Go Phish: Harish Chib, Vice President, Middle East and Africa, Sophos

We ‘Go Phishing’ with Harish Chib, Vice President, Middle East and Africa, Sophos, about life inside and outside the office.

 What would you describe as your most memorable achievement in the cybersecurity industry?

I have spent most of my career working in the IT security industry. One of my key achievements is spearheading the global expansion of Cyberoam (acquired by Sophos in 2014), with a customer base across 125 countries. I have worked with more than 10,000 partners and was able to acquire more than 60,000 customers for Cyberoam. During my career, I successfully led the global sales and business teams in Americas, EMEA and APAC. I also managed the channel marketing team and the global pre and post sales technical support team.

Post the acquisition of Cyberoam, I took over the Middle East and Africa region for Sophos under the combined and larger organisational structure. Since then, my major achievement is the successful alignment of the MEA region with Sophos’ vision – which is to provide innovative, simple and effective security solutions that deliver complete end-to-end cybersecurity capabilities in the MEA region.

My other major achievement is to lead the group’s pioneering synchronised security strategy, where the products share contextual information and thus enhance the protection available to its customers, in the region.

 What first made you think of a career in cybersecurity?

Cybersecurity was an eventual career decision. At different junctions of my career, it touched me. I started my career as a lecturer in IT and cybersecurity was a new hot topic in those days. Eventually I joined a startup which had a clear vision, capabilities and zeal to create a successful global product-based IT security company from India.

During my college days, ‘Neural Networks’ was my research project topic at the Physical Research Laboratory in India and today at Sophos we provide deep learning-based security solutions. Deep learning uses a neural network set up like the human brain to make decisions based on stored data and predictive reasoning. This is like a complete circle for me.

What style of management philosophy do you employ with your current position?

I strongly believe that when you work with true leaders, you never need to give responsibilities to them. They take their own initiatives and lead on their own. Believing in this philosophy, I have always developed a culture within my team wherein each member is empowered enough to run his/her own show. However, we make sure that we are aligned to the company’s vision, goals and expectations from us.

Sophos is one of the leading global security players and when it comes to sales operations of such solutions, only leaders can personify such solutions. Hence, I emphasise a lot on constant training of my team so that we can match the high standards our products have set.

 What do you think is the current hot cybersecurity talking point?

The biggest cybersecurity threat facing businesses right now is the deluge of attacks and associated incident alert data, regardless of the source of the attack. We see ransomware and phishing as two significant attack vectors and we have seen an increase in attacks on Android platforms as a new way of entering corporate networks.

Today, deep learning is one of the many techniques needed to have complete next-gen protection.

How do you deal with stress and unwind outside the office?

On the contrary, my work is my stress buster. I am very passionate about what I do. However, my interests beyond work are mountaineering, river rafting, following AI-based technologies and products and biocentrism.

 What do you currently identify as the major areas of investment in the cybersecurity industry?

Machine-learning technology, cloud, simulation training tools and synchronised security. If a cybersecurity vendor is not investing in these areas, they will be out of the game against continuously changing cyberthreats.

Are there any differences in the way cybersecurity challenges need to be tackled in the different regions? (Middle East, Africa, Europe, Americas)?

The hard truth is any organisation, in any part of the world, is equally vulnerable if it does not get its security basics right. And this is the reason there are data security breaches every single day globally. Some security breaches make the front pages but many others do not. Malware and other threats that spread across networks rarely respect international boundaries.

We often advise companies to follow certain best practices to reduce risks:

• Companies need to re-think the traditional approach of ‘layered security’ and think more about ‘synchronised security’
• User education is key – reduce clicks but increase reports to security team
• Recognise when your employees or customers are targeted and take protective actions
• First, encrypt the data. Enterprises should be encrypting their most critical data far more often than they do
• Ensure that any contractors, outsourcers or third-party partners take cybersecurity as seriously as you do
• Complexity is the enemy of security. Too often complicated tools aren’t configured correctly, aren’t communicating with other tools or aren’t even deployed at all because despite all their power they are simply too complicated for mere mortals to use effectively

What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months?

Every year there are only two major changes to my role. One is the goal that I would achieve for my company in that particular year and second is the plan, strategical and tactical, to achieve that goal.

What advice would you offer somebody aspiring to obtain c-level position in the security industry?

The industry is constantly changing. One has to be updated and keep learning on a regular basis. There are no shortcuts. And the most important thing is to have fun along the way.