With cyber threats gaining ground, business leaders across the board are increasing their investments in cyber resilience. Interestingly, some of the ground-breaking technologies that are powering consumer-facing applications can also help in securing organisations. This week, we caught up with Zeotap’s Guru Patnaik, Director of Information Security who also earned the CCISO (Certified Chief Information Security Officer) certification. In this interview, Patnaik gives a lowdown on the cybersecurity domain and emerging roles in this field. He also stresses how AI and automation can help secure data and why the C-suite should build a cyber-resilience strategy.
AIM: In this digital age, how has the role of security management evolved or become prominent?
Guru Patnaik: In my experience, of over a decade, the approach of “Security Management” has drastically evolved from: run antivirus software, don’t write your password on sticky notes, don’t click on suspicious links, to: personalised security controls, stringent threat analysis/management and regulatory enforcement. Security has definitely moved beyond IT. It’s become an enterprise-wide issue that needed addressing, and managing risk has become a “business priority”. Security teams have to come up with new tactics to fight against advanced threats.
AIM: What are the various positions that both large organisations and start-ups are recruiting for the role in management?
GP: Information/Cyber Security is one of the most sought after and incredibly attractive field due to the ever-changing threat scenario and evolving risk landscape. Some of the roles that are in demand, are – Security Analyst, Security Architect, Security Administrator, Security Consultants, Chief Security Officer etc. The objective should be to align the organizational risk portfolio to manage the security posture with skilled resources.
AIM: Tell us about your role as a CCSIO or a Certified Chief Information Security Officer?
GP: The role focuses on the application of information security management principles from an executive management point of view, justifying “good to have” and “need to have” as the principle approach. One of the key and interesting aspects of the role is anticipating new threats and actively working towards preventing them from occurring.
AIM: How can a certification in CCISO be done? What are the various aspects that the course covers?
GP: The Certified CISO (CCISO) programme is one of the most recognised security certification programs aimed at producing top-level information security executives. It also equips information security leaders with the most effective toolset to defend organizations from cyber threats such as cyber-attacks.
EC Council (CCISO Certification) has done a fabulous job in structuring a course that helps in connecting the dots, especially for a CISO to be able to function effectively.
The course covers techno-management domains like – Governance, Security Risk Management, Controls and Audit Management, Security Program Management & Operations, Information Security Core Concepts and Strategic Planning, Finance & Vendor Management.
AIM: What are the most effective toolset that equips information security leaders? What are the key skills they should pose?
GP: Predominantly, the role of a CISO is to address the emerging threats to information by developing and maintaining a tough information security strategy and action plan coalescing People, Process & Technology as the key components.
CISOs must have relevant experience (technical and process), strong leadership and communication skills and innovative strengths clubbed with broad business knowledge to resolve the ever-growing information security threat landscape.
AIM: Who should avail this certification?
GP: The CCISO program is for executives looking to hone their skills & learn to better align their information security programs to the goals of the organisation as well as aspiring CISOs. CCISO focuses on exposing middle managers to executive-level content as well as encouraging existing CISOs to continually improve their own processes & programs.
AIM: What are some of the other roles you see evolving in the tech space in the coming future?
GP: There is no organization left that has never encountered a hacking attack or a breach. Whether small or big, every organisation has encountered an incident at least once. With some of the recent attack techniques like – ransomware, re-authentication, cyber extorting to name a few, there is going to be a paradigm shift in skill set required to address such issues. Some of the roles that are going to evolve are – Dev-Sec-Ops, Defensive and Offensive security, Artificial Intelligence in security analysis and threat hunting