#CFInfluencia Series: Interview with Ram Kumar

I started my tech career in 2004 (previously spent 3 years in non-tech). My first tech job post PG was with an American ISP, and that’s where I cut my teeth into cyber security (in those days it was called information security).

Call it destiny or divine guidance, I was assigned to the security team, and that’s how I got into cyber security. I worked across different industry sectors – ISP, IT, ITO, BFSI, Media & Entertainment, Healthcare, and now in Automotive.

It gave me a ringside view of how each of these sectors views & manages information security and my stints helped me build expertise and hone my skills in information security, business continuity, and data privacy. And I have a proven track record of setting up, leading, and delivering business-aligned information security programs.

1. Social Engineering: Attacks specifically phishing attempts target organizations to compromise credentials or deliver malware payload. Besides technology tools to handle phishing emails, role-based user awareness including gamified learning and periodic simulation exercises with a rewards program to recognize exemplary behavior and actions would help.
2. Ransomware Attacks: Ransomware attacks are a nightmare today given their devastating impact on enterprises. A whole range of technical measures and readiness checks to be taken to handle ransomware attacks – malware detection, patching, secure configuration, network segmentation, cyber threat intelligence, endpoint hardening, review port settings, continuous data backup and restoration tests, tabletop exercises, incident response playbooks & tests, cyber security insurance, etc. Of course, user awareness with situational awareness updates to end users and technical briefing to IT & cyber security teams are essential as part of prep measures.

In every corporate stint, I left my mark which significantly impacted the enhancement of the security posture of the company. I’ve been part of companies where no security program existed and I got on board to help set up the function from the ground up and mature the program.

One achievement that I can talk about proudly is the integrated information security & corporate security program that I built at a media and entertainment company (which required a customized program for each business division) was validated and got the company certified for two consecutive years under a global information security standard specific to that industry.

This was a key win that enhanced the competitive advantage of the company apart from raising the security posture of the company. As for awards, apart from occasional awards & honors I received during my various corporate stints, I used to be a frequent winner of industry awards and recognitions (now I’m deliberately keeping away from the Awards circuit)

2022: Top 50 B2B Thought Leader and Influencer to Work with in 2023 APAC by Thinkers360

2021: Key Opinion Leader – Risk Management by Onalytica, USA

2020: Top 50 Global Thought Leaders and Influencers on Risk Management, Cyber Security, Privacy & Culture by Thinkers360

2019: CISO of the Year, Consumex Productions

I’m fortunate to receive these honors and I’m thankful to all my bosses, colleagues, and industry peers who supported my career growth and have been part of my career journey. The cyber security domain is vast; specialize in one or more core technical areas and then expand your horizons by getting exposure to multiple area’s that are aligned with your career aspirations.

Be situationally aware all the time by keeping tabs on the latest trends, developments, and pointers

1. Nurture a child-like enthusiasm to learn anything new and be curious
2. Continuous learning is critical to having a successful career in cyber security
3. Be ready to adapt to the changing environment – learn, unlearn, and relearn
4. Take the lead in a technology/process implementation exercise, which will teach you way more than all the theoretical learning you may gain
5. Learn the art of people management – this is underappreciated, but as we advance in our careers, we will be dealing with people rather than technology on a daily basis.
6. Become a consummate communicator. This is important to get your message across the board—management, staff, vendors, regulators, and beyond
7. Build a persona that comes across as a strong, confident leader that the management can rely on and entrust with higher responsibilities
8. Collaborate to succeed – no matter how smart you are, cyber security is a team sport; no single person can achieve the goals.
9. Keep networking with industry peers and senior professionals constantly—this can help in many ways in your professional career

I always believe, especially in the tech domain, the day you stop learning you stop being relevant. In that way, learning is life and learning is growth.

It’s been a wonderful learning & upskilling journey with CyberFrat. I’m a member since 2021 and I’m proud of my association with CyberFrat. Gaurav Batra and his team has been doing an awesome job in organizing webinars, training programs, in-person meets and much more! The personal warmth and support that everyone in CyberFrat provide right from Gaurav to his team members helps in better connect. As I believe in supporting good folks in their ventures, I’ve been a goodwill ambassador for CyberFrat and have recommended many friends & industry peers to become members and reap the benefits. Keep up the great work CyberFrat! “