Welcome to the Cybersecurity Readiness Podcast Site
May 11, 2022

Perspectives of a Global Chief Information Security Officer

In a wide-ranging discussion, Vishal Salvi, CISO & Head of Cyber Practice at Infosys, sheds light on a range of topics from CISO empowerment to creating and sustaining a high-performance information security culture. He highlights the importance of "delivering on your agenda" for CISOs to gain trust and credibility. Vishal also recommends making the CISO role independent of the CIO, uniformly enforcing security policies across the organizational hierarchy, and operating at a high state of readiness.

Apple Podcasts podcast player icon Spotify podcast player icon RSS Feed podcast player icon Amazon Music podcast player icon Audible podcast player icon
Apple Podcasts podcast player icon Spotify podcast player icon RSS Feed podcast player icon Amazon Music podcast player icon Audible podcast player icon

In a wide-ranging discussion, Vishal Salvi, CISO & Head of Cyber Practice at Infosys, sheds light on a range of topics from CISO empowerment to creating and sustaining a high-performance information security culture. He highlights the importance of "delivering on your agenda" for CISOs to gain trust and credibility. Vishal also recommends making the CISO role independent of the CIO, uniformly enforcing security policies across the organizational hierarchy, and operating at a high state of readiness.

Time Stamps

00:41 -- Please share some highlights of your professional journey.

02:00 -- Does your job keep you up at night? What worries you?

04:09 -- What makes you so good at what you do, what do you bring to the table by way of strengths?

07:54 -- If you had a say on how CISOs should be empowered by the organization, who should the CISO be reporting to? What would be the ideal organizational structure?

10:50 -- You will probably agree that to gain that kind of access or that level of reporting that you're talking about, the CISO has to earn the trust and credibility and be respected. What are your thoughts?

15:14 -- What would be a few metrics that you recommend CISOs track or you track that gives you a sense of whether you're on the right trajectory, or you need to do something different? What would those important metrics be?

17:36 -- Enhancing cyber transparency to customers and investors through formalized reporting, such as SEC reporting, could bring about a sea change in a variety of things, probably the most important of which is the top management commitment. What are your thoughts?

20:16 -- Given your extensive experience working across different organizations in the public and private sector, share some best practices of top management commitment?

24:01 -- I'd like your thoughts on what a high-performing information security culture is, how do you get there, and how do you sustain it?

29:15 -- If you approach security learning from the standpoint of say, one question a day that gets emailed to every person who has to respond, it's like these word games that people play every day. They have to come up with a solution, but one a day. So instead of trying to impart a one-stop-shop training at one go and then do it again six months later, if you infuse cybersecurity training into the organizational work practices whereby, just like I said, one question a day, and you approach it that way, what are your thoughts? Do you think that might help enhance awareness and sustain the level of knowledge? What are your thoughts?

31:23 -- I've often wondered, why that sensitivity to make training more substantive, is not there? Why is it that organizations are so compliance-driven that they don't recognize that compliance is often not enough, and they need to go beyond that, to have a substantive effect?

34:28 -- Why do individuals and organizations often drop the ball when it comes to cyber intelligence?

41:24 -- What advice and recommendations do you have for professionals who are either entering the field or who are considering cybersecurity as a career?

 

Memorable Vishal Salvi Quotes

"Cybersecurity roles actually test all your leadership capabilities fully."

"Every single CISO in the Indian banking industry is independent of the CIO."

"It is always preferred that you make the CISO independent of CIO and elevate the CISO to a level where you are able to drive the mandate of cybersecurity. So the more elevated and more empowered the CISO, the more committed is your mission to cyber."

"The most important thing for gaining credibility and earning respect is to deliver on your agenda."

"When you start defining policies for your organization, you need to be able to implement them consistently across the organization. You shouldn't have a separate set of policies for your senior leaders, and a separate set of policies for your juniors."

"Most of the courses that we see and organizations are not actually focused on learning, but they're more focused on going through the motions and achieving compliance."

"Our endeavor should always be to make our staff battle-ready in peacetime."

 

Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast

Please subscribe to the podcast so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes release every two weeks.

Connect with Dr. Chatterjee on these platforms:

LinkedIn: https://www.linkedin.com/in/dchatte/

Website: https://dchatte.com/

Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338