Can you describe your current role, and what responsibilities do you undertake?
I am currently holding multiple roles at Encora in IT, including IT operations and infrastructure for the India and APJ region, which covers 4,500+ users and 9 offices. Additionally, I am responsible for Encora Security & Governance and play a key role in architecting security alongside our CXOs.
How will you describe your journey in the cybersecurity Industry?
Immensely adventurous! My journey and objective to secure the organization are in sync with digital transformation goals. The integration of transformation with security objectives has yielded the desired results and reduced cybersecurity risks. While working in various sectors, including finance, KPO, education, manufacturing, government, and software services, I have unlocked the potential of transformation and processes. This has made IT a true enabler.
If you could make one recommendation to the next generation of cybersecurity leaders, what would it be?
In current times, technology change is happening quite fast and has been overwhelming IT. The most important aspect is a thoughtful decision rather than FOMO . Cyber Security leaders must think and question objective of implementation to seek effective way of doing it. The approach must be to align with business objective and to blend in security culture. A close coordination with stakeholders will help in enforcing required security objectives.
How do you stay updated with the latest current in cyber security threats and technologies?
I closely monitor trends and consume news feeds. Even small news items can have a significant impact and may lead to a review of the security landscape. Reading and participating in discussions helps align my thoughts and provides different perspectives on various matters.
Can you discuss a time when you had to handle a security incident, and what steps you took to resolve it?
Numerous events occur every day, and most of them are triggered by a cautious and automated business case. In one small yet critical event, a phishing attempt was made to change the vendor’s bank account. The investigation required some forensics and connecting the dots over a period of time. Reading the logs was straightforward, but creating a timeline of events was challenging when the logs were in different time zones. Fortunately, we had started our Zero Trust journey, and this event led to a rapid implementation.