It is important to know about the life span of the technology you adopt and when is that technology going to die or see the sunset
When asked how he planned his career path to be a successful technology leader, Sanjeev Nadgir, Director – Information Security at yellow.ai, in an exclusive interview with CIO News said it has been about a decade in the information security industry. I am an Electronics Engineering graduate and had never planned to be a part of the Information Security industry. While I was exploring my career options, I landed in this industry without any plans. I cleared the interview for a start-up firm in Bombay and started working, my experience was very different as there was no one to provide me any training, my colleagues were always busy attending customers and meetings and working on plans to partner with different OEMs. With all this in my background, I realized that I cannot sit and wait and I have to hit the ground running for which I had to grab the devices around me and plug them into the console to understand how the devices work. When I understood a little theory about these devices, that is when I started exploring and I understood one basic idea: “If I want to be successful or go a long way, I need to have a hands-on approach to things”. This basic principle I had learned when I was a fresher and had no idea of what information technology (IT) or IT Security or Information Security is and I still carry the principle with me. This principle helps me understand the problems on the operational side of things because being in a leadership position I cannot make rules or policies that are neither operationally possible nor practical.
So, this is the way I planned my career path. I am still curious about the various breaches, new technologies, or the various ways in which things can be simplified. “Also, the other key to my success so far is simplifying things for people who are not directly associated with Information Security”.
When asked about challenges he faced in his career path and how he overcame them, he said, “I have seen that era where most on-prem setups died, including on-prem servers and data centers”. I had taken a six-month break from my professional career to pursue a post-graduate diploma course in IT security, where I was taught about how data centers are built and how things work. Around five years ago, we saw a lot of cloud-born companies, and companies that had on-prem servers migrating to the cloud, maybe public or private. So, this was a good challenge I faced in my career path, I would say.
But, even if the basic concepts remain similar, and the protocols are the same, how technology is deployed and the way of securing the fundamentals, parameters, and the internal security of the cloud needs a little challenging approach. So, this was an interesting challenge I faced to build an approach to secure the new age environment.
The other challenge I faced was not finding a mentor. I always wanted to make things happen because the demand was among us. I spent about half of my career in consulting where many other system integrators would be ready to grab the ball the moment you drop it. There was no time for us to even think that how we did not drop the ball. We were always interacting with different customers across different verticals, understanding their different needs, somewhere we had to just implement a new product or do a firewall review for BFSI organizations. So, through this journey, I never really found a mentor who would tell me what stage of my career I am in and where I need to go next, and neither did I have any certifications. So, I would say thanks to all these challenges which have shown good results in my career, and all the people associated with my journey thus far.
When asked about challenges faced by technology leaders in the today’s era while implementing digital technologies and how technology leaders can overcome the challenges faced, he said, “The last couple of years have seen a very crazy change in the way of working and the way the industry has grown”. Some companies did not put in a lot of hard and strict controls across their organizations, so while working remotely their employees would not have faced challenges such as the intranet being accessible only from the office network. Also, some organizations have very resource-intensive applications, so there is no way an employee from a remote area, where the network is bad would have seamlessly accessed these applications.
Yellow AI saw great growth because of the AI expertise and customer-focused offerings that the organization has and it became a necessity for every other organization to have some kind of automation and AI in their HR processes, and customer engagement, among others. It was very challenging to come up with an Information Security program that was agile, scalable, and seamless. The need for such security was yesterday and the delivery was to happen days ago in today’s world’s demands. So, looking at these challenges, an average mind would let the seamless security go for a toss. Especially when during the different phases of the lockdown, companies that were supposed to protect organizations, themselves got breached. So, at Yellow AI, we built a program that could be scaled to any extent needed. We started with ISO implementation focused on Privacy & Security related frameworks. The employee strength grew from 400 to 500 in a couple of months, but when the footprint increases, maintaining scalability is very important. If it is not well planned, it would be very easy for hackers to find the weakest link, the human firewall!
In addition, also it was very challenging to not be a victim of ransomware, making sure our Yellow Tribe (employees) do not click on the links that could help the attacker to hack the system. We had good user engagements, making people understand that Information Security is a mindset through memes, emails, workshops, and inductions. Changing mindsets is a task and you cannot do it unless you think from various perspectives.
So these kinds of challenges helped me build a model where different thoughts were included and the model would be readily accepted by everyone, easily.
When asked about best practices/trends/advice to other technology leaders for their successful professional journeys, he said, to keep things simple, but whenever you face a challenge, have the vision to understand how you landed that challenge or into that situation. To not face those challenges again, make an achievable roadmap. Adopt agile practices as it has been practiced in most organizations, even non-technology teams are adopting agile practices.
I learned from my wife about the four quadrants: “important and urgent, important and not urgent, not important but urgent, and not important and not urgent”. So, create a list in your technological journey for your organization and classify them on these quadrants and focus on them, based on what is the kind of importance and urgency they need.
From a bird’s eye view, I would give a few tips to have a vision board, you cannot achieve everything. You can only achieve a few things and accept them. Also, it is important to know about the life span of the technology you adopt and when is that technology going to die or see the sunset.
He highlighted, “One interesting thing I realized being a part of Yellow AI, given the global expanse and the reach of this organization, I had to change my approach to Information Security to accommodate global security & privacy needs”. Build a program that maps all controls and global standards around security & privacy, and approach them in a phased manner. I have learned that we could still achieve a lot because of the scalability and support from the organization. “Leadership support is very critical in Information Security”. It gives me great pride to say that my leadership checks in with me about the organization’s security posture and not the other traditional way around, where the CISO chases the leadership.
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics