Babitha B P, CISO at CSB Bank, shares her insights and perspectives after a 23-year professional journey:
Ravi Lalwani: What attracted you to the Information security profession? If you were to look for the next change, what would it be?
Babitha B P: I have been in the field of IT & security for the last 23 years. While handling the core IT team and before getting into the current role we concentrate more on delivering the business required on time and introducing more innovative solutions to improve customer experience. As a CISO, I investigate how securely IT solutions are moved to production, identify the gaps in the IT system, and create a cybersecurity culture in the organization.
The security profession is a passion where we are working as a defender of cyberspace trying to prevent, mitigate risk/attack, and detect it at a faster phase. This involves technological skills, and experience and requires extreme passion as we are guarding our organization and keeping up our customer trust. This is my attraction towards this domain.
Today If you ask me if am looking for a change, I might go for audit of security, which is another challenging area where skill sets are required. A security audit is a very important exercise to access the security posture of an organization, find gaps and if I’m moving out of the CISO role at any later point in time, I would like to give my contribution to this area.
What is your understanding about the kind of people you have come to know in the cybersecurity domain – is there something special about them?
People who are in this domain are professionals who are passionate about their job and have introspective skills to get into the depth of things. They tend to be technical expert with business understanding. They have the patience to understand a solution in depth, to identify security gaps in the solution and have the expertise to provide solutions to prevent or mitigate the risk identified. They are continuing learners who upskill themselves about new threats and technologies to mitigate them.
CISO is like a pilot of an aeroplane. All these attributes make cybersecurity people unique.
Have you been involved in cybersecurity education for customers and employees? What has been your learning about improving effectiveness?
Cyber security is a culture that needs to be followed in organization and society. So, we are involved in giving education to customers and employees as an ongoing process and not as a one-time practice. We try to do phishing exercises and red team to assess the security awareness; we send newsletters regarding types of fraud happening and storyboard on the same.
We call customers over the phone to make them aware of the risk and to educate them on how they are supposed to act in case of a situation. I consider cyber security awareness creation not just as part of my profession but as a social commitment. When we educate our customers and employees, it is easier for us to implement security measures like multifactor authentication. Cyber security is now considered a service to customers – it helps to build trust and confidence for customers to bank with us.
We test the effectiveness of the learning by conducting phishing exercises periodically. Moreover, even if someone clicks on any link during such an exercise, we appreciate employees who respond stating they have clicked on it. Success of the training depends upon the response received from the customers. Information security is everyone’s responsibility, and it should be a culture and part of our day-to-day activity.
Cyber security being a lucrative field, is attracting several high-IQ youngsters. Other than IQ, what else is important for a person to sustain a career in security successfully?
I believe it is passion, hard work, and consistency that make way at the end of the day. Further, continuous learning is what is very much required in the field of cyber security, as new technologies are evolving every day. One must be aware of these continuously changing or evolving technologies to understand the vulnerabilities in these technologies. So, a person who likes to learn and considers it passionate to understand technology in depth can only move ahead in this area or domain. Experience in IT has a pivot in developing a career in cyber security.
Reflecting back on your own past, on what would you have given greater emphasis, compared to what you did?
Enjoy the work which is been entrusted is what I do. I believe whatever happens is for good. Every day is a new experience that helps me to learn and improve upon.