In this edition, we are thrilled to feature Mr. Kannan Srinivasan, an esteemed leader in the field of cybersecurity and data privacy. As a co-founder of Cyberzale Technologies, Mr. Srinivasan is at the forefront of safeguarding critical data and advancing innovative security solutions. With a career that evolved from a .NET developer to a recognized expert in enterprise risk management, he has played an instrumental role in shaping the cybersecurity landscape. Known for his strategic vision and hands-on approach, Mr. Srinivasan leads a highly capable team dedicated to tackling today’s most complex cyber challenges. In this interview, he shares insights on his career journey, the growing importance of cybersecurity, and the innovations driving his organization forward.
1.Can you tell us about your journey to Head of Cybersecurity and Data Privacy at GAVS Technologies?
I began my career as a .NET developer and quickly progressed to the role of Project Manager. Inspired by cybersecurity and aspiring to become a CISO, I committed to extensive learning, earning certifications, and proactively seeking opportunities to transition into the domain. With the support of my managers and key leaders who recognized my passion, I was given the opportunity to lead enterprise architecture engagements.
Subsequently, I became a Risk Officer for a prominent practice, overseeing cybersecurity, enterprise risk management, and business continuity for over 30,000 associates. Currently, I serve in a dual capacity as the CISO of our organization and the head of a thriving cybersecurity practice.
Our efforts focus on safeguarding healthcare clients, including the security of medical and IoT devices, supported by a highly skilled engineering team capable of developing innovative security solutions. Among our key innovations is the Zero Incident Framework, an AI-OPS product with multiple patents and unique security features designed to address critical cybersecurity challenges.
2.What inspired your interest in cybersecurity and data privacy?
Cybersecurity incidents are on the rise, with ransomware now being offered as a service, where attackers even go as far as enticing employees to share organizational vulnerabilities for financial gain. In the healthcare industry, these threats are particularly alarming, as they directly impact patients and their well-being. Similarly, in financial institutions, cybercriminals can wipe out hard-earned money, leaving no trace behind.
Working in cybersecurity provides a profound sense of purpose in the IT field. Much like a soldier guarding national borders, those of us in cybersecurity play a crucial role in protecting sensitive data and critical infrastructures. The sense of pride and satisfaction derived from defending organizations and individuals from cyber threats is immense. The work is challenging, yet rewarding, as we safeguard the systems that people rely on every day, ensuring their security and peace of mind.
3.How has your transition from project management to leadership roles shaped your perspective on technology and business strategy?
My transition from project management to leadership roles has significantly shifted my perspective on both technology and business strategy. As a manager, the primary focus was to ensure that projects were completed on time, within budget, and met internal requirements for usability. The success metrics were clear and centered on the execution of specific tasks and deliverables.
However, as a leader, the scope expands considerably. It’s no longer just about meeting internal objectives; it’s about understanding the broader market dynamics and industry trends. As a leader, I must evaluate how these external factors influence the company’s strategy, assess risks, and ensure that initiatives align with legal and regulatory standards. Building a compelling business case becomes crucial to secure stakeholder buy-in and the necessary budget for initiatives.
From a technology perspective, as a manager, the inclination is often to choose popular tools that are well-established. As a leader, however, the focus shifts to outcomes. It’s less about the tool itself and more about the value it brings in terms of addressing business challenges and driving long-term success.
4.How do you ensure compliance with global data privacy regulations like GDPR or CCPA?
It may sound basic, but when new regulations come, the first thing to do is check the applicability of the law to the organization. Many times, organizations implement controls that are not even required. The next key step is conducting a cost-benefit analysis. For example, let’s say an organization is dealing with a handful of European individual data, and the cost of implementing GDPR requires USD 500K. The organization should evaluate whether this cost is truly justifiable and if there is a way to avoid collecting personal data. Once we have confirmed that the requirements need to be implemented, the next step is to clearly define the plan, resources required, tools, etc. Make sure all stakeholders, including management, are aligned, and have assigned a lead to support the initiative. Monitor the progress, track the risks, and follow up to mitigate. Conduct periodic reviews with all stakeholders.
Do a pilot run, and if you need to interface with external auditors, ensure they are satisfied with the implementation progress, control design tests, and tests of operating effectiveness.
The most important aspect to keep in mind is continuous improvement. Look for areas where we can improve the process.
5.What is your advice to young professionals aspiring to leadership roles in technology?
Leadership is not just a fancy title or about how many people you manage. A good leader is not made overnight; instead, it’s an attitude and personality change that you have to practice every day. Key things to consider are:
a. Keep Learning: Spend at least one hour a day reading on your core subject (e.g., cybersecurity), management books, and the fundamentals of finance and people management.
b. Manager/Leader Dilemma: Leadership is not about using others as a ladder; instead, you should be the ladder that leads the team.
c. Character: Build personality traits and avoid the following: i. Do not talk badly about others. Feedback should be given in person. ii. Be punctual, even if the meeting is not particularly important. iii. Do not skip the process. You lead by example. For example, do not tailgate or write your password on the table. iv. Take responsibility for failures. v. Be honest.
