Technology leaders should ensure that simple fundamental processes are in place, i.e., having complete inventories, data classifications, access Views, good logging, and monitoring
This is an exclusive interview conducted by the Editor Team of CIO News with Pooja Agrawalla, Head – Identity & Access Management (Cyber Security) at NXP Semiconductors
Pooja has led and strategized large enterprise solutions in cybersecurity and identity and access management (IAM). She has close to 20 years of experience in identity and cybersecurity, and she now leads IAM products and solutions at NXP.
Pooja is a noted speaker in multiple technology and cybersecurity forums. She is currently associated with the CSA (Cloud Security Alliance) Bangalore Chapter. Pooja also contributed as a writer in developing content for the IAM module in the GCISO Leadership Foundation certification. Pooja has been recognised as one of the Top 20 Indian Women Influencers in Security for 2020 by SecurityToday, InfosecGirls, and WISECRA. She was recently featured in “The Rise of the Cyber Women: Volume Two.”
Her cybersecurity experience is backed by certifications like CISSP (Certified Information Systems Security Professional) and CCSP (Certified Cloud Security Professional). She has completed the Design Thinking programme from Emeritus in collaboration with MIT, Columbia, Tuck, and MTech from BITS, Pilani. Additionally, she is pursuing a PhD from PES, Bangalore.
How did you plan your career path to be a successful technology leader?
Let us start with my background. From my childhood, I was determined and always had clarity in my thoughts about what I wanted. I am indebted forever to my parents for making me independent and self-decisive from the start. I am also a firm believer that I can never fail. I either succeed or I learn. Some of my early learning has come during initial hard times, like when my campus placement was cancelled due to the recession in 2001. I worked for small IT jobs that paid less than $100 a month in salary. Learning came from working double shifts for work and doing self-training. My first “good job” breakthrough came when I landed a job with an American multinational technology company as a mainframe software engineer.
The transition to cyber security was not planned, but rather happened by chance. The transition from a coder, who was writing COBOL and JCLs to IAM and web application was not easy. Reflecting on this transition, I consider it my second breakthrough.
My leadership journey started 8 years ago, when I stepped into a leadership role leading the IAM group for a financial company (non-US offices). By learning and adapting functional skills, I expanded my understanding to enterprise and business risks, business problems, and to strategy of connecting to the big picture view.
“Success lies just outside the area where comfort dwells.” I like the idea of getting comfortable with being uncomfortable. I believe that if we are not uncomfortable, we are not learning and growing. I love to be challenged where I can stretch myself, to have lots and lots of learning, to discover new things, to explore better ways of solving problems and to wear multiple hats.
“Learning” is my strongest pillar and I am a passionate learner. While working, I completed a PGDBA, a Diploma in Design Thinking, CISSP, CCSP, and M-Tech. I am pursuing a PhD now. In addition, I am passionate about pro bono and volunteering work in various cyber security communities. Currently, I am working as one of the board member for the CSA Bangalore chapter.
What challenges you faced in your career path and how did you overcome them?
I could say I worked in a high-pressure environment, where we dealt with everyday escalations. One of my strengths is my ability to learn and solve problems. Learning quickly, and having a structured approach to analysze, and connect dots; helped me in not only identifing the root causes, but also in finding possible solutions. Multiple times, escalations have become opportunities for me. I have learned that with commitment, a problem-solving mindset, high flexibility, and transparency, you can do well in a high-pressure environment.
My switch to cyber security was another challenge. It was a huge risk that I had taken, and I was determined to make it work. Knowing fundamental concepts like design patterns and MVC architecture helped me pick up new concepts and products. I remember opening the jar files of these products to read and understand the code. I was also training others while I was learning. It helped me validate my own learning.
Like other women, I also faced some setbacks. One of them was the “Super Woman Syndrome,” in which there were high expectations that I would be able to manage everything. For this syndrome, I started saying “no” and always asking for help. I was and am very clear on what I want to do and what I don’t.
What are the challenges faced by technology leaders today while implementing digital technologies?
In my opinion, the biggest technology challenge is with its “people.” There is always some form of resistance to the adoption of new technologies, which impedes the growth and development of digital technology. Resistance can come from C-level executives, employees, or customers. Some leaders and executives see no benefit in changing their traditional, tried-and-tested practices, especially if they are achieving positive results. Employees may feel uncertain about the changes in their roles and responsibilities that come with digital transformation. It’s important to consider this challenge early on and consider culture as a key influencer to the digitalization strategy.
“Cybersecurity as an afterthought” is another challenge faced today. With the cloud and new technologies, digital enablement is moving at a great pace, but security is lagging behind. Cybersecurity should be a core element of any technology transformation programme. Compliance and privacy concerns should also not be overlooked.
How can technology leaders overcome the challenges faced?
Technology leaders should use effective communication methods. They should be able to communicate the strategy in simple language and have to do this multiple times. Communicate what and how, but most importantly, communicate the “why.” Any digital and technology strategy has to be aligned with the organisation’s vision and goals. Additionally, focus on a change management process that includes culture and people-related factors.
Cybersecurity needs a collective effort from all departments and teams, driven by the same vision and goal of safeguarding systems and data. Technology leaders can also use effective communication to drive a security-conscious culture. A risk-based mindset can help with prioritization. Technology leaders should also ensure that simple fundamental processes are in place, i.e., having complete inventories, data classifications, simple access views, good logging and monitoring.
Any best practices, industry trends, or advice you’d give to fellow technology leaders to help them succeed professionally?
- Invest in Relationships: Remember, technology is created by people, for the people. And people are driven by relationships.
- Keep learning: Never delegate responsibility for your learning and development to your manager or company. You need to invest in your learning.
- Know your why and worth: Be self-aware and know your own strengths. Take ownership of your own life. Be relevant, multiskilled, risk oriented and a good communicator. “Choose to become the best version of yourself and not a product of circumstances.”
- For Organizations, one advice – Keep things simple and fix the basics first.
Any other points that you would like to highlight?
Please be very cautious about your online presence. Think twice before you post or share anything online. Protect your information and privacy from malicious users and their sites.
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics