CISO CORNER: Interview with Vishal Salvi (for free today!)
Welcome to my CISO CORNER feature for paid subscribers. Below is my exclusive interview, conducted by email, with Infosys CISO Vishal Salvi about the challenges CISOs face on a daily basis. [The interview has been edited for readability and length.]
(Editor's note: This premium content first appeared in the April 26 issue of Inside Security. If you would like to receive this feature every Monday, Click here to upgrade to premium!)
Inside Security: What do you consider to be key attributes of a CISO?
Vishal Salvi: One important skill for a CISO to have is the ability to influence teams—CISOs are reliant on their stakeholders to drive change across the organization. Stakeholders across departments such as operations, human resources, legal, and IT need to be influenced in order to support the CISO. They should be prepared to lead and articulate a strong vision, mission, and strategy to ensure execution is seamless.
IS: What would you say are the most significant security threats?
Salvi: Insider threats are a key concern—a distributed workforce is harder to manage from a security point of view because the technologies enabling remote workers to collaborate are also exposing their employers to new threats. Employees working from home rarely have robust cyber defenses. Employees working from home usually let their guard down because they feel safer and more secure. Furthermore, poor work-from-home computer security habits carry over to work settings, increasing the risk of insider threats. The role employees play in enterprise security is too significant to ignore, especially when working from home without the guidance or supervision that is usually offered in the office. As remote work continues, it is imperative that IT teams take the time to educate employees and enforce smart security practices.
IS: Do you have advice for someone looking to start a career in cybersecurity?
Salvi: Being good at technology is no longer enough—CISOs need to speak business language and give the board an assurance that where they’re going is the right direction and why.
IS: How do you see the role of the CISO evolving over time?
Salvi: With the cost of a data breach running much higher than companies realize—fundamentally influencing the way customers think of the brand and negatively impacting revenue for years afterward—it is imperative that CISOs reevaluate their role to protect the company’s assets and brand image. CISOs need to engage with the board and build a robust governance ecosystem, while employing a "secure-by-design" approach to safeguard their brand value and reputation.
As cyberattacks grow in number and sophistication, an assumption can be made: the virtualized workplace will expand as businesses grow. This assumption means increased CISO workloads and more imponderables. I believe there are seven imperatives for CISOs to focus on for 2021: making cybersecurity a boardroom agenda, investing in cloud security, implementing basic IT hygiene, building borderless security, creating a culture of cybersecurity, modernizing enterprise security architecture, and leveraging new innovations. Even though the pandemic significantly increased the ante for CISOs, the buck still stops with them.