All Courses
Login/ Sign up
Get started

By signing up, you agree to our Terms of Use and Privacy Policy.
Reset your password
Enter your email and we'll send you instructions on how to reset your password.

Organization & Cybersecurity An Expert's Opinion

The Field Of Cybersecurity : In talks with a CISO

What does it take to become a Chief Information Security Officer (CISO)? What does the field of cybersecurity look like in a bird’s-eye view? We reach out to a CISO for answers to these questions and more.

About The CISO

Ayush Gupta CISO
Mr. Ayush Gupta is an industry expert with formidable expertise on everything cybersecurity - from research work on anonymity and privacy to working with various prominent organizations on their Security Policies, Procedures, Compliance, and Security Architectures. An IIITian hailing from Jaipur, India, Mr. Ayush is also a speaker on Cybersecurity and conducts seminars on Ethical Hacking. We’ve sent him a few questions and here are his responses.
  • 1 What drew you to this field? Was this something you always wanted to do?
    Question Mark

    1. What drew you to this field? Was this something you always wanted to do?

    The story behind getting into information security started at a library. During my third year of B.Tech, I went to the library to find some books on network security. Eventually, I discovered a few on ethical hacking, cracking operating systems, etc. That’s how it started initially and later I completed a few certifications as well. Today I head the information security department of an Indian company and enjoy new challenges every day.
  • 2. As a CISO, what does your day look like?
    Question Mark

    2. As a CISO, what does your day look like?

    A CISO usually wears many hats. The major part of my roles and responsibilities can be divided into three sections. The first and most important task is to continuously assess risk and compliance. Depending on the vertical you are functioning in, you must be able to comply with different applicable standards. The second thing that I must talk about is - vendor management; in which you have to be careful about intellectual property rights and related regulations. Thirdly, you have to keep an eye on the data point and ensure strict security control measures are in place. A single data breach can invite a huge penalty. That’s why you have to stay on top of things. In addition, you have to meet client expectations including compliance of different regulations i.e. ISO 27001, HIPAA, etc. and look at the ITGC audit as well.
  • 3. In your experience, what's the most common/fundamental problem faced by organizations and clients insofar as their cybersecurity is concerned?
    Question Mark

    3. In your experience, what's the most common/fundamental problem faced by organizations and clients insofar as their cybersecurity is concerned?

    One of the fundamental issues that companies face today is the lack of a reliable cybersecurity team and the right set of tools. The people who work behind the scenes are equally important as the tools. This is why most of the companies outsource the data security bit of their business. As an organization, you must ensure that your business data is in good hands.
  • 4. For someone starting off in the field, what would your advice to them be?
    Question Mark

    4. For someone starting off in the field, what would your advice to them be?

    The demand for cybersecurity professionals has been growing over the years. That’s why it is a good time to start if you are planning to build a career in network security or cybersecurity. Companies pay handsome salaries to professionals experienced in compliance management or even ethical hacking. So, align your career accordingly and just get started.
  • 5. What is your go-to method to gauge the effectiveness of a cybersecurity strategy to address business risks?
    Question Mark

    5. What is your go-to method to gauge the effectiveness of a cybersecurity strategy to address business risks?

    The strategy is pretty simple. You need to have the right set of tools which you can keep assessing the business applications and systems. Also, you need to track a few cybersecurity metrics like compliance percentage etc. This will help you to improve your performance. So with these frameworks in place, you are good to go.
  • 6. How do organizations protect sensitive information handled and stored by third-party vendors?
    Question Mark

    6. How do organizations protect sensitive information handled and stored by third-party vendors?

    The best practice, in this case, includes ensuring a strong due diligence process. While making the contract, companies usually include contractual obligations that consist of different clauses i.e. confidentiality, privacy, and right to audit. Also, when you annually audit the assessment, you will get a fair idea of if the vendor is practicing the latest information security practices or not.
  • 7. Given the constantly evolving nature of cybersecurity, how do suggest organization and fellow CISOs stay current on the cyber threat landscape?
    Question Mark

    7. Given the constantly evolving nature of cybersecurity, how do suggest organization and fellow CISOs stay current on the cyber threat landscape?

    A CISO needs to be aware of the threat landscape with respect to his company. Usually, the best way to go about is to keep an eye on different cybersecurity forums such as CIS Security, CIO Security, and so on. Also, you must have an up-to-the-minute knowledge of different tools, databases and vulnerabilities
  • 8. What does a CISO do to prevent a data breach, and what does he/she do in case a threat/breach is found?
    Question Mark

    8. What does a CISO do to prevent a data breach, and what does he/she do in case a threat/breach is found?

    CISOs are definitely responsible for any data breach that happens. But with continuous data point assessments, CISOs will be able to stay confident about the process deployed in keeping the data secure. Some breaches can be managed internally as well.
  • 9. What are the consequences of a data breach or a cyber attack for an organization? What steps does a CISO take to contain the breach?
    Question Mark

    9. What are the consequences of a data breach or a cyber attack for an organization? What steps does a CISO take to contain the breach?

    Any critical data breach involving client data will impact many things including your reputation, stock prices, client investor relations, etc. Most of the companies hire third-party experts in order to identify the issues after an attack happens. That is why it is crucial to have a SOC (Securiy Operations Centercyber team in place.
  • 10. With the ban on Chinese apps, do you think smartphones of Chinese brands with their software?
    Question Mark

    10. With the ban on Chinese apps, do you think smartphones of Chinese brands with their software?

    Recently the Indian Government has banned 59 apps on the ground of data privacy and information security. But that probably has nothing to do with the Chinese smartphones. As long as the smartphones and software by Chinese brands adhere to the regulations set by the Government of India, there shouldn’t be any problem.