BSides Bangalore X W3-CS Podcast - Episode 2 - Vishal Salvi

I'm s one of the core team members of bides Bangalore and W3 CS now I'm super excited to welcome you all to the bides Bangalore podcast which is in collaboration with W3 CS worldwide women in cber security Now sit back listen to this podcast and learn all about cyber [Music] security today I have a very nice guest with me Vishal salisa who is the CEO of quick heel now the the man doesn't need an introduction before I start into an introduction of Vishal selis sir I would like him to tell everyone a hi hi sir how are you hey hi satak uh how are you good good to be here on this call I'm good

too sir if I introduce you it'll be not so good but I would want the audience to know what's been your journey in the cyber security world and your career yeah so I think um you know we uh you know got into cyber security um uh way back just after the back of uh Y2K and U in those days it was not known as cyber security it was uh more of it security and uh and I was not sure whether it was going to be my career choice but uh as it turned out uh you know few years in the role and the and the domain and the um you know the whole field really got very

interesting and uh and I sort of confirmed that you know this was really the the career that I wanted to pursue and and since 2000 you know i' I've kind of seen um uh this uh this domain and this function unfold in a very dramatic manner because of the way which uh technology and digital adoption has uh fundamentally changed the way we conduct business and um and and the human connections are now uh through uh Computer Connections right and so uh you know cyber security obviously became very very fundamental and um and so every every uh 2 years every 3 years you know I I have obviously uh pivoted to to you know how I wanted to shape my career as the as

the function in the domain was unfolding and and it's been a fascinating Journey for me personally right and U and having worked with so many different U you know people uh passionate young um individuals throughout these last uh 23 years has been um very very enthralling for for me personally you know because of the way in which we've kind of worked together and achieved um you know joint goals and uh and you when you when I reflect back now you know in terms of the body of work and also the the lasting changes that we have done across the different organizations that I've have worked has been very fulfilling yeah all right that's been a very interesting Journey

sir so sir do you recall any important mement or technological shift in the IT industry because you've been so long or in cyber security that had a significant impact on you or your approach to cyber security leadership considering that you have been in this industry for over three decades now I think the the first um major change uh at the initial days was really in terms of how uh we were you know transforming the network okay and how the changes in the network were changing the way fundamentally changing the way in terms of how um data centers and Communications were handled I mean imagine I mean I go back into the days when the banks and the branches were not

connected right and we used to use uh something called as CC mail to transfer the files to have a a Gmail consolidate you know through email consolidate all the GL uh GL balances for for the bank and and to fundamentally then get everything centralized to into Data Centers and then you know the major shift of uh mobile and Adoption of mobile phones and smart devices uh somewhere in 200 uh 7 2008 and then you know after that it was all about uh data and cloud and that that transformation has dominated um the early 2010 to 2020 right and uh and there so much there so much has happened you know in in during that period and now we are obviously in

a generation of AI and gen and other things right so so yeah I think there are obviously some fundamental shifts uh in technology which have happened and uh and it has had a very profound impact to cyber security right right because uh keep in mind that whenever you do any uh Technology Innovation it obviously creates a sort of insecurity in um and vulnerabilities in the way um we conduct business which can be exploited MH so so yeah I think these These are these fundamental changes have really shaped uh you know the the current and the future of how how we adopt and use technology correct so sir you spoke a lot about uh technology now

now do you how do you implement these Innovations in consumer and Enterprise cyber Security Solutions at quick heel and um are there any recent initiatives or innovation that you are particularly proud of I think see uh one of the things that you know we are proud of in quickill is that quickill has been a a deeply Innovative organization and the reason I say that is because was for you to be relevant uh for your consumers in the business of uh information security and cyber security for more than three decades um you cannot do that without being Innovative okay and to be able to be relevant um while there have been such a fierce competition from Global players

in the antivirus Market uh is something which is a testimony to you know what what the company has been able to achieve in the past so many years right um so I'm I'm personally extremely proud of that Legacy and uh you know quick heel uh in many sense has been the the first Indian cyber security startup right uh and U and it started with a very humble idea of you know trying to fix this different types of viruses which were popping up correct on the platforms okay so so clearly um there it's been a long journey and uh I think we we we should take pride of the the capacity and the capability that we have

created in the the largest malware research lab in the country uh in Pune in quickill and uh it is backed by obviously a very strong set of individuals who are coming together with understanding of the way I threats and Technologies um around that to to be able to do deep research to be able to write automation apply uh Ai and ml um automations to address uh this major issue of millions and millions of U threats coming up on a daily basis and and how we are dealing with it so I extremely proud of that innovation and extremely proud of the way we use technology and our people uh to solve this problem every single day sir because when I'm personally a

user of quick he so I can resonate with you on this now there is an impact that we create on people's life in the same way um you have also highlighted a lot of U environmental importance social governance in your post on LinkedIn or social media handles how does this philosophy reflect reflecting quick heel cyber security practices and approach I think see uh you know in today's day and age you you you cannot just uh exist for generating uh profits and revenue you know you need to have a much broader agenda um towards the ecosystem that you live in um whether you talk about environment whether you talk about our social and also generally you know as a

as a company uh and that to a listed organization we need to have set standards for U you know High corporate governance right and so we are deeply committed towards our ESG goals and uh and and we we we take that very very seriously you know in terms of how do we uh make steps to take steps towards that now obviously given that we are in the business of um antivirus and antim where um it is a very just cause to fight for okay and uh apart from apart from doing what we do we are also trying to make the digital world a safer Place correct right on ongoing basis and I think it's a great cause to look forward

to it's a great cause to look forward to because uh you know obviously you know you do uh earn profits and revenues and other things but bigger cause is about the value that you're creating for the world by by protecting uh you know the computers so I think we we we passionately drive it and we also passionately drive it uh to to our teams um so that they are able to also connect to that much broader cause but apart from that you know quickel um Has Its Own quickel Foundation which has been uh at uh you know focusing on the corporate social responsibility for decades now uh during the covid the you sponsored ambulances and uh um you know adopted

Villages and you know provided facilities so that we are able to support those villages to manage the first response for covid victims uh and uh infections but but since then we've been deeply focused on Cyber shika Aban you know which is basically uh you know democratizing the cyber security training in schools and villages right interesting and um and I'm proud that you know just recently we achieved a Milestones of touching uh you know 5 million uh individuals through that program sir uh so and and apart from apart from doing that we are also extremely proud and happy that we are able to uh encourage and build uh leadership uh in schools because this is like a train the trainer program so we

identify young talented individuals or students who are really interested in understanding cyber security so we train them we identify them we train them and they are the ones who go and execute the training program and and of course they they earn some money you know while they doing this training but but I think the idea is to really give them the confidence that is required for them to go on the stage and actually uh take ownership of uh uh teaching right U young students so yeah I think we are we are doing multiple things um you know to uh on the ESG agenda uh and we are deeply committed towards that now these contributions of yours and quick heals

are quite remarkable on making sure that cyber security awareness is there could you share an experience or that initiative uh where you felt that your advocacy had a significant impact on the audiences understanding in cyber security see I think uh you know we are constantly doing our bit see India as a country has a very low penetration of paid antivirus right in us the paid antivirus is around 50% in India we are at around 20% so there is a huge gap uh and that generally the Gap is because of lack of awareness right so one of the things that we keep doing on an ongoing basis is to uh use various channels various mediums various uh opportunities that we

have to make people aware of why you know just like uh you know health is important you know hygiene of your computer is equally important for you to be able to conduct your business safely and securely um on digital world and and you you can imagine in today when we are adopting digital in the government infrastructure we had adopting digital in the Banking and Financial infrastructure and we are adopting digital um you know personally on social and other things I think it's very very important that uh we are able to impart uh the the the need of people to understand the rules that people need to follow on the information highway right and uh and I think I think it's it's a

challenge but um uh you know if you see see the whole focus of our CSR is to catch uh young uh individuals in schools and impart them the knowledge and uh and it has to be done on a constant basis I mean 5 million uh is not a small feed but we know that we have to go to 10 million 20 million 100 million and we need to do more and more so that we are able to uh reduce this G Gap and you know spread awareness so yeah I think there are multiple multiple Avenues and multiple examples I would I would not like to pick up one or two which we are doing to

ensure that we are able to do our bit for the society and the community yes so uh you have been also been recognized by esteemed institutions right sir now how do you acknowledgement these reinforce your commitment towards uh transforming the cyber security ecosystem especially like you spoke positioning in India right or we would want to position India on a global stage how do you go about this I think U no I think from from my point of view uh you know it is it is the cyber security community in India is a very Vibrant Community okay um I mean bides is a great example of that in terms of how the young individuals are coming together I was there in the

Bangalore event um sujata asoke and others uh driving it uh very passionately uh there were very young talented individuals who parti the hall was full and we were talking about various topics related to cyber security I think I think it takes a village to to to come together to deliver some great outcomes right and um and I think the the cyber security community in India is thriving uh the there is no Gap in terms of capability and knowledge uh and understanding between any part of the world and India because lot of innovation is happening in this part of the world now uh if you look at in terms of the the cyber security engineering work that is happening uh for Global uh

cyber security companies a lot of that is happening in India so I think um we have the talent we have the mindset we have the people we have the uh the necessary you know infrastructure uh which is required and now I think with with the push coming from the government you know we also have necessary support from the government to to for making India and to um you know create um Indian IP as well you know and Qui obviously is uh one of the leading companies towards uh achieving that so clearly um there is lots that needs to be done uh beyond our day job in terms of creating an ecosystem evangelizing the cause working

together networking together sharing experiences uh collaborating with each other uh breaking the barriers building Open Standards there is lots that needs to be done right and uh and specifically in the current role that I am in right now I think it gives me a great opportunity to help Foster that across the community in whichever way I can and I know a lot of my colleagues and friends are equally you know interested in doing the same so superb sir I think it speaks a lot about you as a human as a leader that what's your approach towards it's more about knowledge sharing and giving uh makes it very nice now in that way when you have a

dedication towards mentoring young individuals is very praiseworthy right what strategies do or advises do you offer to the aspiring cyber Security Professionals to succeed in their career paths yeah I think there is one thing about the domain and uh how one should go about uh you know building a career path and the other aspect is about the the behavioral aspect of you know young individuals as to how they need to condition their mind when they're building a thinking about their career because a lot of times what happens is that uh it's it's basically lack of focus and uh lack of clarity which creates some level of confusion in people in young students mind in terms

of what they want to pursue and what they want to achieve uh when there is a Clarity of goal and Clarity of thought uh then uh you are all you're always going in the same direction and when you are going in the same direction the chances of success and growth are very very high as compared to you keep toggling between one profession to another one job to another so I think I spend lot of time in terms of giving them uh that space where they're able to sort of take a take a step back and not and take it little easy and not get too much wor worried about okay what do I do next

before you even start focusing on what you're doing right now right so giving them that stability is I think very very important whichever whichever students or kids I have mentored I have found that just by them being able to bounce off and talk to me about their apprehensions or their anxieties brings in lot of calmness in terms of what they want to achieve in their career right and uh and I think you know it also give them some stability uh otherwise you know if they had not been doing that conversations they would have you know shifted and switch jobs much more times and I think you know there is no unfortunately there are there is no

quick fixes here right you have to go through the grind for you to able to abs absorb the pressure of the role and the job would really soak it in for you to be really ready for taking the next one it but the unfortunate part is that in today's insta gratification world there's no patience for that correct but uh but I so I think the patience is very very critical at least give two years 2 and a half years for every role that you play before you take on the next it will help you to build a much more fulfilling and much more endearing career right so that's the first part the second the second part is the technical

part as to whether you want to start whether you're aligned with the GRC role whether you aligned with the technical role whether you want to do start with networking and you know vulnerability management and testing part ethical hacking part or whether you want to go into the protection side or you want to go into monitoring side it does you know so each person is different and once you start uh you know uh exposing that individual to the different possibilities and they realize the the the amount of vastness to the topic of cyber security and then they have to narrow down and choose the path whether they want to start in a sock or whether they want to start as a risk

manager or whether they want to start into GRC all of whichever and then build a path around that so and then there are logical uh you know agencies and you know logical path that people can take so I think um I think both the aspects are equally important and I I sort of uh give them a mirror I I allow them to reflect their ideas and through the mirror and hopefully they find their own path once they are able to see things more clearly superb sir I think when you spoke about the path when when I started my journey in my current role I have been in this current role for past 5 years and I see how the the graph has

gone up I can resonate with whatever you said even while talking to people uh so pretty good and I think this works what you said right it's a practical way it's not that we can change and shift and see what's working for us now given that in you have explor like you said because it's an instag gratification world it's also a fast phas evolution of cyber security what opportunities do you foresee for these individuals businesses and the nation in the upcoming years is there something personally or particular trends that is exciting you I think the the cyber security domain and the industry is um is a is a safe safe bet right now because this problem is not going to go

away uh the way the internet is structured and the Way digital uh business is conducted um you know obviously there's a fundamental problem to be solved and uh and the world needs cybers Sentinels to to be there uh to protect uh the digital ecosystem of the world right and I think so far we are doing a very decent job okay um uh I think we are all unsung heroes I don't think people give uh enough amount of recognition to the work that the Cyber Sentinels have been doing across the world uh in protecting um the digital ecosystem so I think uh clearly I I see a path uh and a clear trajectory for the domain and the function and the

industry for next two to three decades for sure unless somebody comes out with a good and better alternative to internet right um and until and unless that happens we we will have to obviously it's a thriving it's going to be a thriving kind of industry right now so so whether it is you know you're in government space or you're in uh you know Academy or whether you in uh a vendor or you are a practitioner you know I I think you have a very important role to play and also value to add and we started a conversation of talking about value and the value addition is very very significant right now personally for me I think I'm at the

space where right now my my mind space is all about see how do I create and amplify this for my stakeholders right so it's not so much about me now and it's more about what what you know value I provide to them and how do I help them navigate their future right so I'm I'm I'm in that space right now where I'm constantly driving towards saying that how do I share my my knowledge my my lessons learned uh and and steer uh organizations or individuals or even even um uh fatties or uh community is to in the direction that they need to go when it comes to cyber security all right that's a very nice uh goal and

thought processor now you have also expressed your goal on making cyber security a fundamental right for all now how do you plan this because you said that you're thinking on this how do you plan to achieve this uh ambitious yet crucial objective on a global scale no I think when you talk about cyber security being a fundamental right I think it's it's about you know doing understanding your role in that whole um ecosystem and and then making sure you are able to impart it and execute it in a you know to the best of your abilities right and by doing so we are able to sort of create a trust in the uh you know for people to continue

to work for example uh this interaction that we are having today is uh we able to trust this interaction and this communic a you are in a different part of the country I'm in a different part of the country but you're able to have a a digital trust in in this conversation so every single day you know you can you imagine uh in today's day and age anybody without a computer screen uh doing anything worthwh wild okay which is unfortunate because you want to at times detox from the digital but the reality is that anything that you want to do you have you you need your computer or your mobile phone to do anything meaningful you know uh so um so

I think uh you know doing you know working constantly towards um keeping that the way it is uh is very very important right I give I keep giving this example of during covid um you know where the whole world had to Pivot towards digital uh 100% right otherwise otherwise were organizations which were doing 95% work from office and other things and they had to go 100% work from home and that could only be possible with technology and computers and communication channels and security all right imagine if imagine if we had a doubt in the security of that communication we would not be where we are right so I think uh that is the the fundamental right for for the future of

humans in the digital world and I think uh we obviously need to constantly work towards as a community towards ensuring that we keep it that way super sir one of my next question is regarding cyber security field now there are a lot of individuals in the cyber security field are there any particular individual especially women that have had an impact on your career or you have worked with them right I would like to uh know three or two people two women in cyber security that have had an impact on you yeah I think uh see my view is not just cyber security but otherwise as well I think women uh play a very very important role in bringing a balance to

a team okay and I have actually kind of uh my experience has been that when you have uh a good balance of women leader as well as uh men uh you you know lot of the things that men are blindsided uh are opened up by by women especially the feeling part of uh the uh any any role right I think the the perspectives that they bring on the table are completely unique and different which men are not able to see and so when I was in in forces and uh I had a team of uh you know functional heads who were um who are my leaders right who were the bridge between uh the leadership and the

team um on the ground I had a 50/50% kind of a uh split between women leader and men and I think that that gave a very strong balance and I think that was one of the best teams that I have had in my career because of largely because of the uh the women leader that we had and you know whether it is you know there were there were two shilas there was ABA uh there was Rashmi there were you know uh there were many Alicia uh so all of these people you know they played a very pivotal role uh in shaping U the Cy cyber security team of enforces and a lot of them are still there uh and some

of them have actually moved Alicia is now in uh in UK um and she's doing very well she's part of one global uh Bank uh there were many other leaders whom I worked and they doing very senior roles in different parts of the world there was a lady called dimple santwan she was um part of HDFC bank and now she is the COO of one of the Cooperative banks in Mumbai uh asmita G was a part of our team in HDFC Bank she's now a very senior leader continues to work in the bank so yeah I think you know people have played a very important role and and um and I think women especially women bring in a significant balance you

know to the to the team uh two names that I can talk about I already talked about Alicia who is now in uh Dublin Ireland uh and we uh there's another lady in enosis team in my services organization called sujata uh very strong leader very great mentor for aspiring women leaders in U in in forces and otherwise she's been a great cause for um motivating and uh coaching lot of women leaders in in cyber security industry so suata m is doing very well uh she continues to remain in enosis and uh is a strong leader there so yeah I think you know it's uh it's very important to have U an encouraged women leader um and I think

they have obviously inspired me uh in many ways uh to to see different perspectives and uh and uh you know as I said they bring in a very strong balance you know for for the teams yes thank you so much I think you answered the next two questions also for me what was B how do women play a part in cyber security as a team or not just in cyber security just as a team that was also answered think I think I have just two more questions for this interview with you now has a leader what principles philosophies guide your approach to building and leading teams focused in the cyber security domain I think uh when you talk about

building and building teams and motivating teams and uh leading teams uh you know whether it is cyber security or anything else you know uh it is it is the same it's it's almost the same philosophy that you need to follow one of the things that I have followed in my my life uh is that you know I've always looked up to my leaders um throughout my career and I have also looked up to what I liked about them and what I didn't like about them right and so when I am in a different role on the opposite role to my teams I've ensured that whatever I disliked I don't do that okay all right and uh and I've remembered that very

well right so I've learned lot of lessons right whether it is about discrimination whether it is about favoritism whether it is about walking the talk whether it is about leading from front whether it is about uh you know R removing your insecurities whether it is about clear communication whether it's is about fast decision making whether it's is about you know to not putting conflicts under the carpet there are 100 things that you as a leader want to ensure you know you create as a safe environment for your employees right so I have ensured that whatever I liked about my leaders I have emed those and whatever I disliked I've never I've ensured that I have never

done those mistakes sure sir sir one of my last questions right you did speak about bides bangalore's uh first edition conference that you had attended now what stood out for you there because we have a bsides conference coming bsides Bangalore conf conference coming up in June this year June 2th that is what would be your experience that people could learn from that experience and also come and see you again no I think see uh I I I hope I'm there and I'm able to spend a similar time with with all the all the folks uh and the community um and i' I've I've taken a decision that I want to be part of the bsides Bangalore uh wherever I am

and and support your C uh so so yeah I think I look forward to being there but um my message is that you know there will always be new things which are coming up few years back it was blockchain now it is AI next year there will be something else but just if you remember in in in banking right banking is all about PNR by 100 okay that's a fundamental rule of banking all everything else is all on top of that similarly when you talk about cyber security is about threat vulnerabilities and risks right it's all about that and so you want to you you want to keep it very simple right you can have exotic things and all of these

new things coming up but do the boring stuff right right and so always be passionate about threat vulnerabilities and risks okay so long as you're able to do that fundamental things right everything else will fall in place thank you so much sir I think with this podcast you gave us so much time time and so much knowledge that you could share and I took back a lot of lessons and one personal lesson which hit me is that when you were speaking right you said V instead of I that says a lot about you as a person as a leader also I'm going to take that back and I'm going to also focus it on my career

thank you so much sir for giving us your time all right you take care hey there thank you so much for tuning into to our episode of this particular podcast now I hope you enjoyed enjoyed it as much as we enjoyed creating it for you we would be very grateful to you if you could just like share subscribe our bides Bangalore channel so that it reaches more people now you're the reason what we do and why we do we will appreciate your continued support stay tuned for the next episode