Find innovative ways to ensure security stands tall
This is an exclusive interview conducted by the Editor Team of CIO News with Mohd. Shadab Siddiqui, VP & CISO from a top leading OTT firm
How did you plan your career path to be a successful technology leader?
Well, it wasn’t planned. What I always wanted to do was solve exciting problems at scale, and I was lucky enough to come across those opportunities like building a payment gateway from scratch, grocery business, cab aggregation, In-car entertainment, E-commerce, OTT, Fintech, you name it.
For me, it was always about taking a stab at the most challenging problem and addressing it. And my growth happened as a by-product.
I started my own venture more than a decade ago in college, thinking that I could solve security problems for the world. But it was the right thing at the wrong time (2009-2010, when India’s ecosystem didn’t care about security at all) and the wrong place(my hometown). I learned my lesson, wanted to understand the ecosystem a bit better, and started working at companies that hadn’t hit the growth stage.
I have always been the founding security engineer in every company where I have worked across domains, and I find immense pleasure in starting from scratch. From defining the security vision for the company to team building, setting the security culture, and all this in startups and growth-oriented companies that don’t work the traditional way, this helped me evolve because I had to find innovative ways to ensure security stands tall.
I have seen almost all companies go from 50 to 60-person tech teams to 500 to 800-person tech teams, and solving security at scale at that pace is fascinating and intriguing.
I have worked across most industries, from payments to cab aggregation, media, ecommerce, last-mile delivery, groceries, food tech, and more, and all of them have taught me a lot about business and empathy towards each other.
What challenges you faced in your career path and how did you overcome them?
The biggest challenge I had was that there was no path, and I had to find my own. I guess it was more of an opportunity than a challenge.
For me, it’s always about scaling security vs. the traditional way of just deploying tools. Also lacking is understanding and awareness of why security is required, and how we can coach them on it.
Folks in security have a sense of entitlement after hearing from big MNCs that security is a first-class citizen, but they don’t understand that the metrics for a big corporation versus a growth-based company are different, and they are responsible for bridging that gap and setting the culture.
What are the challenges faced by technology leaders today while implementing digital technologies? How can technology leaders overcome the challenges they face?
Well, that’s a very open-ended question, but if I have to say something, it’s how to balance business growth, innovation and research, customer experience, and profitability.
But depending on the industry, size of the organization, and their present phase, there could be more things that stand out as challenges.
In India, for example, large publicly traded companies such as FMCG and others are still struggling with cloud computing and digital transformation. This is just because of the legacy systems and scale of operations and the havoc a sudden change would cause.
Apart from growth, security is still a concern for fast-growing companies (mostly unicorns).
Any best practices, industry trends, or advice you’d give to fellow technology leaders to help them succeed professionally?
Think of technology as inclusive rather than exclusive, whether in security or business.
Understand that while we want security to be top-down, what have we done to evangelise CxOs about security apart from regulatory requirements? We have built a rubber stamp culture (it’s needed in certain industries), but security and compliance are two separate things.
Think about security from a first-principles perspective and the problem that needs to be addressed. I believe we have created too much jargon and are attempting to fill it with tools (my personal opinion).
We should define clear metrics and connect them with business growth instead of treating them separately.
Any other points that you would like to highlight?
We should stop pitching security by capitalizing on fear. If we don’t do this, then do that.
No one would say no if we asked any CxO whether company data should be safely secured if it can be done without much impact. Also, rather than speaking as if there are hundreds of issues, help them understand in their own language, such as whether they would be okay if someone brought their business down during peak hours due to a security flaw. And see how they prioritise.
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics