K.K. Mookhey on CISO ChallengesIndian Cybersecurity Pioneer Sizes Up the Indian Threat Landscape
While CISOs in India are fighting off threats from technologically adept cyberattackers, they are also grappling with the challenge of effectively communicating cyber risk to management in the business and financial terms that they can understand, says K.K. Mookhey, founder and principal consultant at Mumbai-based NII consulting.
Some Indian CISOs focus on a checkpoint approach - policing their organizations and making sure everyone follows the right security procedures. Others take the more passive, compliance-driven approach - with a goal of passing audit checklists. "These are two extremes and CISOs need to be in the middle," Mookhey says in an interview with Information Security Media Group (see: Panel of Experts Describes Steps to Secure Aadhaar Data).
"Some situations require you to put your foot down, while some situations require you to be amenable to what the business wants to do, as long as they are making a risk-aware call. Achieving this balance is very difficult - it's almost like being a negotiator, every day of your life. It's not an easy hat to don."
In this exclusive interview (see audio link below image), Mookhey offers insights on the challenges faced by Indian security practitioners. He discusses:
- The pros and cons of the MSSP model;
- Real-world security war stories from the trenches;
- Recommendations for security practitioners.
Mookhey, founder and principal consultant of NII Consulting, is one of the pioneers of cybersecurity in India. Having begun his firm as a one-man show in 2001, it has now grown to a team of over 400 consultants with operations in New York, Dubai, and Mumbai. He is well-versed with the security challenges of various industry verticals, and also with international standards and frameworks, such as ISO 27001, PCI DSS, COBIT and HIPAA. He has authored two books and written numerous articles on information security. He was the first security researcher from India to present at BlackHat.