Can you describe your current role, and what responsibilities do you undertake?
I am Chief Information Security Officer for my organisation and my role is to create risk appetite framework so that all risks which emerge in the organisation remains within the appetite. I have the responsibility of managing Information Security Risk, Privacy Risk, Business Continuity Risk and technology Risk. I am CISA, CISM, CDPSE, ISO 27001, PCI DSS certified. I am responsible for creating Info Sec awareness and implementation of security solutions within the organisation. In one sentence “I am the business enabler”.
How will you describe your journey in the cybersecurity Industry?
My journey in the cybersecurity world started from the Banking industry wherein my role was to manage the Security Operation Center of the Bank. Then in another organisation, my role was to setup in-house SOC and manage its operation. I also implemented many security solution in my role. The only thing in Cyber Security space is to keep learning and adopt with technological changes.
If you could make one recommendation to the next generation of cybersecurity leaders, what would it be?
My only advice to the next generation security leader is to align security with business goals. You cannot apply same security for different organisation and it has to align with business goals. Try to put your shoes as Business Enabler rather Technology Leader because security is like a good braking system of vehicle which gives confidence to the driver to drive fast as it has good braking system to control the vehicle.
How do you stay current with the latest security threats and technologies?
I am taking regular security session at various forums to keep abreast of technology changes in technology space and share my experience as well. I regularly read all articles and blogs posted at ISACA website. I am also part of various online forums and communities which conducts webinar on various security topics. I also take part in various trainings conducted by CERT-In. I take part in various security conferences to understand how leaders are implementing technology. I also writes article on various forums on my experience. I also reads news article to understand new hacks/incidents.
Can you discuss a time when you had to handle a security incident, and what steps you took to resolve it?
I remember an incident which happened 4 years back in my earlier organisation wherein we got an incident of one of our critical system being compromised. The first thing that we did was to invoke CCMP (Cyber Crisis Management Plan) which had details about the steps that needs to be followed during a cyber crisis along with stakeholders to be informed. The first action we did was to isolate the system from the network so as to contain the risk and then initiated IR procedure to remediate the risk.
If you are an Enterprise Leader and would like to join our CXO Junction City Chapter Groups, register yourself here: