We ‘Go Phish’ with Rinki Sethi, VP and Ciso, Rubrik, who tells us about how she wants to encourage diversity in the cybersecurity industry.
What would you describe as your most memorable achievement in the cybersecurity industry?
I am extremely passionate about bringing more women into technology and even more specifically cybersecurity. I am so proud of driving the partnership between Palo Alto Networks and the Girl Scouts of the USA to develop the first set of national cybersecurity badges for grades K-12. This made cybersecurity education available to every zip code in the United States and now girls can not only learn about how they use technology securely but they can teach their neighbours, grandparents and siblings more about information security. And as a side benefit we’ll have some of these girls pursue careers in the cybersecurity industry in the future.
What first made you think of a career in cybersecurity?
I stepped into cybersecurity rather by accident, I graduated from college at a bad time in the economy and companies were not really looking for new graduates to enter the workforce. Fortunately, Pacific Gas and Electric was recruiting from my campus and although I wasn’t being actively recruited I went to the informational session and ended up talking to one of the hiring managers. He asked me what my favourite course was, when I responded that it was cryptography, he said he had an information security role that he wanted me to interview for. I ended up getting the job and that was the start of my career in cybersecurity.
What style of management philosophy do you employ with your current position?
I think it is important to hire the right team and then enable them to do their best work. It is important to develop a strategy that shows innovation and direct impact on the business, in order to motivate your talented employees and be attractive to a market that is already very difficult to recruit from. Also, I think it is critical to build a team that contains individuals from very different backgrounds. This encourages the thought diversity necessary to solve the very complex problems we face in our industry.
What do you think is the current hot cybersecurity talking point?
A cybersecurity trend we keep hearing about is the transition to cloud and ensuring security in cloud environments – still a new area for many cybersecurity teams. Ransomware continues to hit companies hard and therefore ensuring organisations have protection from ransomware and are implementing solid Disaster Recovery and Business Continuity plans is a hot topic. Also, difficulty hiring – due to the shortage of talent – continues to be something every cybersecurity company is struggling with. Finally, the need for continued automation and tools that leverage Machine Learning and AI never dies in the security space.
How do you deal with stress and unwind outside the office?
I care about physical fitness and I exercise a lot – that is the time I spend on myself and it is time that helps me deal with stress and unwind. It’s the time that I can think about nothing else but what I am doing, in the moment. Spending time with my kids and family and travel are also ways I disconnect from the crazy world of the office.
If you could go back and change one career decision what would it be?
I wish I had taken bigger risks earlier in my career. As one of the few women in security, back when I had started, I felt like I had to nail everything the first time and I didn’t want to take big chances due to the fear of failing. Now, when I look back at my career, I realise the times I have grown and learned the most are when I have made mistakes and taken big risks.
What do you currently identify as the major areas of investment in the cybersecurity industry?
It’s interesting that cybersecurity goes in phases but more recently I have seen companies go back to the basics in their cybersecurity investments. Major investments include ensuring there are robust Business Continuity and Disaster Recovery, asset management, vulnerability management systems and security operations capabilities.
Are there any differences in the way cybersecurity challenges need to be tackled in the different regions?
Although the foundation of cybersecurity remains the same, regardless of region – managing risks and ensuring your mitigating and monitoring those risks – the specific priorities may be different. For example – right at this moment as I write this – some nations are really struggling with COVID-19 and there may be additional focus on related cybersecurity initiatives in those regions.
What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months?
I have seen companies leverage SAAS or go to a 100% SAAS model for their business applications. This changes the way you tackle cybersecurity, as it is not about protecting your own infrastructure and networks but rather it becomes more about identity, access management and data protection and ensuring you have good insight into data movement. This is a massive change I have witnessed over the last year – SAAS applications and cloud are being adopted more than ever and security challenges are different in that environment.
What advice would you offer somebody aspiring to obtain C-level position in the security industry?
Be tech savvy and business savvy – you’ll need both skills if you want to pursue a CISO role. It is important to understand the business and what drives the business, so you can stay relevant as a security practitioner. It is also important to be passionate about the product or services that your company provides – understanding how the business works will help you become a competitive advantage to the company and help you towards that C-level position in security. Finally it is good to be well rounded – take different security roles, don’t stick to just one domain within cybersecurity. There is so much to learn in the field – take the opportunity and try to move around and learn every part of it, if you can.