it’s staying relentless on one thing when there are ten "interesting" distractions a click away.

@tevanraj Allow federated execution with budget allocated for teams to experiment to solve their own problems instead of centralising innovation which usually acts as a choke point.

We all should be using hrms, salesforce, atlassian, slack etc and build own thing. It’s time. Time to reinvent the wheel. 💪

While I toyed with a few vibe coding apps, I’m thinking about proceeding with my big idea of building an app for cyber risk managers (2LoD) to run cyber threat scenario analysis. It’s supposed to solve a real world problem where I’ve seen too many 2nd line teams resort to checking compliance boxes while remaining completely vulnerable to real-world threats.