“Information Security is an ever-evolving process” says, Suresh Vijayaraghavan, Chief Technology Officer, THG Publishing Pvt. Ltd.

CXO Aspect – A series of interviews with CXOs to learn and understand diverse aspects related to their leadership and handling of multiple roles/responsibilities. This time, we are pleased to know about the journey of Suresh Vijayaraghavan, CTO, THG Publishing Pvt. Ltd. He has contributed towards cybersecurity and has set a remarkable working style. We are pleased to know his thoughts on a few set of questions.

1. Can you describe your current role, and what responsibilities do you undertake?

I lead the Information Technology team and responsible for strategic, governance and operational aspects. Ensuring Business & IT alignment and identifying the required systemic competencies to support and enhance the existing critical success factors and identifying newer ones.

2. How will you describe your journey in the cybersecurity Industry?

I have been involved with information security right from BS7799 days. As the technology in the connected world evolved into Internet and cloud the importance of cybersecurity has also become more relevant. Having understood the importance of data security I got myself certified as the Lead Implementor in ISO 27001 and ISO 22301 standards that deals with security and continuity. I have helped numerous organizations with implementing best practice frameworks in ITSM and InfoSec domains and in several cases helped them towards getting certified as well. Now along with data security we also have to take care of data privacy as regulations related to this is becoming a normal.

3. If you could make one recommendation to the next generation of cybersecurity leaders, what would it be?

Secured way of doing things must be a systemic competency for any organization. Information security is something that is not setup once based on current needs. It is an ongoing continuous process that evolves along with the organization always taking into account the internal and external factors. Apart from taking care of the organisation’s security needs, we must also ensure that we do business with suppliers who have adopted best practices in this area. Regular awareness training both for general employees and also at leadership level to ensure a culture that is security aware.

4. How do you stay current with the latest security threats and technologies?

We must collaborate with organisations in our domain to share knowledge and best practices. Must enroll and become a member of cybersecurity professional associations and organizations through which we can have access to valuable resources and information. Subscribe to vendor updates and advisories related to security vulnerabilities. We must also make it a practice to attend to events and conferences that are related to cybersecurity.

5. Can you discuss a time when you had to handle a security incident, and what steps you took to resolve it?

This was an old incident around year 2000 when I was working in Singapore. We got infected with MINDA virus which made all office documents to zero bytes. Since we were part of the first set that got infected the AV signature was released later. We had to update the AV signature and scan and fix all windows workstations first and then restore the data from tape backups based on criticality. The entire restore operation took two days. However files that were stored in local disks and not backed up were lost. The lesson was how critical it is to create user awareness to store data in network folders that are backed up. In spite of having data backup infra few lost years of work as they did not make use of this.

If you are an Enterprise Leader and would like to join our CXO Junction City Chapter Groups, register yourself here: