Shivani Arni, Enterprise Chief Information Security Officer (CISO) at Mahindra Group comes with over 20 years of experience in information security. She is dedicated to cybersecurity, focusing on IT security, compliance frameworks and policies and more. Shivani has prior experience in managing complex security operations at TransUnion CIBIL Limited and addressing critical security challenges.
In a recent conversation with Women Entrepreneurs Review Magazine, Shivani explores the evolving landscape of cybersecurity in India and women’s representation in the field. She emphasizes on offering mentorship and guidance to women professionals to boost representation in leadership roles in cybersecurity and the need to keep evolving with the changing industry trends.
Given the increasing frequency and sophistication of cyber threats in today’s digital landscape, how do you see the role of cybersecurity evolving? What key skills will be essential for leaders in this domain?
The cyber world is continuously evolving, and the role of cybersecurity professionals in the next five years will increasingly rely on artificial intelligence (AI) and machine learning (ML). AI and ML will be employed for routine tasks to minimize manual intervention. Cloud security and Zero Trust architecture will gain prominence. Cloud security is becoming crucial as the reduction of on-premises footprints leads to a shift towards virtual cloud environments. Zero Trust architecture offers enhanced control over network access by restricting users' permissions based on their identity and the necessity of their access, rather than providing unrestricted access within the network.
Privacy and data protection remain paramount, especially with the forthcoming implementation of the Data Privacy Act in India. To ensure adherence to this legislation, there will be a heightened emphasis on compliance with the Data Protection and Digital Privacy Act (DPDPA).
Key cybersecurity skills include technical proficiency, strategic thinking, effective communication & collaboration, risk management, and adaptability. Women in the industry should be encouraged to cultivate these technical and strategic competencies while recognizing the significance of communication and collaboration for facilitating business growth and development.
Risk management capabilities are vital for information security officers, who must align their risk appetite with organizational thresholds and undertake risks judiciously. Lastly, adaptability is crucial in both professional and personal spheres, as change is inevitable. By honing these skills, cybersecurity professionals can maintain their competitiveness and navigate the dynamic landscape of the digital domain.
In a field traditionally dominated by men, what strategies have you found effective in empowering and mentoring women to take on leadership roles in cybersecurity?
I have served as a mentor in a women's leadership program at my previous firm, participating in a Women of Technology group where we guided juniors into new leadership roles. Mentorship, training, and development are essential for women in leadership within cybersecurity. Various strategies for skill development in the workplace include online and offline training, workshops, and certifications. It is imperative to foster a supportive culture that promotes work-life balance, flexibility, and healthy competition to empower and mentor women. Recognizing and celebrating achievements, both small and significant, can instill positivity and motivate individuals to strive for more.
Forming internal committees to discuss challenges and engage in open discussions is crucial. Management, HR, and top leadership should actively participate in these forums to cultivate an inclusive culture. Additionally, establishing resource groups to address any challenges faced by employees, regardless of gender, can contribute to a more inclusive and supportive environment for all.
With new technologies and evolving regulatory changes, how can women leaders in the field advocate for and implement adaptive security measures?
As technologies continue to evolve, it is essential to remain informed about the surrounding environment and enhance existing controls to safeguard against new technological advancements. Regulatory changes are inevitable and aim to standardize controls across organizations. Regulatory frameworks help maintain consistency and focus on overall performance. Leveraging artificial intelligence and machine learning can offer insights into emerging threats and identify opportunities for strengthening security measures. Investing in these technologies can enhance the effectiveness and efficiency of security controls.
In a globalized digital world, how can cybersecurity leaders effectively collaborate across borders and cultures to strengthen international cybersecurity efforts and policies?
I possess extensive experience in working with organizations across various countries, including Mahindra, which operates in 100 different nations. As data privacy laws and regulations differ globally, it is imperative for organizations to maintain effective communication across these regions. I have previously conducted monthly meetings with dedicated Chief Information Security Officers (CISOs) to exchange insights and gain an understanding of each other's environments. Furthermore, online forums that facilitate the sharing of experiences and policies can aid in consolidating and standardizing controls on a global scale. I firmly believe that such platforms can significantly enhance security controls within cross-border cultures and regions.
What are critical leadership skills required to ensure secure and resilient technology implementations? How can women leaders use their unique experiences to guide these transformations effectively?
Understanding skill sets such as strategic thinking, communication, collaboration, this expertise are essential for organizations. It is not merely about having knowledge of all available tools but selecting those that are most advantageous for the organization. Emphasizing a long-term vision and investing in sustainable technologies is imperative.
Behavioral skills, including empathy, collaboration, embracing diverse perspectives, and focusing on people, are equally important. These skills contribute to stronger teams and ensure the organization's long-term success.
Considering the growing focus on ethical hacking and threat intelligence, how can women leaders in cybersecurity advocate for ethical practices and drive industry-wide standards?
Ethical hacking and threat intelligence involve a proactive approach to identifying and addressing issues within an environment. Adherence to ethical practices and discipline within an organization can help grow. While initial implementation may face resistance, however business will recognize the importance of ethical practices. Promoting conversations and encouraging women leaders to advocate for ethical practices can help increase awareness and encourage change within the organization.
