Amar Singh, CEO and co-founder of Cyber Management Alliance, had the pleasure of chatting with Hariprasad Chede, Vice President of ISACA UAE Chapter and CISO in the finance sector, about the CISO role, the importance of threat intelligence for businesses today, and his desire for more account aggregation with valued feedback in the finance sector.
Hariprasad agrees if is a challenging role that is still evolving but if the person has a passion for the job, then it is definitely a good option. However, he believes there is a level of technical knowledge required. There is a need to not only understand the industry, but also a knowledge for delegating and managing people, being able to handle pressure and being able to respond to people and problems in a timely manner.
“If you’re not technical enough then there is the possibility that you may not reach that level of role.”
A technical person will be able to learn the business much faster and be a better CISO, says Hariprasad. If you opt for a business person and then try to add the technology, then they may struggle in the CISO role. That said, if they are capable of learning and understanding the terminologies and keep up with the pace of a fast-changing environment, then it may work. Personally, Hariprasad prefers going with the technology person who will then be able to learn the business – that will help with the intricacies of the job.
For Hariprasad, first and foremost it’s about whether they have a passion for the information security/cyber security field. Are they eager to learn and will the make a good team member/team leader – there are different qualities needed for team members in comparison to team leaders, in Hariprasad’s opinion, and he likes to explore these attributes. In addition, he’s looking for somebody that won’t take anything for granted, has an eye for the details and demonstrates diligence, be it the technology, with policies or any other aspect, and is able to take an evidence-based audit approach. Lastly, they need to be able to understand the business and be flexible; from there a business can train and upskill their staff.
An experienced person that wants to enter the audit/assurance/information security field should look firstly at the CISA qualification, believes Hariprasad. The qualification covers a multitude of functions and domains, and from there specialist functions can be chosen and the relevant certifications to those can be explored.
The COBIT 5 is a very good framework not only for governance, but as a tool for managing the company as a whole, advised Hariprasad. The framework includes methods in measuring business metrics that can be used to ensure the company continues to mature.
Hariprasd would rather businesses focused on the data rather than on the channel or at device level. He would like to seem more businesses asking themselves how to put the security around the data.
“It’s the data we’re trying to protect; secure the data.”
As far as Hariprasad is concerned, threat intelligence is critical; it’s not just about getting a subscription from a threat intelligence provider, it’s also about what is happening within the peer community. It’s about the sharing of knowledge and that is very important. Hariprasad has seen this happening globally; this helps in sharing the knowledge in advance. Threat intelligence helps any organisation take these steps, says Hariprasad.
With Hariprasad working in the finance industry, he would like to see the aggregation of multiple banking accounts with regular feedback on the status of all the accounts. He believes that this will not only show how savings work, but also how a business can work. It’s something for the next generation and these economics will come from childhood onwards, leading to us seeing a group of excellent entrepreneurs in the future.
Another aspect is the road to smart devices. Whether it’s knowingly or unknowingly, globally Hariprasad believes we are getting into that. However, he also believes that it is important to enter the Internet of Things marketplace too.