“Experiential Learning” is as valuable as anything learned in studies. An internship is a unique opportunity that gives an “on the job” experience along with general insights into the workings and culture of a company. Participating in internships can be a great way to get a taste of first-hand professional experience in a particular field. Nonetheless, internships are low-pressure entry to choose a career path. “There is no substitute really for learning about the world of work and being in the world of work. You can do that through internships. You can do it through summer job experiences or even from volunteer jobs. Strive early to get some kind of practical experience.”- Alexis Herman  Being driven by the above-stated quote, Sectona has always emphasized on creating learning opportunities for beginners and students seeking internships with us. Interns associated with us are not restricted or caged with connotations. On the welcoming day, the very first thing communicated to them is that their internship solely exists on their resumes. They are full-time members for us working hands-on with core teams. It is a significant practice to let our interns know and be convinced that their inputs are vital. Brushing away all the negative stereotypes about millennials, one would be astounded by how hard they work when they believe their contribution matters. Bilateral Process Of Internship Program At Sectona:- We have a peculiarity for bright, young, and enthusiastic chaps which is one of the many reasons we run our internship programs of 2 to 6 months throughout the year. All that one requires to do is follow these simple steps which would familiarize you for interning at Sectona. Step 1- Check our Website Step 2- Explore internship opportunities based on your interest area and skills Step 3- Swank your skills and expertise to us while applying Step 4- Hit the submit button All the applications that hit our inbox are reviewed on a rolling basis so the earlier you apply, the better. Interesting applications call for interesting conversations. We don’t tag this as an interview but a coffee day to talk about everything right from passion, interests, learn-ability to sharing our stories, experiences and visions. We at Sectona take our internship programs quite seriously hence based on one’s interests and topics of engrossment we meticulously plan and curate projects which would be independently assigned to our interns to help build learning opportunities and experiences that are mutually beneficial. Our Fundamentals For Internship:- Continuing the above-shared ideology of curating distinctive independent projects for our interns, we generally aim to set projects with targets to reach by the end of their role along with first-hand pieces of training which would boost their careers. We create space to optimize their theoretical knowledge while dealing with real responsibilities and to assess their full capability. The projects are designed in a way where each day comes with new challenges and even more opportunities to learn and grow. Role hierarchy and work culture are no different for an intern—they have a manager to report to, a team to work in collaboration with, and an opinion to share on the tasks. At Sectona we believe a graduate school pass-out student has much more to learn in an internship apart from the skills and industry’s core competencies to kick-start their career. Company culture plays a crucial part herewith and we continue to cultivate these principles in our team members. A General Day At Sectona For An Intern:- “What do I expect my few months of working at Sectona would be like?” , “How as an intern will I be getting along with the team?”- few extensively proposed questions encountered by all at common. Here’s a quick sneak-peek for any such similar questions and know-how about the company culture at Sectona. As a team of organized workaholics, you would naturally develop a habit of starting your work morning with setting up a “To-Do list” for the day which is a widely accepted tact by us at Sectona. Next is to work on projects, be a part of team discussions, have a one-on-one discussion with your manager, get your queries resolved, read some articles around, meet your colleagues, ask questions, go on a coffee around, have a gala time at lunches, build some inside jokes and everything in between work and fun is perfectly blended with us. Quick Tips If You Are Looking To Intern With Us:- Famously said by Emily Weiss, “ An ideal intern is committed, creative, organized, ambitious, independent and able to crack a smile whether meeting a celebrity or folding socks”. Likewise, we have an edge for passionate and self-assertive individuals. Being on the other side, listing pointers that attracts us as traits in interns and which would help you optimize your internship experience: Make sure to use your time wisely as an intern. You will have fantastic exposure within our business and to make every opportunity count. Pickup skills that will propel you forward when you start full-time work. Build a network around with your colleagues. Be experimental with work and incorporate your student perspective. Equitable internships offer a chance to test your skills in real-life situations, explore your career options, and gain an insight into an organization or career path. Sectona believes in these values and we look forward to welcome and associate ourselves with many more bright minds across the globe.

We are a happy spot for coders, engineers and entrepreneurs, all linked together with a common vision to- “Prevent Data Breaches Anytime Anywhere.” At Sectona we believe, we are as good as our team which is the prime reason we are meticulous in signing on fresh talents as an addition to our team. Hiring at Sectona generally runs throughout the year. Since we are peculiar with our team and we are proud of our company culture, the aim for us is to hire the right candidate. An interview for us is not restricted to candidates learning about Sectona, our work and culture but also more about we learning about candidate’s skills, passion and the ability to grow mutually. Hence, identifying “one right candidate” from an ocean of applicants is a lengthy process and we generally take 1-3 months to conclude on one position. We understand interviews are an experience and we like to make it count as best. “You find yourself passionate about technology and envision to join us?”, here’s all the information at your disposal about our hiring, interview process and various stages of interviews as we progress to conclude on any role. How do you get to know about our Open positions The first place you check out is our job blog portal mentioned on our Career Site here. We have jillion of open positions and you can apply to the role which you find yourself to be the perfect fit based on your academic background and skills. Our job portal is inclusive of tons of details related to the role- Job descriptions, Academic Qualifications, Skills Required, General expectation about the role, Experience, etc. Where to Apply? Evaluate the role you intend to apply for. Check if you match all the qualifications required and requested. Attach in your recent curriculum vitae and hit the apply button. If you do not match the exact qualifications and you still intend to apply for the role, we suggest you attach a small descriptive note explaining why and we might take your application forward. We principally design the requirements that we consider would prove to be successful for the role. That being said, evaluate the criteria carefully and write something that would be convincing for us to take your application in consideration. How do we notify We assess each application accurately and generally we send out application status to applicants within 7 days via phone calls or emails. However by and large applications received are on the higher side and in rarest case we might notify within 14 days. If your application is selected you must expect an email giving you an understanding about the interview process to be held and what you can expect at each stage of the interview. While we understand communicating a feedback is extremely important and we make sure to be responsive and responsible in doing so. Nonetheless, we have been working on sharing scalable and constructive feedback s. Technical Telephonic Discussion We will set up a discussion with one of our senior team member from the role you have applied for. This conversation would revolve around your technical understanding of particular skill, discussing your academic projects and we might dive deeper on various points mentioned in your resume. Well, not to worry, we would not ask questions exclusive of your role and interests. Tip: This call would not be to evaluate your answers as to be right or wrong, but about your approach and problem solving skills. Be genuine while answering. Do the Challenge Next up is a challenge for you! Be ready while we throw a challenge at you which could be a research work, a case study or an assessment which would help us gauge your expertise for the position. Completing it efficiently before the set time frame would definitely work in your favour. Final Interview Discussions These discussions would be with our senior management and would plunge on your ability to learn, adapt, think and bring new thoughts to table. This could be a chance for you to demonstrate your skills in the best way possible. A general note:- These processes are not set in stone. Sometimes we may skip some discussion rounds or tasks to accelerate the hiring process while sometimes we may take up extra rounds of discussions. What attracts us is…… All that is not mentioned on your resume is possibly we are most keen to learn about you. Skills and professional accomplishments are definitely key factors to have you on-board while adaptability and passion still tops the chart for us to welcome you in our teams. At Sectona, we promote Work-Learn-Share-Grow and Enjoy Hence, if you enjoy doing what you are best at and eager to learn- Voila!! you have successfully come half way to be a part of Sectona.

The cyber-attack threats are ever increasing. There have been recent incidents of payment frauds in customer’s local environment. SWIFT’s payment community continues to suffer from numerous cyber-attacks and breaches. For year 2020, SWIFT promoted 2 existing advisory controls to mandatory and introduced 2 additional advisory controls resulting in 21 mandatory and 10 advisory controls in the CSCF v2020. The SWIFT has launched a CSP (Customer Security Programme) which aims to improve information sharing throughout the community. Through the programme, it also shares best practices for fraud detection and enhance support by third party providers. The clause 1 of SWIFT CSP framework speaks about restrict internet access and protect critical systems from general IT environment. The framework speaks about the SWIFT environment protection i.e. the protection of user’s local SWIFT environment from potentially compromising elements of general IT environment and external environment. The framework states that there should be complete isolation of the SWIFT user’s environment. There should be complete control and access restrictions over OS Privileged accounts. It also emphasizes on securing the virtualization platforms. All the virtualization platforms and virtual machines (VMs) which are hosting SWIFT related components should be secured to the same level as physical systems. The Spectra Privileged Access Management (PAM) Solution by Sectona with its hybrid access mechanism, ensures secure access to critical systems, including SWIFT infrastructure for users to accessing from internal or external environment. Spectra allows for privileged sessions to be accessed over browser to ensure true session isolation while also allowing direct client-based access without need for agent on the target device. There is also provision for access to be enabled through a secure Jump Host as well for session isolation.  Spectra is a true cross platform capable solution which allows users to take access from any OS, any browser without any need for plugins. Spectra PAM has strong server privilege management & access control capabilities that allow for user access to be segregated based on workforce roles & responsibilities. Unauthorized access is eliminated by way of this capability. Spectra has strong integrations with Virtualization platforms & VMs and access to these can be secured with the same effect as for physical systems. The clause 2.6 of this framework states that surface attacks and vulnerabilities should be reduced. There should be complete operator session confidentiality and integrity to be maintained. The interactive operator sessions connecting to local SWIFT infrastructure should be protected from surface attacks and vulnerabilities. Sessions taken to the SWIFT infrastructure through Spectra PAM will be completely secured, controlled & monitored through a secure mechanism, and ensures protection of the confidentiality & integrity of sessions. Along with MFA to access any interactive session of SWIFT via PAM. In addition, the threat analytics engine within Spectra PAM calculates a composite risk score for each privileged session that helps with auditing and forensics much easily and faster. The clause 2.8 of this framework speaks about the outsourcing of critical activities. It states that the local SWIFT infrastructure should be protected from the risks exposed by the outsourcing of critical activities. Spectra can enable workflow-based access for outsourced activities to ensure that access to the SWIFT infrastructure is granted only after review & approval from authorized personnel. For any critical activity wherein the session may need to be shared over the internet with outsourced or third party vendors, Spectra enables a highly secure way of collaborating without revealing credentials and generating collaborative logs identifying and logging the activities that happened during the session. The clause 2.9 of this framework states that all the business transactions should be controlled. All the business transactions taking place in the environment should be validated and authorized by the respective counter parties. In Spectra PAM, time-based access can be provided to users taking access to SWIFT infrastructure. This ensures that the user access to SWIFT infrastructure is authorized at pre-decided time frame. In addition, workflow-based access can also be enabled to ensure users are given access only after review & approval. Multiple levels (up to 15) of approvals can be configured in Spectra. The clause 4 highlights the prevention of credential compromisation. The clause 4.1 states that the effective password policies should be in place. The passwords should be resistant enough against common password attacks. Spectra PAM has a robust password vault that supports customizable password change policies enabling password complexities and rotations with a wide range of combinations. Multiple Password Policies can be created, and they can either can be applied to an asset or group of assets. Spectra’s Password Vault can help schedule password changes on a regular basis & help set password complexities as desired. The vault is highly secure & passwords are encrypted with either AES 256 encryption or RSA 2048 encryption. The clause 4.2 is about the multi-factor authentication. It requires prevention of compromised single authentication factor for allowing access into SWIFT environment. Spectra is engineered to readily integrate with MFA providers such as RSA, Vasco, Safenet, Okta, OneLogin, Duo or Google Authenticator. Alternatively, it provides proprietary in-built Mobile OTP or Push Authentication and SMS or Email OTP options for multi factor authentication. 2FA mechanism ensures additional layer of security & control. The clause 5 of this framework is speaks about managing identities and segregation of privileges. The clause 5.1   is about the logical access control, i.e. access should be provided on need-to-know basis, and duties for operator accounts should be segregated. Spectra PAM follows the principle of least privileges and segregation of duties adding value by providing attribute-based grouping or AD grouping that can help reduce human effort involved with user mapping based on roles & responsibilities. The clause 5.4 speaks about the protecting the logically and physically stored passwords in the SWIFT environment. Spectra PAM has a robust password vault that supports customizable password change policies enabling password complexities and rotations with a wide range of combinations. Multiple Password Policies can be created, and they can either can be applied to an asset or group of assets. The vault is highly secure & passwords are encrypted with either AES 256 encryption or RSA 2048 encryption. The clause 6 speaks about detection of anomalous activities to system or transaction records.  The clause 6.4 states that all the security events should be recorded and detect anomalous actions and operations within the local SWIFT environment. Spectra's Session Recording module completely captures logs of all privileged sessions across target system sessions including access to SWIFT environment. In addition, the threat analytics engine within Spectra PAM calculates a composite risk score for each privileged session that helps with auditing and forensics much easily and faster. Spectra has an in-built Risk Scoring engine with a list of predefined plausible high-risk scenarios. The risk levels for these scenarios can be configured to incorporate desired risk levels of the organization. This Risk Scoring engine will help calculate composite risk score for each user session based on the activities in the session that thereby helps assess the access behavior. Spectra PAM has alert and notification engine to ensure to ensure timely alerts are sent to concerned personnel on execution of pre-defined critical commands or activities. SWIFT has included an extensive list of best practices to be followed, the latest version of compliance document is available here. For those starting out with their privileged access security programs, start by targeting and identifying all privileged accounts. Leverage this list here  to start your privileged access security program. Sectona team has come up with an interesting article about why running isolated privileged sessions for remote users is important, read it here.

PAM Market Overview KuppingerCole, a leading analyst organization headquartered in Europe, announced public availability of its Leadership Compass report for Privileged Access Management.  The report suggests that PAM has become one of the “fastest growing areas of cybersecurity and risk management solutions”. KuppingerCole estimates the PAM market is a $2.2bn market by revenue with a growth of up to $5.4bn expected by 2025. The reports states how credential vaulting, password rotation, controlled elevation and delegation of privileges, session establishment and activity monitoring are now almost standard features of any PAM solution. More advanced capabilities such as privileged user analytics, risk-based session monitoring, advanced threat protection, and the ability to embrace PAM scenarios in an enterprise governance program are becoming the new standard for PAM solutions to protect against today’s threat. Sectona Strongly Recognized as Challenger Sectona has impressively surpassed several competitors in this report to make its way as a strong Challenger to look forward to. Among a competitive space of 25 vendors recognized in this report, 80% of whom have been in the industry for over a decade, Sectona in a short span of just over 3 years has shown immense growth and earned an admirable spot as a strong Challenger in the Overall rating. The lead analyst Paul Fisher highlights “Given how the short time that has elapsed since the company was founded, it is maturing at an impressive rate”. Speaking about some key innovation and strengths, the report also rates Sectona a respectable Challenger in the Product and Innovation Rating sections. This has been a noteworthy feat for the company considering how it has quickly graduated from being a Follower in the previous report to a Challenger this year. Feature-rich, the KuppingerCole analyst also rates Sectona’s PAM solution Spectra as a ‘positive’ when it comes to Interoperability, Usability and Deployment. Sectona PAM Analysis in the Report Considering Sectona is a young company, analysis of its PAM product involves mostly hits especially for the key aspects with little misses. Hits - Easy to understand and use dashboard, PDK (Plugin Development Kit) does not need coding - Access from wide range of platforms without agents or plug-ins - Strong support for cloud-based services to onboard assets - A collaborative, cross-platform approach allows for integrations offering desired flexibility - Despite its relative youth, the company has done well to present some advanced ideas on PAM and application integration Fisher specifically calls out Spectra’s PSM (Privilege Session Management) strength stating that it “offers access to privileged sessions over any HTML5 supported browser from any platform without the need of agents or plugins to be installed”. This aligns with not just the core PSM capability but also covers needs of advanced requirements including secure remote access for users, especially in today’s digital environments. Misses - While undoubtedly innovative, Spectra needs to offer more capabilities to succeed in Europe and North America - May struggle to fund the marketing it deserves - Functionally limited to PSM with lack of proven AAPM (Application to Application Password Management), CPEDM (Controlled Privilege Elevation and Delegation Management) capability Primarily being a non-funded company, Sectona has grown its revenue 300% YoY. This is testament to the fast-growing business and financial stability of our company. Sectona has a strong foothold thus far in India, Middle East and East African countries and have aggressively begun adequate marketing initiatives to penetrate and sustain newer markets including Europe. From a technology standpoint, Sectona’s Spectra PAM solution has proven Application to Application Password Management capabilities. This is highlighted in the report by Fisher where he mentions “It’s up to speed with features such as application to application password management by using APIs and SSKs (Software Support Kits) for many platforms”. Spectra also has built-in Privilege Elevation and Task Automation capabilities. This is also rightly mentioned in the report stating Spectra “offers some degree of automation with Privileged Task Management”. Where We are Headed Our commitment to innovate and address more genuine and practical areas of concern around privileged access has never ceased. We continue to develop and enhance our PAM product capabilities to make it a more value-driven offering for organizations. Some of our innovative capabilities for the near future include: DevOps – Secrets Management Sectona is currently working towards making its DevOps secrets management module available by the 3rd quarter of this year. Sectona has always believed in a future vision and had started developing around DevOps secrets management last year. This thought process is also validated by KuppingerCole where they identify DevOps in organizations as one key contributor to the growth of the PAM market. To add to it, Paul Fisher highlights that Spectra “is well positioned to manage DevOps and containerization demands in the future”.  Privileged Account Governance While Spectra has taken care of the customizable reporting and dashboard part in its current version, roadmap includes a dedicated PAG (Privilege Account Governance) module providing privileged access certifications and valuable insights related to the state of privileged access. This again is in line with some of the advanced capabilities that PAM solutions will be expected to have, as stated in the report.

Safeguarding the sensitive data of your digital society is one of the prime requirements for any nation. Online services are becoming strategically important for both public and private sector organizations, helping them grow a digital economy. And Kingdom of Saudi Arabia is not immune to this growing change. They proactively explore and implement a strong, immune, system which can safeguard sensitive data, transactions and most importantly confidence in the entire Saudi Finance Sector. The financial sector in Saudi recognized the rate at which technology is changing, and the cyber threats always loom large in any given situation along with evolving risks. Saudi Arabia Monetary Authority (SAMA) came up with cyber security framework in May 2017 to enable financial institutions to effectively identify and mitigate the cyber risks.  The main objective of this framework is to: To create a common approach for addressing cyber security within member organizations To achieve appropriate maturity level of cyber security controls within member organizations To ensure cyber security risk are properly managed throughout member organizations The requirements of this framework does not just encompass best practices suggested across various industry cyber security standards like PCI DSS , NIST, ISF, ISO, BASEL but also mandates adherence to some. The framework mandates and defines principles, and objectives for initiating, implementing, maintaining, monitoring and improving cyber security controls in member organizations. The SAMA Guidelines are very crisp and clear regarding cyber security principles and objectives. Those are broken down into four domains of cyber security: Leadership and Governance, Risk Management and Compliance, Operations and Technology and lastly Third-Party Security. [caption id="attachment_23026" align="aligncenter" width="503"] Figure 1: SAMA Cyber Security Framework Structure Source: Cyber Security Framework, Saudi Arabia Monetary Authority, Ver 1.0, May 2017[/caption] It is well known that regardless of the source of a cyber-attack, compromised credentials eventually lead to cathartic damages in any cyber-attack. Identifying the root cause for this spot on, SAMA suggests stringent measures around User Privileges, Identities & Access Management. They have laid down a comprehensive list of control consideration policies for member organizations around providing need-based and controlled access to critical IT systems, discovering & vaulting critical IT systems and privileged accounts, comprehensive monitoring and logging and multi-factor authentication enablement for all privileged users including internal staff and third-party vendors. Sectona PAM is Aligned with SAMA Best Practices Sectona, with its modern and next generation Privileged and Remote Access Management (PAM) Suite helps organizations achieve compliance with confidence. Business Requirements for Access Control The guidelines state that all the users’ access must be on need-to-have and need-to-know basis to avoid unauthorized access and (un)intended data leakage. With Sectona’s Spectra Privileged Access Management, access can be controlled, defined and managed on a need-to-know and need-to-have basis. Depending on the users’ roles, responsibilities and need to access critical IT systems, access policies on a granular scale can be defined and password-less transparent access to IT systems such as RDP, SSH and others can be enabled. This ensures that only designated users access with their authorized named user IDs and passwords of these privileged accounts are not shared among multiple users. Spectra PAM also empowers you to automate discovery across accounts & assets for easy on-boarding of accounts reducing significant manual efforts for IT operations team. Furthermore, provisioning of privileged accounts adds another security layer for on-boarding additional users who need privileged access. Spectra PAM Account and Asset discovery provides an automated way of discovering IT assets across your IT infrastructure. With schedulers and automated on-boarding rules, obtain relevant asset information and reduce time for securing privileged accounts. Start on-boarding VMware ESX/ESXi managed guest OS Automatically retrieve and list OS linked to Active Directory Run network-based discovery for assets across on-premise locations Gain complete visibility into the privilege accounts & IT assets whether on-premises or in the public or private cloud User Access Management With Automation The guidelines states managing users with changing role or job positions, any change in external staff or third parties should be approved by accountable party.Spectra Privileged Access Management Solution is tightly integrated with Active Directory and it can allow access to users present on AD. Various roles and user access policy creation is possible for the users. Spectra has maker-checker facility wherein any changes or modifications to user roles can be validated and approved by authorized personnel. With Spectra’s Attribute based grouping policies, access provisioning to users can be automated while following attributes such as role, IT asset group, user band etc. This reduces manual dependence to map one-on-one access for each user to each IT asset and account. Centralization of Identity and Access Functions The guidelines state that all the functions of identity and access management should be centralized. Spectra PAM has a centralized web console that can be accessed from any platform & any HTML5 supported browser. Since Spectra works on micro-services architecture, all components are embedded into one web console which can be configured & controlled via central management console. This also helps at the time of upgrade of Spectra to control centrally with a single installer. Privileged and Remote Access Management with MFA The guideline states that all the users taking privileged access should have restricted use, MFA should be used for all remote users, MFA should be used for all privileged users taking access on critical systems with risk assessment, all the accounts must go through a periodic review, there should be individual accountability. Spectra Privilege and Remote Access Management Solution allows creating separate policies for remote users wherein, they have MFA enabled access. While defining user access policies, MFA can be enabled for all privileged users taking access. With Spectra’s cross-platform and browser-based access capabilities, all users especially remote user and third-party users can be enabled access to IT systems without VPN over browser ensuring restricted use over data movement and copy of data. Learn more about securing remote privileged access without VPN here. Spectra PAM allows creation of user policies where multi-factor authentication-based access can be enabled for user profiles handling critical and sensitive data. Spectra PAM suite is built with robust MFA authentication capabilities with easy to implement MFA for multiple sets of users. Solution provides a range of authentication methods covering: Adaptive authentication for enforcing MFA based on risk scoring for user access that relies on parameters such as time-based access, device fingerprinting and access criteria based on Geographic location Integration with leading Cloud Based MFA authentication providers such as Okta, One Login and Duo helping reduce time to implement and integrate Sectona Mobile which provides MFA based on Mobile based Soft Tokens (without internet connectivity), SMS Tokens, and Email Tokens. Out-of-the-box integration with hardware token providers such as RSA SecureID and Vasco Monitoring, review & accountability The guideline states that monitoring and review of privileged and remote accounts must be done while ensuring accountability.Spectra PAM has a robust session recording and session logging module that captures comprehensive details around which user accessed what system at what time from where among other details. This helps associate individual accountability of privileged and remote user access.Furthermore, Spectra has an in-built Threat Analytics and Risk Assessment Engine, which calculates a risk score for each and every session based on user profiling and the activities carried out in each session. The use of non-personal privileged accounts For this requirement, guidelines state that there should be limitations and complete monitoring of the privileged sessions, all the passwords must be confidential and all the passwords must be changed periodically and also at the end of each session.Spectra PAM enables administrators for live monitoring of the sessions and termination as well with complete audit. All the passwords are stored in robust Spectra Password Vault which does the complete management of passwords i.e. rotation, verification and reconciliation. Users can define the frequency for password change along with the desired complexities. Conclusion It would be safe to say that SAMA has laid down an extensive list for Identity and Access Management requirements taking into consideration complete security of the nation. The detailed framework document is available.Going one step further, we have also published a list of high priority use-cases that companies must take note of and protect when it comes to securing privileged accounts. Refer to this document here. Also, for those starting out with their privileged access security programs, start by targeting and identifying all privileged accounts. Leverage this list here  to start your privileged access security program.