“Security is no longer an afterthought agenda in organisations”

Rachit Shukla

The Chief Information Security Officer function is expanding as the reach of digital business expands. Best-in-class cybersecurity leaders are laser- focused on safeguarding goals and business objectives. However, in order to be effective in their increasingly diverse position, they require a wide range of qualities and competencies. To understand how the role of CISOs is transforming toward business outcomes, Nidhi Shail Kujur of Elets News Network (ENN) interacted with Rachit Shukla, Chief Information Security Officer & Head- Information Security, Hippostores Technology Ltd.

There has been a significant uptick in the demand for cloud computing and security professionals. What are the skillsets requirements and how can they be built?

Off late, the entire landscape of security has evolved (rather than changed) over the last few years, and that was bound to happen. With the pace of the advent of newer technologies which are enabling businesses, there is a requirement to upskill at an even greater pace. Security had to stay in tune with the tech transformation we are witnessing. We are now looking beyond the skillsets which used to exist four-five years back. We now expect the security folks to know the controls and technologies in the cloud hosting platforms. We also intend that the professionals to have an understanding of DevOps and essentially the focus has become more on DevSecOps now. These are continual developments and shall only evolve with time.

What is your recommendation for mitigating the skill gap of security professionals in the industry?

While there is no better teacher than the experience itself, however, the gap in skill demand vis-à-vis the available skill sets available can be narrowed if cybersecurity becomes the mainstream discipline in professional colleges and universities. And for those currently in the security profession, there is no dearth of online educational platforms which are genuine learning powerhouses, however, one needs a commitment to upskill and develop themselves. Needless to say, without staying in tune with the current tech developments there is no way one can stay relevant in this field of profession.

How are next-gen techs like AI/ML impacting the cyber threat landscape?

It is not just AI and ML, it is the entire ecosystem that is changing. Cyber threat has a basic premise underlying doing what is right for the environment and threats that your organisation faces. There is no single bullet that shall get things right and safe for your organisation. It is of prime importance to understand the tech stack that the organisation is building, understand the business, understand the cyber risks and evaluate those to craft an overall security program (with necessary and suited security techs) to defend and protect your organisation from cyber-attacks.

Also Read | “CISOs with technical knowledge and focused security will be playing a more crucial role”

During the current landscape, how do you see security challenges that organisations are facing as they shift to a hybrid environment?

The most prominent challenge that I experience is when one becomes agnostic to the underlying security threats and risks to the organisation. No matter how sophisticated defensive technologies we invest and deploy, unless we know our risks- they are bound to become ineffective. The current development of venturing into hybrid environments has not happened just like that and it was bound to happen, given the convenience, operational costs and deployment ease they offer. The fundamental and underlying secret to managing cyber risk has not changed- that is to fiX your basics and fiX your risks. Security and Business (or for that matter Tech) cannot work in Silos.

How do you see the role of CISOs transforming toward business outcomes?

Certainly, it has transformed for good. Organisations (irrespective of the sectors) have started recognising the need for Security to be an integral part of their organisational fabric. Security is now seeing its right places in the organisational hierarchies. Security is no longer an afterthought agenda in organisations and they are continually evolving. However, the importance of CISO becoming a business partner and enabler has become more prominent now. CISOs are expected (and must) to wear the hat of the partners in growth by enabling the core business. It is of paramount importance that today’s CISO speaks the language of business and helps wider management and board understand their security risks thereby enabling them to take informed and risk- conscious decisions.