Dr. Lopa Mudraa Basuu was recently named in the list of Top Women Cyber Security professionals in India. She is a leading security evangelist with extensive experience in information security, data privacy, risk management & governance. In a candid chat with Robin Chatterjee, Consulting Editor, dynamicCISO, she looks back at her journey and talks about the essentials for any cyber security professional in today’s context.
Robin Chatterjee (RC): From starting as a technologist to becoming one of India’s most known faces in Cyber Security. How will you describe your journey?
Dr. Lopa Mudraa Basuu (LMB): Any journey would not be interesting if it is a smooth sailing one. The journey which has some ups and downs, some hurdles in between is worth remembering and retelling. I started as a network professional in IT function which was very unusual in those days. Initially it took some time to break the ice and establish the trust that a woman is equally good and can have a command over technology.
The challenge was due to typical old school belief i.e. – women can work as software developers and in IT processes but not in a demanding and dynamic field of IT such as networking, moreover women can not have a good grip over technology compared to men.
It was not a common practice, but I was interested in network security and the challenges were more like a learning curve for me. It was a step by step ladder from security professional to security architect to privacy, risk and governance leader. At every stage, I tried my best to learn not only the new technologies but also understand what leadership and interpersonal skills mean for our vibrant industry.
RC: Over the course of your journey, how would you summarize the evolution in the CISO?
LMB: More than the technology itself, what I have seen is that the role now requires considerable amount of business acumen and leadership capability. The CISO’s role is no more just deploying some security devices and applications and then monitoring the performance of those platforms. Rather, it is more of a security strategy enabler looking at compliance adherence, risk management and understanding all of the above from business standpoint. More than the technology aspect, CISOs today need to be tracking new developments across the world, whether social-political change or changing inter-country relations and their impact on certain regulations, etc. Today, a CISO is expected to be an innovation catalyst within the organization.
RC: What can you say to those aspiring woman technology professionals who are willing to explore the cybersecurity space?
LMB: Cybersecurity space is no different from any other technology vertical. Today, women are more aware of career choices and I don’t think at any point their decision should be influenced in any way. Having said that cybersecurity as an industry is very accommodating. The key difference here is that you must be not only technically sound but also should possess management attributes because there are lots of stakeholders that you would be expected to interact with and get a consensus built within your organisation. Technology and opportunity doesn’t differentiate on the basis of gender. Being a woman, just don’t expect that you’re going to get specially treated. The level of organizational expectation will be equal to your male counterparts.
If you want to be treated equally, you should start practicing the same yourself.
RC: Can you tell something about your new role in Nissan Motor Corporation?
LMB: Usually, for any car manufacturer the risk and compliance teams are different for its three main functions, i.e., the manufacturing units, the connected cars and the overall enterprise compliance. I won’t be able to disclose much at this point of time, but I can say that my role is to create an overall strong security governance for the connected cars as well as for entire the enterprise.