Vijay Bharti, CISO and senior vice president of cybersecurity practice at Happiest Minds Technologies, ranks among the few enterprise cybersecurity practitioners who handle both the overall cybersecurity business and internal security for the company.
Bharti has more than 22 years of experience across multiple domains such as identity and access management, data security, cloud security, and infrastructure security under his belt. Over the years, he has established trust and credibility with both external and internal stakeholders. In conversation with CSO India, Bharti talks about his experience working both internally and externally, how organisations can build cybersecurity ground up to minimize risks, and how India can bridge the security skills gap.
CSO India: You have a unique position of being on both sides of security as a provider and CISO. How has it helped you in performing better?
Bharti: Yes, my position is unique. I have the perspectives of both, buying and selling security capabilities and tools. CISOs face their own challenges in terms of budgets, cultures, and value creation for organizations. Service providers need to be mindful of these factors in proposing solutions that fit and benefit the given environment. A pragmatic and risk-based approach is essential. The CISO is looking for trusted advisors and partners who can help enhance the overall security posture and reduce risks.
It is critical for the CISO to evaluate the capabilities of a partner or tool within the budget as well as the expectations to avoid any mismatch in the results. I am in a unique position to learn lessons from both sides of the fence and apply them to my business or organization's security decisions.
CSO India: What has been the biggest challenge that you have faced in your career? How did you overcome it?
Bharti: Cybersecurity is an area that has evolved significantly. When I started my career, there were not many players in India focussing on security. So, right from the early days there were challenges with respect to understanding the overall domain, understanding various tools and technologies, and being able to get the right set of people who could help you in achieving your goals and objectives.
However, I would say the biggest challenge has been the fast pace at which IT has evolved. In the last 10 years, we have seen a lot of focus on digitisation, cloud, and third-party vendors. Cybersecurity is an area that must keep pace with this rapidly changing IT landscape. As CISOs, we must continuously learn and understand the various changes happening in the technology, regulatory, and compliance landscapes.
So, keeping pace with various regulations, and understanding emerging technologies along with the risks associated with them has been a challenge. I consider myself a very technical, hands-on guy, and that's the way forward as well, because we'll see this landscape evolving much more.
CSO India: How do you keep yourself updated with the latest security best practices?
Bharti: Security must be aligned to business. We need to understand the new technologies, at least at a conceptual level, and then define a framework that will help us map our information security requirements with them.
I have been actively working towards understanding the newer technologies and regulations. Besides extensive reading and self-learning, I also attend numerous seminars and conferences to keep myself updated.
CSO India: How can CISOs ensure that cybersecurity becomes a business necessity rather than an afterthought?
Bharti: To make cybersecurity an integral part of a product’s life cycle, it is important to build awareness. So, CISOs should keep everybody in the organisation aware of the cybersecurity risks.
Enterprises are aggressively undertaking digitisation to address the changing business scenarios. It is up to the CISO to understand and articulate the risks involved in it and communicate the same right from the senior management to the teams that are involved in the execution.
As part of the standard software life cycle development process, or devops, there are lots of studies which show security defects that get passed into the production environment can be very costly to rectify. Therefore, CISOs should share the risks associated with any project with the right stakeholders at the time of budgeting as well as at the time of implementation.
CSO India: What do you look for while hiring cybersecurity engineers? How are you grooming your next level of leadership?
Bharti: In addition to the project-level work that they would have done, the biggest attributes I look for are their ability to learn and their passion for cybersecurity.
Passion brings in a lot of energy, which can then be leveraged by an individual to learn and pick up multiple things. I look for people who want to build a long-term career in cybersecurity.
I fundamentally believe two things that are required to build and lead your team. First, provide the team members support as and when needed it, be it when they are joining the organisation, picking up a certain skill or technology, or getting into a new role. Second, once they are up to speed, empower them by giving them independence.
CSO India: How can India bridge the cybersecurity skills gap?
Bharti: On the one hand, India has lots of engineering graduates looking for jobs, while on the other hand, there are many vacant positions because of unavailability of skilled resources. So, there lies the answer. We need to make sure that students coming out from engineering colleges are trained and aligned to the market needs, thereby making them job-ready.
I have helped some institutes in designing and building cybersecurity programmes that are in sync with the marked demands. Along with the broader domain understanding, the curriculum should also focus on some specialized areas including platform security and web security. I have included courses on the latest technology trends such as cloud, analytics, and automation. This will enable students to be ready to pick up and learn security challenges around these technologies and be more ready for the industry. I have also emphasized more hands-on experience and lab experience.
CSO India: Why did you decide to enter the cybersecurity industry?
Bharti: I always wanted to do something that was upcoming and emerging. I found cybersecurity to be an interesting field. It is something you always consider and come across in your day-to-day life. Besides, it was appealing from a personal career growth perspective. If you have a learning mindset, cybersecurity will always keep you on your toes.
CSO India: Tell us about your career and major achievements to date.
Bharti: I started my career in cybersecurity in 2000. While I was at Wipro, a small group was being constituted to develop an identity and access management solution. Wipro was one of the few companies that was focusing on cybersecurity at that time. I became a part of that group, called Security Services division, and spent the next 10 to 12 years building multiple security tools and technologies, including identity access management, log management, and data security solutions.
I moved out of Wipro in 2012 to join Happiest Minds, where I set up the cybersecurity practice, as a part of the infrastructure and security business. For the next few years, I managed the overall security business for Happiest Minds. About four years back, I took the additional responsibility of CISO for Happiest Minds. In my dual role, I currently head the security business for Happiest Minds and also take care of the internal security, compliance, and privacy management requirements for the company.
Security is an area where trust is very important, and I have been quite successful in establishing that level of trust and credibility with all the external and internal stakeholders.
When positioning any tools, services, and frameworks, I believe in doing my research thoroughly, being modest, and outlining limitations, if any, along with the benefits. One must make sure that there is not a lot left in the fine print.