DevSecOps with Mr. Lokesh Verma | BSides Weekly | S1 E6

e

e

e e

technical expertise with strategic foresight to protect critical assets and Foster cyber security resoles hello sir it's really great to have you here hey s hi uh good evening and really looking forward and thank you so much for setting up the context and for those you know the glorifying words uh really looking forward and uh again thank you so much uh for inviting me here okay sir uh I would like to start from the initial what Drew you the Drew you to the field of cyber security what inspired you to pursue this field initially uh cyber security was something is is always you know fascinated me the technology especially I would say right from the very you know

beginning school days say when the computer you know landed in our school so my mind was always curious to do something off the beat with those Computer Learning is was fine but that always kept me engaged with the technology and with the computer right then at my home always you know did something which was awkward you know downloading something which was not appropriate and then you know make my computer worse right and then see and understand why that happened and why how basically that thing did not work appropriately how hacker works so all these thing curiosity always you know keep my Minds you know stretched towards the cyber security right and then I was super fascinated that no I think this is

something that we I have more interest and I need to go and further pursue my interest as well as career also right and then in fact you know when I joined Navy right in the very you know beginning right Navy you know gave me that opportunity where I could you know learn and explore and start my career as like mainstream into cyber security okay that's great so you mentioned about your service for the country in the Indian Navy what skills from your Navy service have been particularly available in your cyber security career no the discipline right the punctuality right the the bi direction right and lead from the front right these are the core values of of

armed forces which I'm still carrying and I would say help like wherever you go if you are disciplined if you are punctual if you are leading from the front be being as a leader right if you are showing uh the uh the dedications right right so when I started you know the cyber security in fact I would say and I take all the pride in saying that I started my journey of cyber security from the Navy itself right where within that cyber Wing we set up the process and policies for the Navy right then set or then I started when I started my corporate Journey after the retirement Who Legacy I carried right those discipline skill technical skills

was one part but soft skills in terms of those core values I still carry and they are helping me to you know achieve Greater Heights into uh the cyber security also yeah because I guess her career soft technical skills obviously important cyber security but soft

will not be you know valued much

Bute attitude character demonstrate along with your technical skills right that becomes you know cherry on the cake right

discipline is something which always keep you you know tight right punctuality is something which always taught you the value of the time so greatly you know they supported and still they are helping me to uh achieve the heights basically or whatever I do ensure that success or at least they are finishing in times so yes navy help a lot of course so that's great to

hear so with over 20 years of 20 years in the field of cyber security would you say or some of the most significant milestones in your career uh tough questions I mean there are many uh but if I have to pick a couple of but let me know start with the Navy itself because when we started in uh Navy uh you know bringing those cyber practices right starting those cyber initiatives into the Navy that was very initial time for the Navy also and I would say the for the Armed Forces also right so

terms

of government of right set in Navy first time was something I always you know admired by the Navy and I always take very uh much you know uh you know enthusiasm by saying we started the Cyber practice I or I can say we there were few we were like the founding members right though it was started but we were the founding member to start the Cyber operation into the Navy right so this is uh something I always take pride but you know apart from this right in corporate ining if I have to say now there were like few uh things that I basically was involved or as a key stakeholder gat

and I have to say the right operation CFE enhanc there were uh the efficiency increased into the overall uh the business objective also key and needless to say I mean team was always there their motivation their work so because cyber security it's not a individual game it's always about team right te motivate you being a leader right so credit goes to them but you just present them right so This Is How achievement they all were valuable they all were possible just because of my team was with me and they were skilled enough to you know achieve those you know Milestones of course team is always important since I always been into this mentorship right I always you know go

and talk to the student aspiring candidate who want to you know start their career into cyber security I always go and talk to the you know student right so almost 100 plus students and I would say many right I say that I have at least you know provide them guidance or mentorship you know based on my experience and my knowledge whatever I'm carrying into security or those soft skill and I would say many of them have started their journey into cyber security career and for me it's like it's a great thing that at least I'm able to you know share my knowledge with them and by using those tips and those suggestions and Direction They students

or those you know candidate have started their journey into cyber security so this is also one of the Milestone which I would like to you know mention here okay so that's great to hear especially the mentorship part is we always eager to find some good mentors in our Liv especially when we want to start some good career so ment who guide like this it's always a blessing um sir talking about Incident Management and threat management what are some crucial steps you recommend when responding to a security incident to contain the managing threat effectively first of all you need to in a calm basically and see what is happening right otherwise during the incident people get you know pressed

people gets panic and then things went in a different way as expected even if you have a process in place even if you have tools in place right so handling an incident effectively right I mean there are a u you know prescribed you know format there are prescribed framework also which if followed you know properly I think we can handle any type of incident properly right first of all incident you have to take action you have to take decision sorry it's not something that action will but decision and that is short short that is definite right trial and error because an organization is already under attack right you have to take decision right and decision is always a

pressure thing right because

decision first of all we need to Right Way in a right way we need to identify or detect the issue or the

incident because identify detect then you put your efforts your Force

accordingly where that is not that was not required at all right to first of all we have to understand the impact and the

will have to isolate or contain the situation or those assets basically in technical terminologies he whatever impacted whatever have been identifies as impacted or under attack you have to isolate them you have to contain them right let's say Army wounded sold so same way in this in cyber

security right move forward this area the situation has been contained now we are in a sandbox envirment right then we do the recovery part the eradication part virus Mal we will try to remove from the system yeah we may have to restore the system

also right learning what can we do to overcome from that issue so that in future same issue F now right to step follow basally falling under under the threat management category right effectively handle right but again skill share is also required is to keeping yourself calm keeping your team motivated and telling them that hey we can manage easily right these things are Paramount falls under the technical part which I think every incident responder or team is uh capable enough to handle but shant then you can easily handle calmness is important for these kind of things especially when you are in a situation that things are going rapidly yeah so okay so uh since risk management is a

crucial part of cyber security so how do you approach in identifying exess and mitigating risks the risk management risk and management there are two word right so managing the risk is basically risk management what risk are you are having in your organization how you will you will manage them so managing means either you accept them either you eliminate them either you uh basically uh fill those you know gaps you know where we say that this is the risk or either you remove the complete risk right these are some of the strategy we generally take into the cyber security right so to manage a risk first you have to identify the risk and risk could be

on your people part to your process and your technology right so first let's identify how many risk we have right to our people maybe to our process and Technology right but for the sake of this let's say to our Hardware to our technology part right what risk they are carrying right and what impact due to those risk right can happen to that organization maybe let's Suppose there are some critical risk identify right so those critical risk and where the probability is also High where the occurrence is also very high very high the impact of those uh risk if get exploited by a threat actor or a hacker would be very high where things may not

be able to handle properly right so first let us identify right and then let us go ahead and see like how can I manage or how how can I treat the risk accordingly based on the bu what business basically want right then I'll take that approach whether I want to treat that risk you know by eliminating by you know removing that technology itself or by transferring those those risk or by accepting those risk right based on the discussion with with the business stakeholder by the technology partner and my leadership right then I'll take that approach that how I will treat that risk right

R identif right so that in future they will not occur

Again by patching the software by applying some compensation control

orology say there are some system

then we put compensatory control let say we put additional security control right manag by keeping the business objective also onto the high by keeping the risk also onto the high that risk always should be calculated acceptable it should always be within the boundaries right boundary cross is it going beyond our risk right or

notk okay uh that's a really thing that I want to I would like to ask risk management so but there's also one thing in today's time the attack surface are increasing significantly with the advancement of in technology so what would you say are the biggest challenges in World liberity management today and how do you suggest organization prioritize their efforts I think you rightly said that thread landscape is dynamically increasing every day you found a new tool new technology Inc right AIML iot and whatnot I think slowly they are becoming

right you are opening new door for hackers also new door for vulnerabilities right because it's it's always you know uh technology keep changing software developer have to keep writing to you know ensure that they are adding new functionality new feature new you know the capabilities to their you know technology right right there are few gaps right because no one is perfect right we learn by mistake when we learn by mistake we call

them we see a different Horizon in the the organization right so the main challenges I see in the vulnerability Management program I think and this is based on my experience also is the sheer number of the vulnerability right you let's suppose organization is huge right you run a scan and you found thousand of the vulnerability now patching them is the biggest challenge right you will be like on your toe to chase those people chase the business owner to ensure to to to convin convince them Pat so that you are not on the risk and this things so number of vulnerability I think sheer and this is one of the very biggest challenge right the another challenge

that I see is basically as I mentioned earlier that technology strike is d dynamically changing right covering the vulnerabilities for those technology also is the biggest challenge right sometime you do not have the patch sometime sometime you do not have the solution that if the vulnerability has been found how can I fix this maybe you will be on the risk till that time until you have the patch challeng then there is another challenge you know when we use these you know security tool false signal right sometime they generate lot of false signal they says key I found this vulnerability whereas that technology itself is not present so false signal is also is is one of the challeng that I

see then uh uh setting up the right you know the priority right severity right based on the asset that the technology is using sometime that is also misaligned in the organization one of the challenge that I see and due to which sometime we Overlook the right risk and then patch something which was not you know required at that priority that is also one of the challenge right now to overcome these challenges right U what we can do basically nowadays we are talking about talking a lot about the Automation and this is helping automation can help us you know patching finding and ensuring that we are safe from those vulnerability is very you know big uh you know the technology and

the process right now all these tool can falls under a you know use automation right where the tool will automatically identify Auto automatically suggest automatically patch those vulnerability on those system those those are you know the one level system basically to do that vulnerability right then the identification and dete uh detection sorry of these vulnerability setting up the right assets you know the severity right in advance or by putting up the right risk management assessment you know uh report and those finding with your vulnerabil vulnerability Management program is something uh a solution that I always suggest and I have seen also if these two function are align aligned understanding Dev and then third thing basically vulnerability Management

program leadership through drive right it's not something it should be only team effort right landcap Expos this should be driven by the leadership right serious responsibility acceptability we will have to take this serious

program in force for vulnerability management I think the success rate is uh very B very high so leadership is the thing you said ke leadership important most important I would say leadership should drive this I think if not drive then delegation should be accordingly I mean they should have a very upper hand uh to this vulnerability Management program because it's something that it is exposing you to the world right and you never want you to show that how many doors I have open which I don't have lock for so you also mentioned about automation right so since automation is transferring cyber security so do you think it can ever replace human intelligence and human touch it can never I mean it will uh

there will always be a requirement for a human to uh evaluate to put that judgment brain judgment and to take a final decision I am a very big Advocate that that a human has to be there you remove the first second layer you remove the maximum you know man the uh the man Force right but a human has to be there on the last step to verify to validate and see like how this automation work whether the decision or whether the the output is going to be perfect or the great for the organizations a human has to be there right because it's ultimately human who Mak who is building all is creating this automation they can

make mistake right system is ultimately built by the human only they can also create mistakes so a human brain has to be there in the in the I think in the last at least so uh are there any areas that benefits most by the automation see every domain I mean particularly if you talk about cyber security let's say in cyber security automation is currently playing a huge role right so when work in a uh you know uh Team like who is monitoring the alert on a daily basis right as I said the like number of vulnerability they are sheer in number right they are huge right likewise the alert is huge right and finding out the right finding out

the actual evil the actual attackers you know EV went out of those you know let's say hundreds of alert sometime becomes becomes and I would say nowadays has become very tedious task manually for the security analyst right so to overcome from this we have you know built tons of tons of you know not tons of but we have you know built many playbooks right based on the requirement based on the alert type right so when we found right when we defined or when we determined that this type of alert is something not required false positive or it's a known activity right due to which there is no harm to the organization right so we can put those you know

type of signal of alert or event into the automation now how that works the moment next time that type of event activity or alert happen it will automatically be treated or remediated right so there is no need for a human to go because enough uh you know research enough you know the amount of you know the analysis has been invested to create that automation so now there is no human required so these kind of small repetitive tasks can be you know automated comp complely let's say the report creation right leadership need reports reg regularly that how we are doing how good we are doing where we are lacking now all these can be you know uh

done by the metric and the kpi and in the in the form of reports now automation can also help to extract the data from these tools and then create those reports on the fly right now automation can also help in this vulnerability now where I can see how many vulnerabilities are there and now where I need to put more Focus now your automation you have defined let's sayy if the critical relability found in these critical assets which is very critical to my business go ahead and Patch to right yes there are you know some FN else is required there are some you know condition needs to be there but automation can also handle the you know

the vulnerability management and patching also now these are few but there are many others you know automation that we are currently you know doing into cyber security and we are saving a lot of time uh if you go back to the topic where we were discussing threat management there's one more one more question I want to ask uh with the evolving thread landscape how do you stay updated on emerging threads and how important is threat intelligence in primitive defense um see staying update about the emerging threat I would call this a habit right so where you always want to learn what is happening into the world of cyber right how cyber

threat because you always want to keep tools are helping nowadays but you as a professional you can be asked you can be you know uh you may have to talk in any of the Forum or to your leadership also so so being into this field so I generally take approach I follow you know there are some reputed and you know trusted Source let's say msrc msft Microsoft thre intelligence sources since there is organization report time to time then there are the dark reading The Hacker News and vendor threat intelligence related and likewise to you can get all these information in detailed manner right study and see how you can adopt the information from those reports right

attending those webinars you know going to the conferences talking to the vendors talking to your peers who is working in different uh the organizations see like how they are affected what the new trends that they are Shing then sharing that knowledge without revealing the the confidential about you or or right and which helps basically right right and then I would say important so all

these how you can create strategy detection strategy prevention strategy for your organization or for your infrastructure right what I have seen also you know just to give in one example affected for from one attack organization right when you have these connect you have these knowledge you are following these you

know that helps right

huge part right because every attack comes majority of the attack comes from the outside and they comes with the technique they comes with the identity which is a threat intelligence for us of course as we all say preventions is better than Cure All right so for everyone who is watching and from this perod you should be updated about any threat or any new thing is going on in your field and now also say it's not something organization is only impacting from the Cyber attack right cyber this threat actor they are targeting the the innocent people also they do not even right they do not even discriminate information you me as a as as a normal

human are also under attack right so if you are not using or if you are using that technology which which is under attack so very much required I mean just for the normal people also I would say yeah that's right actually um from this thing I would like to ask that as you say uh we all know that you are a mentor and you are a ni very great mentor I guess and everyone want to be a mentor like you and wants a mentor like you so talking about mentorship and team leading how do you approach building and leading a successful cyber security team especially under high stress conditions see my Approach is always you

have or you should have a great connect with your team right you should know the not like pros and cons of your folks right

right but when you do these thing in practicality they become sometime because when you work in a team every member of your team is like the fingers of your hand right different mindset different capacity different capability thinking process what time they will be on the good mood and what not right so you as a a lead you as a manager you as a leader it's your responsibility to understand your team first very deeply balance now this is the Baseline right everyone has a different you know Persona every has a different you know approach right towards the work resp everyone is heard everyone is included right only one person is being given all the priorities and privilege

whereas others are ignored and isolated you as a leader

then your team start you know trusting in you deeply right extend then they start you know having that sense yes we are in a good hand basically we are not in a headless missile

right they all come from the Navy right because Navy taught us how to lead how to basically you know go and lead your people because it's all it's in in Armed Forces it's always about your morale right because situation is always under pressures if morale is not high you cannot fight a war right as I said in the very beginning of this Legacy is being carried from the Navy you know itself right um whenever I you know lead team you know in fact now also I ensure that my team feels supported right they they feel like you know they are being appreciated you know for their work for their you know wi and and we always you

know appreciate and I think celebrate our uh the hard time also sometime you every time you cannot win right sometime you also have to see a tough time right we also celebrate that with the team that no worries we put our best right we had no control on the outcome right sometime right so you let's celebrate that also celebrate the hard work right so and then uh providing them the recognization in front of the leadership right when your team does good right make sure that they are you know known right they are being accurated they are being acknowledged by everyone in the organization right so but very effective and very impactful for the the the

direction and my reporting I think they always help me to ensure that my team is achieving the objective and I can call that like uh a successful you know team basically and they all derived these all tactic techniques and all these you know the the processes and best practices DED from the Armed Forces needless to say uh of course and I guess NB is played a ro big role in your life significantly huge role yeah um sir you are known for your mentorship as I said already so what do you believe in essential for affective mentorship in this field for and for young professionals entering cyber security what key skills and attribute to you recommend they

develop cool so see uh well good mentorship is always about listening right because until unless you do not understand the concern the problem the issues that you are going to resolve or you are going to talk about or you are going to give suggestion for to your mentee or your like the to the students or the candidate I think you're not a good Mentor right so first you have to uh listen right and when you listen you Gress more then you create strategy inside your brain right that how I have to speak and what is what I have for this problem right so you have to listen right so and then understanding the problem as I said and the concerns right

third thing is guiding based on then experience as I said when you listen then you understand the problem and then you suggest based on the your experience so listening is the Paramount and super critical here rights uh for uh the young professional and the aspiring you know candidate who want to start their career in security or let's say any stream in the corporate right I would say that focus on learning the basics right but let me just stay you know uh you know focus on the security part Focus uh on learning the basics right now those Basics could be Network right how network works how operating system work how these things are connected right and

second thing and when you have that you know knowledge basic that I know now maybe then you can start learning slowly the security uh the basic security Concepts right and but along with this I would also you know highly recommend that never ignore uh the soft skill never ever underestimate the soft skill part you can be a good technical you know profession but your skills if you are not a good communicator if you're not a not not humble if you're not you know acknowledged as a good speaker or this thing I think you maybe uh you know lack into the journey of your growth into your career so I think uh those soft skill also play very crucial part

uh think big stay always curious ask questions right and demonstrate the continuous learning so these are some uh you know advice I would say and I think I am also you know practice always and always you know tell my team to you know uh you know keep practicing this is something that can put you on the right track of the growth as well as uh the successful you know the professional in any of those stream that you are choosing yeah so that's a great advice I've got from you because I'm also a young professional from this field not professional actually but learner okay so um I would like to ask a question from GRC uh GRC is an essential

component of securing an organization so what according to you are some foundational aspects of cyber security governance that organization often look Overlook I think this is an important in know question SN I would say so yeah many of the organization I have seen and sometime I also feel in my organization that the clearly Define the rules and responsibility of the team and the individuals are not prescribed sometime right and due to which what happen the things get overl my team is not responsible for this right and then due to this you know the miscommunication or due to this the the clarity sometime things get delayed and then you are on the risk of something right maybe the project delay

maybe something Technologies cannot be deployed roles and responsibility clearly def organization

and then owners nobody will take the responsibility because it is not clear right how will I I see as a Overlook concern because we generally follow and that's completely fine because it's always about speed also speed matters right challenge the training and the Skilling part right then we hardly have time to learn new SK hardly have time to acquire or learn new skills though we say though we focus ke let's learn let's develop new skills but in practicality that hardly happens right so this is also one of the area I see and I have seen personally that less focus and Overlook by the organization on up Skilling and the training part for their employees and

for their teams right is something also put sometime sometime organization on the backseat right last uh but not the least in this basically I would also say that uh the people's part here right their motivations their well-being their personal life you know is something mostly overlooked right because it's always about outcome it's always about impact right it's always about the work right so we talk about though the organization talk about though that well-being program personal life and whatnot right but in practicality they they likes right you know they lik you

know and due to this these kind of situation happen right for me I think this is also one of the important aspect organization Overlook generally yeah okay so this is nice to hear um if I talk about laws so cyber security laws involving overnight due to uh everchanging technology technical landscape in the field how do you keep up with the complt and also ensure that security practices align with the regularity requirements of the regularity authorities when you you know start reading you know when you are connected with your folks when you connected with the regulatory bodies right and you also understand the objective of your business right when you know how Regulators changing the law how based on the

technology B based on the landscape changing based on the government instruction based on the political you know changes happening right so when you start keeping an eye on all these you know happenings you know globally right when you let's say you are using PCI DSS you are using ISO you are also following the hipop you are also using the socks right and framework right regulatory bodies every organization who is opting who is choosing our framework for their operation and their you know the business right they follow these standards right they follow these practices right so that they compli right update it is your duty as a security professional you read those you know reports and then you also stay connected

with the

vendors framework deploy second part is your compliance team because every organization has a dedicated compliance team big organization then you get you know stay in touch with them because they have the complete and full information they cannot take a chance to miss any of the update from The Regulators right because it sometime it comes with a heavy penalty for non- compant right so huge

information a very good wealth of information about keeping yourself uh aligned with the compliance right for when you have to follow those regulatory requirement is having the regular internal and external audits right because when you do audit right when you conduct audit for your organization you find gaps right you identify gaps and then see misaligned comp for that particular framework right so I think these are some of the steps and I also ensure that I also you know participate in all these three to at least stay updated updated uh that and stay compliance also about about those regulatories you know the requirements for any of the framework okay so so would it be possible if you

could share a particular challenging incident response case you come across and what you learned from managing it I had seen many incident but I think you know talking about very particularly by taking the name would not be feasible here but you know in one of the incident that I saw was related to supply chain attack right in one of the organization that I worked for for one of the customer right I would say right so there was a supply chain attack right where they were you know consuming some of the services from a third party vendor right which somehow got compromised and from there that hacker actually planted uh something malicious into their you know infra and

from there that malicious you know code basically snagged into the customer environment right and due to that their machine since it was a trusted Source right no one know security the control actually flagged that or you know through an alert and every you know control you know trusted that and it then spreaded across their environment right so when this report came as I mentioned the threat intelligence right that time threat intelligence become super useful right we came to know that this is something happening we then dive into their uh the environment we found that hey I think you are also part of that you're the victim of this attack right and then we initiated this incident

respond we somehow you know contained that machine isolated and we were able to restore their operation though it did not you know impacting them much but I think this is uh interesting uh incident that uh I handled along with my team for one of the customer okay so uh what you from managing it is there some anything particular you uh experienc from this one no definitely I think zero trust right in security you cannot trust on the technology completely right so trusting on The Trusted system itself you know uh was something was not enough because that code that vendor and every channel was trusted right and that was breached by the hacker right so trusted

Channel itself when the when the trusted Channel itself was breached by the hacker what will you trust for right so zero trust I think is something has to be in place uh when you are handling the incident you have to double check right you have to ensure that no if you have valid uh done this let me validate and confirm whether you have you did it right right and then the having the risk management for third party also is something should be in place right though nowadays every organization is is a is a department itself the third party risk management but I think that is something should not be overlooked right that should be very

stringent right because you are opening your door for some third party and you do not know how and why and when that third party got breached generally they do not you know report to you they always want to keep themselves right so this tprm you know comes handy and very crucial you know tool in that case right perform a Super you know critical audit to their technology process and policy how they handle the information how the network is you know establish how you are connected with that I think this is also that third party risk management should be super if you you know dealing with the third party right and the updated threat intelligence I think is

something needs to be in place right um nowadays security has so much evolved that you cannot live without the threat intelligence because it provides you the context as I said earlier that sometime you know about threat even before they touch or hit your organization if you have a solid threat intelligence into your organization so I think that's what I learned from and we recommend also accordingly and then I think it was fine thereafter okay so threat intelligence is really important for every organization I guess so um also there is a question I would like to ask to you I guess everyone wants to know this uh a Kuran cyber security can be very demanding and challenging so how

do you maintain a balance between professional and personal life I think it's always about the time as right how do you want to and how much involve that you want to yourself into your office and how you want to segregate your personal life and off his life is something very personal I think it's depends on men to man but when it comes to me personally I think I always uh try to keep my personal and my office life separate right I do not want to indulge between what is happening in my office then I am involved into my personal life right uh the delegating the task to your team and to your subordinate or ordinates accordingly so

that you do not take everything on your hand right you know and and and this can be correlated back to the defining the clear clear roles and responsibility right you as a professional completing the task on the time and that is where your the punctuality and discipline comes into the place right if you are completing your task as apj Abdul Kalam s say that if you cannot finish your uh office from 9: to 5 and if you're stretching yourself means you did not work you are not working right so if you are able to finish your job on time I think you have enough time for uh for your personal life for your family for

your hobbies right and then take a break in the vitman right so you it's not required that you just uh sit in front of the system completely take a break in between right so spare time for your hobbies spare time for sports spare time for your friends your family rights these all I think not so unique not so this thing but I think this is something which is helping me to maintain M you know segregation or maintain maintain a good balance between my personal and my professional life okay I guess this also helps people to balance their professional and personal life also those lastly what advice would you give to our audience if someone from them is

inspiring to reach a leadership position in cyber security like you maybe so leadership is not a tag or not a tag leadership is something that a quality right when you start leading when you start taking ownership right you are a leader right you are already a leader right but when we see those tag those you know the the positions right and and that can only be attained by you know uh putting up you know significant amount of time you know into that you know industry into that you know the organization or likewise right right so uh if you ask me about the advice like you know after you know completing these this much time into the industry and

including my Armed Forces also I would say uh first you have to master right first you have to attain that Mastery into the technicals right uh because as a leader right into the cyber security technical is something is very much required right you need to understand the challenge that you faced personally and then your team faces how you can enable them to overcome from those challenges is right because when you face challenges how did you overcome so that becomes an experience for you that you will share with the team right alongside this uh I would say the developing the soft skill decision making right then you see your leaders how they are behave and act in the uh

during the stress time right bias for Action right lead from the front right the collaboration right the more you collaborate with with people the more you will be become a known face right and then uh the understanding the business and objective in whichever organization you are working if you want to aim if you want to aiming for leadership position you have to understand the business and objective how it runs what it takes to you know uh you know uh you know run the operations of that business now all this you know uh basically is something uh I would say from the technical and the soft skill part would help you to go on the next letter where we call that you

are a leadership along with that there there are few uh things that also help very crucially is that stay update right with the uh industry Trends right wherever you are working like what are the trends what what things are going on political you know the movements right what is going good what is going bad right from the news the threats to your threat understanding the threat landscape also that ultimately will falls under the technicality but understanding the threat landscape from the strategy point of view from the political uh stand point right right then um as I said build a strong Network within the industry the connect is always helpful right you should be known face by the by your peers or by the

industry you know folks that hey I know you guy right and focus on uh the understanding of the cyber security is a whole not only the technical one but cyber security as a whole right how that security can impact the organization and the goals of the organization and customer right so in Balance mixture and they all comes with the experience and experience comes when you spend time right to when you start as Junior you start learning you start spending time in organization right that will become experience for you and then you can share with your Junior when the moment you share with your Junior your knowledge you are a leader you are a leader you are a mentor that's how you

achieve a tag of leadership positions where you spend you know many years into the industry but leadership is something now that is not required to have you as director or anything right manager but I think this is something that one needs to know and Attain uh if they want to be there okay that's really great advice I guess everyone who is watching uh will follow this and be a leadership be uh be a good leader and for today thank you so much sir that was really an insightful session and I'm really lucky to uh do this podcast with you and yeah please thank you so much ni I think it was very enlightening you know talking to you and very fruitful I

would say uh I was I hope I was able to share my experience right to when within an hour you will not never be able to share the whole but I hope it was you know you know helpful for the people who is on uh the listening mode but thank you so much for this opportunity really looking forward for other engagements as well and all the very best for the uh people who is listening this and yep thank you great and thank you to everyone who is watching be sure to join us next week for more expert discussions and don't forget to subscribe to stay connected with the latest insecurity and Tech until then stay safe stay curious we are

always besides you thanks everyone signing off snea

[Music]

for