1 00:00:00,000 --> 00:00:02,400 Rashmi Ramesh: Hi there! I'm Rashmi Ramesh from Information 2 00:00:02,400 --> 00:00:06,210 Security Media Group. Today, we're speaking with Subhajit 3 00:00:06,630 --> 00:00:12,300 Deb, who is a cybersecurity and data privacy leader with two 4 00:00:12,300 --> 00:00:16,140 decades of experience in creating, leading and managing 5 00:00:16,320 --> 00:00:20,070 global information security, business continuity, risk 6 00:00:20,070 --> 00:00:23,700 management and data privacy programs. He has worked in the 7 00:00:23,700 --> 00:00:27,030 pharma industry for eight years and is now the CISO of 8 00:00:27,060 --> 00:00:31,290 immigration consultancy, Envoy Global. Thank you for joining us 9 00:00:31,290 --> 00:00:33,780 in this Profiles in Leadership conversations, Subhajit. 10 00:00:34,470 --> 00:00:36,780 Subhajit Deb: Thank you very much, Rashmi. It's a pleasure to 11 00:00:36,780 --> 00:00:41,940 be here today. CyberEdBoard has been a community we all look 12 00:00:41,940 --> 00:00:44,550 forward to, you know. I'm glad to be a part of it. Thank you so 13 00:00:44,550 --> 00:00:45,570 much, again, for having me here. 14 00:00:46,050 --> 00:00:48,210 Rashmi Ramesh: Thank you. So tell us, you come from a 15 00:00:48,210 --> 00:00:52,440 technical, non-technical background. But you have been 16 00:00:52,470 --> 00:00:56,820 excelling in your profession of choice. Walk us through how that 17 00:00:56,820 --> 00:01:00,660 happened, and what you'd like to tell the folks still on the 18 00:01:00,660 --> 00:01:03,600 fence about picking cybersecurity as a profession? 19 00:01:04,709 --> 00:01:07,169 Subhajit Deb: I think that's an interesting question. You know, 20 00:01:07,469 --> 00:01:10,319 there is this time when I used to really dread walking into 21 00:01:10,319 --> 00:01:13,109 every interview because I knew that this would be the most 22 00:01:13,109 --> 00:01:16,139 evident question. I started off as a, you know, pretty much 23 00:01:16,139 --> 00:01:19,499 non-technical profession. I used to work in a hospitality 24 00:01:19,499 --> 00:01:22,229 industry, then moved over to one of the largest logistics 25 00:01:22,229 --> 00:01:25,619 provider of the world. And, you know, as luck would have it, 26 00:01:26,279 --> 00:01:29,729 there are accidents in your life that changes the course of your 27 00:01:29,729 --> 00:01:32,579 destiny, right? And I think, you know, there has been a couple of 28 00:01:32,579 --> 00:01:35,669 accidents in my life as well that has steered me toward the 29 00:01:35,669 --> 00:01:38,759 career of cybersecurity. And I'm very glad that it happened. When 30 00:01:38,759 --> 00:01:42,539 I look back, I cannot think myself doing anything else other 31 00:01:42,539 --> 00:01:44,429 than what I do today. So absolutely happy that those 32 00:01:44,429 --> 00:01:47,729 accidents have happened. So, you know, I used to work with FedEx, 33 00:01:47,729 --> 00:01:51,509 and then, due to the economic pressure, the company folded 34 00:01:51,509 --> 00:01:53,699 their operations in India went back to the U.S. And I walked 35 00:01:53,699 --> 00:01:57,239 into an interview in one of the largest hardware or computer 36 00:01:57,269 --> 00:02:00,269 manufacturers. I walked in for customer service, but I was 37 00:02:00,269 --> 00:02:02,939 taken into, you know, tech support role - accident number 38 00:02:02,939 --> 00:02:05,999 1. I'm very glad that happened. And that was my first brush with 39 00:02:05,999 --> 00:02:09,539 technology. It hasn't been an easy journey as such. You know, 40 00:02:09,539 --> 00:02:11,939 when my colleagues finished their shift and went back home, 41 00:02:12,029 --> 00:02:15,389 I used to head back to the labs, tearing down a chassis, you 42 00:02:15,389 --> 00:02:17,639 know, looking at a heatsink processor, motherboard, power 43 00:02:17,639 --> 00:02:20,909 supply, memory cards, and trying to dismantle it, put it back 44 00:02:20,909 --> 00:02:24,839 together and, and so on and so forth. Back in 2007, is when I 45 00:02:24,839 --> 00:02:27,839 used to work with one of the largest U.S. banks. I got a 46 00:02:27,839 --> 00:02:30,809 chance to lead a couple of processes for information 47 00:02:30,809 --> 00:02:34,079 security, you know, it was being moved from U.S. to India, and 48 00:02:34,169 --> 00:02:37,259 somebody had a lot of faith in my ability, and I did not have 49 00:02:37,259 --> 00:02:39,599 it. And I'm very glad that, you know, the leaders of that time 50 00:02:39,599 --> 00:02:41,939 had that trait, and they really pushed me into cybersecurity. 51 00:02:42,089 --> 00:02:44,309 And like I said, I'm very glad that it happened. And since then 52 00:02:44,309 --> 00:02:48,599 onward, there is not even a single day in my life where work 53 00:02:48,599 --> 00:02:52,019 was drudgery. It was sheer fun, a lot of learning. I absolutely 54 00:02:52,349 --> 00:02:55,559 love what I do today, what I do it for, what I do it with. And 55 00:02:55,559 --> 00:02:58,169 there couldn't be anywhere else better than I want it to be, 56 00:02:58,229 --> 00:03:02,819 yeah. I think cybersecurity is a very enriching, very exciting, 57 00:03:03,209 --> 00:03:07,319 you know, career. People who want to aspire to be into the 58 00:03:07,319 --> 00:03:11,129 cybersecurity profession, I would say, you know, jump into 59 00:03:11,129 --> 00:03:14,099 it right away. If there is something that you want to do, 60 00:03:14,099 --> 00:03:16,289 where there is a lot of learning every day, there's a lot of 61 00:03:16,289 --> 00:03:18,689 excitement, there is a lot of fulfillment, there is a lot of 62 00:03:19,739 --> 00:03:22,739 sense of satisfaction that what you do is material and creates 63 00:03:22,739 --> 00:03:25,469 value not only for the organization you're working for, 64 00:03:25,469 --> 00:03:28,109 but also for the larger ecosystem and the community, 65 00:03:28,229 --> 00:03:30,689 this is going to be it. There is no other better profession that 66 00:03:30,689 --> 00:03:31,439 I can think of. 67 00:03:32,220 --> 00:03:34,890 Rashmi Ramesh: That was very well put. So, you worked in 68 00:03:34,890 --> 00:03:39,210 pharma quite a bit - a sector that has recently embraced 69 00:03:39,210 --> 00:03:42,630 change with respect to digital transformation. So, how did you 70 00:03:42,630 --> 00:03:44,610 maneuver the challenges that you faced? 71 00:03:45,270 --> 00:03:46,980 Subhajit Deb: I think pharma is a different ballgame altogether. 72 00:03:46,980 --> 00:03:50,010 All manufacturing industry as such, because there is two 73 00:03:50,040 --> 00:03:53,160 distinct environments - one is your typical IT environment, you 74 00:03:53,160 --> 00:03:55,170 know, end-user computing environment, people coming in 75 00:03:55,170 --> 00:03:58,050 with normal desktops, laptops and so on. And then there is 76 00:03:58,050 --> 00:04:01,080 this OT - the operational technology - the ethos is very 77 00:04:01,080 --> 00:04:03,960 different in OT. The focus is really on safety and integrity, 78 00:04:03,960 --> 00:04:07,980 not just as confidentiality and availability as such. So, you 79 00:04:07,980 --> 00:04:10,920 need a lot of ingenuity; you need a lot of creativity to do 80 00:04:10,920 --> 00:04:13,800 cybersecurity in those OT systems and machines. And each 81 00:04:13,800 --> 00:04:17,010 of these are like 30-40 crores worth of machines, equipments 82 00:04:17,010 --> 00:04:21,450 connected to the manufacturing lines. Anything goes wrong, your 83 00:04:21,450 --> 00:04:23,850 entire plant, your entire manufacturing comes to a 84 00:04:23,850 --> 00:04:26,400 standstill, you know, and that directly hits your top line of 85 00:04:26,400 --> 00:04:29,250 the company. So, cybersecurity in an OT space, especially in 86 00:04:29,250 --> 00:04:32,310 the pharma and manufacturing sector, needs to be very well 87 00:04:32,310 --> 00:04:34,950 thought through and that was an exciting challenge that I, you 88 00:04:34,950 --> 00:04:39,450 know, took up when I joined this company back in 2017. Five and a 89 00:04:39,450 --> 00:04:43,560 half years, very exciting journey. With the pandemic as 90 00:04:43,560 --> 00:04:46,830 well, the entire wellness and pharma sector has evolved a lot. 91 00:04:46,830 --> 00:04:49,770 There was this lot of proliferation of omnichannel, 92 00:04:50,220 --> 00:04:54,090 you know, ways by which a company reaches out to a patient 93 00:04:54,090 --> 00:04:56,820 or to a consumer. There are not just medicines, but there are 94 00:04:56,850 --> 00:04:59,370 health-associated services, there are mental wellness and 95 00:04:59,370 --> 00:05:02,280 physical wellness, means and establishments. Essentially, 96 00:05:02,340 --> 00:05:05,220 when you deal with so much of data, when you directly interact 97 00:05:05,220 --> 00:05:08,040 with the customers, the prerogative of security changes, 98 00:05:08,100 --> 00:05:10,890 you know, significantly. And hence you need to bring in the 99 00:05:10,920 --> 00:05:14,250 element of what is the most material risk the company 100 00:05:14,250 --> 00:05:16,920 experiences and then taking a look at them and fixing it as 101 00:05:16,920 --> 00:05:20,370 you go along. There is no one-size-fits-all approach, and 102 00:05:20,370 --> 00:05:22,860 hence, it is important to understand, what is your unique 103 00:05:22,860 --> 00:05:25,320 risk appetite? What is the landscape that you're operating? 104 00:05:25,470 --> 00:05:28,620 What are those geographical nuances that you need to keep in 105 00:05:28,620 --> 00:05:31,050 mind when you do a cybersecurity for our business, which is 106 00:05:31,080 --> 00:05:34,020 spread across multiple different geographies and then create a 107 00:05:34,020 --> 00:05:36,870 consistent integrative framework, which doesn't tax you 108 00:05:36,870 --> 00:05:39,630 too much, yet helps you to do a reasonable and a baseline 109 00:05:39,630 --> 00:05:40,170 security. 110 00:05:41,320 --> 00:05:43,930 Rashmi Ramesh: And your work experience is not limited to 111 00:05:43,930 --> 00:05:47,800 just pharma, it's actually quite varied. So I'm sure the risk 112 00:05:47,830 --> 00:05:51,550 varies with each sector. But what are some common threats 113 00:05:51,550 --> 00:05:52,300 that you've seen? 114 00:05:52,870 --> 00:05:54,700 Subhajit Deb: I think I am fortunate to be able to work in 115 00:05:54,700 --> 00:05:57,430 the financial services sector, in the insurance sector, in the 116 00:05:57,430 --> 00:06:00,580 manufacturing, and now in technical and legal, which is 117 00:06:00,610 --> 00:06:04,240 mostly an immigration business. I think one constant theme that 118 00:06:04,240 --> 00:06:08,920 I have seen, you know, in across all the sectors is the 119 00:06:08,950 --> 00:06:12,700 importance of saving data, which is, more specifically, the 120 00:06:12,700 --> 00:06:15,340 personal information or the PII or the sensitive personal 121 00:06:15,340 --> 00:06:18,340 information. And one reason why it is mostly prevalent is 122 00:06:18,340 --> 00:06:21,400 because the shelf life of a personal information of an 123 00:06:21,400 --> 00:06:25,360 individual is rather long, you know. Somebody can steal an 124 00:06:25,360 --> 00:06:28,300 intellectual property, but the moment it is disclosed, the 125 00:06:28,300 --> 00:06:31,030 value of the intellectual property, you know, diminishes 126 00:06:31,030 --> 00:06:33,160 significantly. But if you look at personal information, we 127 00:06:33,160 --> 00:06:36,280 seldom change that out. And hence, I have seen, there is an 128 00:06:36,280 --> 00:06:39,340 increasing spike in how attackers or the bad actors are 129 00:06:39,340 --> 00:06:42,190 increasingly targeting toward personal information. And 130 00:06:42,190 --> 00:06:45,190 companies like marketing, pharma, healthcare, immigration, 131 00:06:45,280 --> 00:06:47,440 essentially our business is all about dealing with personal 132 00:06:47,440 --> 00:06:50,470 information of individuals and hence, you know, they are very 133 00:06:50,470 --> 00:06:54,010 highly targeted. And once this information is accessed by the 134 00:06:54,010 --> 00:06:57,610 bad actors, they have the ability to slice and dice it, 135 00:06:57,610 --> 00:07:00,520 you know, reuse it over and over again. How many times did we 136 00:07:00,520 --> 00:07:02,980 change our social security number, Aadhaar card or PAN card 137 00:07:02,980 --> 00:07:05,920 numbers? Seldom, right? And hence, this is the constant 138 00:07:05,920 --> 00:07:09,190 theme that I've seen across all the industry. Personal data has 139 00:07:09,190 --> 00:07:12,280 really become the crown jewel, not only for the defenders, but 140 00:07:12,280 --> 00:07:13,450 also for the attackers. 141 00:07:14,650 --> 00:07:17,110 Rashmi Ramesh: And speaking of data protection, you've played 142 00:07:17,110 --> 00:07:20,680 the dual role of a data protection officer and a CISO. 143 00:07:20,920 --> 00:07:24,460 And you've previously, and you have previously spoken to us 144 00:07:24,460 --> 00:07:28,840 about the benefits of having an integrated compliance model or 145 00:07:28,840 --> 00:07:31,570 risk management. Tell us more. 146 00:07:32,650 --> 00:07:34,990 Subhajit Deb: See, I'm very passionate about privacy as a 147 00:07:34,990 --> 00:07:38,080 concept, you know. This concept is little native in India, 148 00:07:38,110 --> 00:07:41,560 because of the culture we have, we are in we are, you know, very 149 00:07:41,560 --> 00:07:44,560 open, warm and embracing. And hence, it is absolutely okay to 150 00:07:44,560 --> 00:07:47,230 ask somebody about who all do they have in their family, where 151 00:07:47,230 --> 00:07:49,300 do they work, and what kind of salary do they draw, and so on 152 00:07:49,300 --> 00:07:51,340 and so forth. But if we look at other countries, other 153 00:07:51,340 --> 00:07:53,770 geographies, privacy is something that we tell, you 154 00:07:53,770 --> 00:07:56,320 know, with a lot of sincerity and a lot of honesty, and I 155 00:07:56,320 --> 00:08:00,550 think it is about time when we have become a digital citizen, 156 00:08:00,550 --> 00:08:04,030 so to speak, even in India, and if you just not us, but our 157 00:08:04,060 --> 00:08:06,940 family members, our children, our, you know, parents, our 158 00:08:06,940 --> 00:08:10,000 grandparents are also on social media, using an internet-enabled 159 00:08:10,030 --> 00:08:13,930 device. I think privacy becomes very important. From that 160 00:08:14,020 --> 00:08:17,320 passion of, you know, privacy, I took up this role of a data 161 00:08:17,320 --> 00:08:19,840 privacy officer as well, although privacy and data 162 00:08:19,840 --> 00:08:22,960 protection and information security do converge at one 163 00:08:22,960 --> 00:08:25,810 common time. But privacy is really overarching, there are a 164 00:08:25,810 --> 00:08:28,270 lot of aspects of legal, there are a lot of aspects of 165 00:08:28,270 --> 00:08:30,820 compliance, which needs to be factored in. And it's a fine 166 00:08:30,820 --> 00:08:33,670 balance to sort of maintain. It has been an exciting journey. 167 00:08:33,880 --> 00:08:39,640 And in my experience, the reason why defenders sort of, you know, 168 00:08:40,270 --> 00:08:43,030 always have to catch up with the bad guys is because we do 169 00:08:43,030 --> 00:08:45,700 everything in a silo. And if you look at the assurance functions 170 00:08:45,700 --> 00:08:49,540 in any organization, security, privacy, legal, compliance, risk 171 00:08:49,540 --> 00:08:52,090 management, everyone pretty much operates in their own space 172 00:08:52,090 --> 00:08:55,420 without interacting too much with each other. And hence, you 173 00:08:55,420 --> 00:08:57,730 know, we picked up this project, we said, let's integrate 174 00:08:57,730 --> 00:09:00,250 everything. And we created an integrated compliance model 175 00:09:00,250 --> 00:09:02,530 where all the assurance functions comes in together, 176 00:09:02,560 --> 00:09:04,990 starts putting the common language and starts looking at 177 00:09:04,990 --> 00:09:08,380 the risks that are overlapping across multiple risk domains and 178 00:09:08,380 --> 00:09:11,350 then holistically look at managing them. It bought a world 179 00:09:11,350 --> 00:09:13,540 of difference in the way we were doing risk management back then. 180 00:09:14,440 --> 00:09:16,930 Rashmi Ramesh: Right. And the cost-benefit balance is 181 00:09:16,930 --> 00:09:20,650 something that every CISO looks for to get all of this done, 182 00:09:20,920 --> 00:09:24,040 especially because they always have to convince their boards 183 00:09:24,040 --> 00:09:27,640 that they need the money for cybersecurity. So what's your 184 00:09:27,640 --> 00:09:31,390 approach to being frugal and managing cyber risk well? 185 00:09:32,380 --> 00:09:34,480 Subhajit Deb: I think this is an interesting question, because, 186 00:09:34,810 --> 00:09:38,320 you know, we operate in the world. Look at what the state of 187 00:09:38,320 --> 00:09:41,320 affairs in U.S. is, you know, all-time high inflation. They 188 00:09:41,320 --> 00:09:44,470 have not seen that in last two decades. The cost of goods sold 189 00:09:44,650 --> 00:09:48,220 is very high, the wage has gone up, and all of that has an 190 00:09:48,220 --> 00:09:50,620 impact on the budget as well. And there has never been a 191 00:09:50,620 --> 00:09:54,790 situation where you know, CISOs would have a deep pocket to go 192 00:09:54,790 --> 00:09:56,980 and do everything they want to do. I think that's an advantage 193 00:09:56,980 --> 00:09:59,920 because it helps us to drive innovation. It helps us to think 194 00:09:59,920 --> 00:10:02,560 out of the box. It helps us to look at what do we need to 195 00:10:02,560 --> 00:10:05,170 install? Does it have a primary use? Does it have a secondary 196 00:10:05,170 --> 00:10:07,600 usage and a tertiary usage as well? It brings in a lot of 197 00:10:07,600 --> 00:10:10,780 creativity, a lot of ingenuity at work in at large. I think the 198 00:10:10,780 --> 00:10:13,900 way to convince the board is purely by numbers and risks. And 199 00:10:13,900 --> 00:10:17,170 I think that is an improvement. For each one of us, I have had 200 00:10:17,170 --> 00:10:20,590 my share of failures, when I walked up to a board and spoke 201 00:10:20,590 --> 00:10:24,010 everything technical, and I came back, you know, with $0 in my 202 00:10:24,010 --> 00:10:26,440 hand. And I've learned from there on. I have started 203 00:10:26,440 --> 00:10:29,140 learning how to translate a technical risk into a business 204 00:10:29,140 --> 00:10:32,740 risk that is what the board would understand. I typically go 205 00:10:32,740 --> 00:10:35,320 with a lot of matrix with the dollar value associated with the 206 00:10:35,320 --> 00:10:37,930 risk of, you know, business risks that can translate into a 207 00:10:37,930 --> 00:10:41,500 technology risk. I show them the outside-in perspective of what's 208 00:10:41,500 --> 00:10:43,690 happening in the external landscape, what's happening to a 209 00:10:43,690 --> 00:10:46,660 peer company, or to another institution, similar to the 210 00:10:46,660 --> 00:10:49,480 business of ours. And I also come back and show them the 211 00:10:49,510 --> 00:10:53,230 inside-out perspective that if this incident were to happen to 212 00:10:53,260 --> 00:10:56,110 us, what is the maximum potential for loss we're looking 213 00:10:56,110 --> 00:10:58,510 at, and then you know, it's always an exercise of 214 00:10:58,510 --> 00:11:02,230 prioritization. Pareto is my favorite principle where we look 215 00:11:02,230 --> 00:11:05,170 at the top 20% of the risks that are material to us, take a look 216 00:11:05,170 --> 00:11:08,440 at them, fix it, and then go back to and look at the rest 20% 217 00:11:08,470 --> 00:11:11,200 of it. I think it's always a balanced game. But with the 218 00:11:11,200 --> 00:11:13,840 right kind of negotiation skills, with the right kind of 219 00:11:13,840 --> 00:11:16,300 matrix, right kind of data, you can pretty much convince 220 00:11:16,300 --> 00:11:19,330 anybody. And if you're convinced that it needs to be fixed, you 221 00:11:19,330 --> 00:11:20,560 will get it fixed no matter how. 222 00:11:21,880 --> 00:11:25,510 Rashmi Ramesh: That's very interesting. And when we last 223 00:11:25,510 --> 00:11:30,970 spoke, you mentioned that there was a gap between academia and 224 00:11:30,970 --> 00:11:35,410 the application of innovation in cybersecurity. Why does this 225 00:11:35,410 --> 00:11:38,380 gap exist? And how do we close it? 226 00:11:39,280 --> 00:11:41,110 Subhajit Deb: I think there are two different aspects to it, 227 00:11:41,110 --> 00:11:44,950 right? We all do innovation at work, you know. You have 228 00:11:45,400 --> 00:11:48,550 shortage of man-power, you innovate. You have a tool that 229 00:11:48,550 --> 00:11:51,010 you need that you don't have, you innovate. You have a new 230 00:11:51,010 --> 00:11:53,500 attack coming up, you have no clue how to fix it, you 231 00:11:53,500 --> 00:11:56,260 innovate. I think innovation is rampant. But what is what 232 00:11:56,260 --> 00:12:00,820 happens is, there is a lack of a platform where innovations can 233 00:12:00,820 --> 00:12:04,270 be nurtured where innovation pipeline can be created. And 234 00:12:04,270 --> 00:12:07,450 most importantly, the value quantification or the value 235 00:12:07,450 --> 00:12:10,840 realization of an innovation is something which is done in a 236 00:12:10,840 --> 00:12:13,600 siloed fashion. So a lot of, you know, if you look at academia, a 237 00:12:13,630 --> 00:12:17,050 lot of these excellent theoretical work, white papers, 238 00:12:17,110 --> 00:12:20,770 research papers gets published. Some of those do translate into 239 00:12:20,770 --> 00:12:23,500 a product, but then, none of these actually gets 240 00:12:23,530 --> 00:12:26,860 operationalized. So, you know, folks who are at an operational 241 00:12:26,860 --> 00:12:31,030 realm does innovation in a very different way than the academia, 242 00:12:31,060 --> 00:12:34,420 who does innovation in a very different way. So there are new, 243 00:12:34,450 --> 00:12:37,060 novel, niche products that are coming out of the market, but 244 00:12:37,060 --> 00:12:40,870 then operationally, the ability who is closer to the ground, you 245 00:12:40,870 --> 00:12:43,540 know, it's the CISOs, who are looking at cyberattacks every 246 00:12:43,540 --> 00:12:46,990 day, managing these, the cybersecurity program every day. 247 00:12:47,320 --> 00:12:51,220 If there is an adjacency, to academia, you know, private 248 00:12:51,220 --> 00:12:53,860 companies and the CISOs, who are on the ground, and if there is a 249 00:12:53,860 --> 00:12:57,220 collaboration, I believe, that would provide the ideal ground 250 00:12:57,220 --> 00:13:01,090 to foster innovation. Innovation is only great when it is 251 00:13:01,180 --> 00:13:04,720 promulgated, when it is, you know, spread across when 252 00:13:04,810 --> 00:13:07,660 everybody else are able to draw the benefit out of it. What good 253 00:13:07,660 --> 00:13:10,480 is an innovation that only helps me and not to the ecosystem or 254 00:13:10,480 --> 00:13:13,300 to the community? I think that is what the gap is. And that's 255 00:13:13,300 --> 00:13:14,650 what we need to bridge collectively. 256 00:13:15,250 --> 00:13:16,990 Rashmi Ramesh: I hope the right people are listening to that. 257 00:13:17,560 --> 00:13:22,210 And Subhajit, we've spoken for just a few minutes now. And I 258 00:13:22,210 --> 00:13:25,120 see that you have so much passion for the work that you 259 00:13:25,120 --> 00:13:26,740 do. What's your secret? 260 00:13:27,790 --> 00:13:29,980 Subhajit Deb: I think I'm convinced that what we do for 261 00:13:29,980 --> 00:13:34,390 cybersecurity is material, you know, it has a lot of value. We 262 00:13:34,390 --> 00:13:38,020 create value every day, it might seem like a mundane set of 263 00:13:38,020 --> 00:13:42,100 chores that we come and do every day. But I am absolutely 264 00:13:42,520 --> 00:13:46,600 convinced that we do bring in a significant amount of change in 265 00:13:46,600 --> 00:13:48,790 the way we look at technology, we harness the power of 266 00:13:48,790 --> 00:13:52,570 technology for good, not only help protect the organization, 267 00:13:52,570 --> 00:13:55,480 but also the customers, the shareholders, the stakeholders, 268 00:13:55,930 --> 00:13:58,540 the business partners, everybody in the ecosystem has a role to 269 00:13:58,540 --> 00:14:01,300 play. And I'm very convinced that what we do is material. And 270 00:14:01,300 --> 00:14:04,660 I think, you know, this is a passion that fuels us. Job is 271 00:14:04,660 --> 00:14:07,240 not just a job but rather it's a mission. And you know, we're 272 00:14:07,240 --> 00:14:09,250 very happy to fulfill this mission on our own. 273 00:14:10,180 --> 00:14:12,430 Rashmi Ramesh: And how does a forum like CyberEdBoard help the 274 00:14:12,430 --> 00:14:13,570 community do that? 275 00:14:14,560 --> 00:14:18,190 Subhajit Deb: Immense. One gap that we have always seen in the 276 00:14:18,190 --> 00:14:21,340 industry is a lack of a consortium where practitioners 277 00:14:21,340 --> 00:14:25,750 can come in exchange ideas, share best practices, learn from 278 00:14:25,750 --> 00:14:29,620 each other. There are unofficial forums on WhatsApp. But then it 279 00:14:29,620 --> 00:14:33,790 is only an unofficial forum, right? CyberEdBoard is a forum 280 00:14:33,790 --> 00:14:36,550 where you see people from different walks of life, 281 00:14:36,550 --> 00:14:38,560 different industries, different set of challenges, different 282 00:14:38,560 --> 00:14:40,690 mindsets. Everybody is different, every risk is 283 00:14:40,690 --> 00:14:43,540 different. The way we look at risk is very different. And when 284 00:14:43,540 --> 00:14:46,120 we come in together and collectively brainstorm, put our 285 00:14:46,120 --> 00:14:49,330 thoughts together, and share and exchange our best practices, 286 00:14:49,510 --> 00:14:52,930 there is nothing better than that. You know, I always say 287 00:14:52,930 --> 00:14:55,270 that the attackers are a lot more organized than the 288 00:14:55,270 --> 00:14:58,090 defenders are and with the help of CyberEdBoard, we will make 289 00:14:58,090 --> 00:14:59,350 that game change for good. 290 00:15:00,310 --> 00:15:02,200 Rashmi Ramesh: Well, thanks so much for sharing your journey 291 00:15:02,200 --> 00:15:05,860 and for offering some really valuable advice to your peers 292 00:15:05,890 --> 00:15:09,610 and new entrants to the cybersecurity industry. I'm 293 00:15:09,610 --> 00:15:14,590 Rashmi Ramesh speaking with Subhajit Deb for the Profiles in 294 00:15:14,590 --> 00:15:17,410 Leadership series for Information Security Media 295 00:15:17,410 --> 00:15:19,330 Group. Thank you for joining.