“Walk with people, and you will find them walking with you.” – says Deval Mazmudar, Consulting CISO at a Leading Co-operative Bank.

#cxoaspect – A series of interviews with CXOs to learn and understand diverse aspects related to their leadership and handling of multiple roles/responsibilities. This time, we are pleased to know about the journey of Deval Mazmudar. He has contributed towards cybersecurity and has set a remarkable working style. We are pleased to know his thoughts on a few set of questions.

1. How will you describe your journey in the cybersecurity Industry?

When I now look back, it actually began in the last century when I was an IT and Network Administrator managing Servers, Routers, Firewalls and Communication devices, while with IndusInd Bank. The tasks that I handled probably laid the foundation for the managing the organizational assets in a restricted and secured manner. Later in around 2007, when as an organisation decided to pursue adoption and implementation of Information Security in a formal and recognisable manner, we started our journey to get ready for ISO27001 ISMS certification. The journey really helped me as well as the organisation to establish several processes and procedures that would help us a long way down the line. In 2011, RBI – the Regulator released the Gopalakrishna Committee recommendations for Banks and I believe that was a key turning point for the Banks in India to start reviewing and strengthening their posture around Information Security, Audits and Risk Management.

The report was quite comprehensive and elaborate, and it took several years for many organizations including mine, to reach comfortable compliance levels in some of the areas. Then comes 2016, when RBI issued Cyber Security Framework, and this was yet another task that lasted for a few years to reach a reasonable level of compliance. The important point to note here is that I never looked at the Compliance guidelines and requirements as merely checklists to comply. I considered these as the baseline, hygiene that we need to create and maintain in the organization to attain a sustainable Cybersecurity posture. In the journey, I probably was ahead in several of the controls and technologies that was already implemented in the organization, while there were few that we could begin working on thanks to the formal guidelines. It was a journey from very basic security controls, to building resiliency in the organization to manage cyber attacks, was a long, enriching and fulfilling a technocrat’s job expectations.

2. Can you describe your current role, and what responsibilities do you undertake?

Currently as a Consulting CISO with a leading Cooperative Bank, my role involves apprising the Top Management and the Board/IT sub-committee of the Board about the risk posture and initiatives. Assessing current and emerging threats to Banking sector, and Bank’s preparedness against the same. Review and recommend optimising SOC and other Security tools. Review and Recommend Cybersecurity related solution to address newer threats. Assess new Products, Partners and Projects from Cybersecurity and Regulatory Compliance perspectives. Define and review Frameworks for Risk Assessment, Data Leak Prevention, Incident Response and Crisis Management. Formerly at IndusInd Bank Limited as the CISO, implemented information and cybersecurity processes and technologies for over a decade beginning from a very basic state of assurance to an advanced state that could earn certifications, meet compliance requirements and be resilient to cyber attacks.

3. How do you stay current with the latest security threats and technologies?

Securing an enterprise is a set of processes that uses collection of people and tools. One must be constantly aware of the innovations in technology that bring along new threats, newly discovered vulnerabilities in the existing products, learnings from incidents occurred elsewhere. To stay abreast with all of the above, I use multiple sources, e.g. Subscribe to emailers and newsletters, regularly visit reputed cybersecurity researchers’ sites, and the very useful WhatsApp and Linked In group posts (of course after own due-diligence).

For new technologies, there are several ways to stay informed like Webinars, Cybersecurity Media Sites, Conferences and direct interactions with the OEMs. Memberships of professional organisations also help keep receiving updates on a regular and timely basis.

4. If you could make one recommendation to the next generation of cybersecurity leaders, what would it be?

If it is one recommendation that I must give, it would be: “Walk with people, and you will find them walking with you.” CISO, or for that matter any security person or control is perceived as inconvenience. The policies, processes and restrictions imposed are often perceived as showstoppers. You need to change that perception, not by force but by conviction. Basically you need to work with them to understand their requirements and figure out ways to meet those with adequate security. In the process, make them realise that they too share the responsibility of safeguarding the organisation’s assets, and any open risks must finally be accepted and reported to the Top Management as part of good governance. Remember, it is very easy to say No to something that might not be in line with the defined policy, but your role is also to enable organisation to achieve what it wants, by exploring alternatives balancing the requirement and the compliance to the policy.

It is essentially people management, inter-personal relations, gradual culture change, that will help a CISO become a Mr(s). GoTo rather than a Mr(s). NoGo. A good indication of the successful cultural change in the organisation would be when people start walking up to you, seeking guidance and recommendations at various stages of their activities and projects, and not just for formal signoffs. And this would be the stage when you would have earned the Expert Power on your journey of true Leadership in the organisation.

Do you think, there’s a need to revamp your Cybersecurity knowledge? If yes, then we have an exciting opportunity for CXOs – ABC of Cybersecurity Webinars. To win bumper prizes such as CF Gold Membership, One Plus Phone and a Brand New Royal Enfield.

Join in each session! Registrations Open now.

If you are an Enterprise Leader and would like to join our CXO Junction City Chapter Groups, register yourself here: