“Never stop learning—pursue new certifications, stay updated on industry trends, and always be open to new ideas,” said Nikhil Dev, CISO & General Manager, IT & Telcom, The Lalit Suri Hospitality Group.

Can you describe your current role, and what responsibilities do you undertake?

As the capacity of General Manager-IT & Telecom, I am responsible for our group’s IT strategic planning, infrastructure management, project management, IT security & compliance, and increasing IT operational efficiency.

How will you describe your journey in the cybersecurity industry?

The journey through the cybersecurity industry has been one of growth, learning, and passion. The challenges are numerous, but they are met with a strong sense of purpose and fulfillment, knowing that every day brings an opportunity to defend against new and increasingly sophisticated cyber threats. This includes Adaptability, Continuous learning, Strategic Thinking, etc.

If you could make one recommendation to the next generation of cybersecurity leaders, what would it be?

I feel that in today’s fast-paced and ever-evolving cybersecurity landscape, cyber security is a joint effort to save the organization; no one person can tackle the threats alone. Cybersecurity is not just a technical challenge—it’s a business, cultural, and strategic challenge. As a leader, your ability to build strong relationships across teams, organizations, and even industries will be essential. Collaborate with colleagues in other departments, such as legal, compliance, and operations, to create a unified approach to security that aligns with business goals. Equally important is a commitment to continuous learning. The cybersecurity field is constantly changing, with new technologies, attack vectors, and regulations emerging regularly. Never stop learning—pursue new certifications, stay updated on industry trends, and always be open to new ideas. The more you understand both the technical and strategic aspects of cybersecurity, the better equipped you will be to lead your organization in mitigating risks and responding to threats. Ultimately, as a cybersecurity leader, your success will depend on how well you build resilient teams, create cross-functional partnerships, and foster a mindset of adaptability and lifelong learning.

How do you stay current with the latest security threats and technologies?

As I have mentioned earlier, it is a joint effort for cyber hygiene. But being a part of an IT team with the responsibility to be up to date with the current changes in the cyber world, there are certain golden rules that we need to follow… This starts with ensuring you never stop learning and reading what is happening in the industry, learn from others’ mistakes, and patch the gaps with affordable and available solutions.

> Regularly attending cyber conferences with industry cyber experts.

> Hands-on practice and Labs to make sure to check the competency of your team.

> Engage in Red Team/Blue Team exercises where you can simulate attacks (Red Team) and defend systems (Blue Team), learning from each round to enhance skills and knowledge.

>Work closely with other IT and security teams within your organization to ensure continuous improvement of defenses and response strategies.

>Keep track of new regulations and compliance standards, such as GDPR, HIPAA, PCI-DSS, and others.

These frameworks often reflect changes in security practices and emerging risks. Cybersecurity is a field that demands continual adaptation, so the key is to remain curious, open to new tools, and constantly enhancing both your technical skills and strategic thinking.

Can you discuss a time when you had to handle a security incident and what steps you took to resolve it?

Security incident handling is very stressful, but a step-by-step approach can make the incident management response planned. Some of the major steps we had taken were…

>Incident Identification and Containment

>Communication and Coordination with the business stakeholders.

> Analysis and Investigation.

>Communication with External Parties like law enforcement and security service vendors.

>Root Cause Analysis

>Documentation and Reporting By following a structured, methodical approach, organizations can mitigate the impact of cybersecurity incidents and improve their overall security posture in the long term.