Chief Information Security Officer’s (CISO) role has seen a great deal of transformation, especially in the last one decade. The high-profile breaches in the past shook the board of directors and management quite hard. As a result, CISO is no longer the guy just providing safeguards against threats and risks. The modern-day CISO is a critical persona that helps bridge gaps across technology, automation, and also cybersecurity. After all, securing the information assets of large enterprises with 100s of thousands of employees is a herculean task.
After a long wait, the good news seems to be knocking on the doors of the CISOs. They are being strongly considered for a coveted seat in the company’s board or if not that, they are at least considered part of senior management. That shows the rising clout of cybersecurity and how it is part of the top business agenda for every company.
While many CISOs are still not able to mark their presence and are on way to reach the boardrooms, there are a few who made that mark early.
Meet Sunil Varkey – one of the most prolific names in the global cybersecurity circuit, who besides being a CISO, is an active contributor in academics, so much so that he has applied for three patents, and waiting for them being credited to his name.
Sunil has devoted well over two decades of his professional life to the broader cause of technology and information security. Rising from the ranks of a systems administrator at the Saudi British Bank in 1995, he went on to become the Managing Director and Global Head of Cyber Security Assessments & Testing at HSBC before quitting the position this year in January for a personal reason.
There’s hardly any important industry sector that Sunil hasn’t managed as a cybersecurity leader be it banking, telecom, ITES, manufacturing, he has dabbled into all, and that too across geographies including the US, Middle East & India.
It has been quite a journey for this otherwise humble, accessible, and knowledgeable CISO but if you ask him about the high of his career, he’d immediately say Wipro where he served as the CISO for six years. Managing over 180,000 users and making strategic cybersecurity happen for a mammoth technology infrastructure across 82 countries and 11 acquired businesses across India, the US, Germany, and Brazil wasn’t an easy job after all. The moment of reckoning came when the company, realizing his worth, bestowed upon him the title of a “Fellow Distinguished Member of Technical Staff” in Aug 2017 for his exceptional services and intellectual prowess.
After spending about six years in Wipro, Sunil moved into an entirely different role. Since he had advised many InfoSec companies on an entirely honorary basis, Symantec, one of the finest cybersecurity companies of all times (acquired by Broadcom in 2019 and eventually by Accenture in 2020) valued his intellectual calibre and roped him as the CTO and Strategist for the emerging region of Middle East, Africa, and Eastern Europe. Sunil’s key role in this role was to define and evangelise security strategy for the enterprises in this region.
After Symantec’s acquisition, Sunil decided to move out and that’s when he came across this global role at HSBC as stated above. Unfortunate events related to Covid-19 Pandemic had just begun and therefore Sunil was asked to join the company’s India facility. Among other things, his role at HSBC involved cybersecurity assessment and testing the life-cycle ecosystem of penetration testing, threat modeling, digital footprint, vulnerability management, and 3rd party security risk assessments in both pre and post-production environments. Sunil quit this position in January 2021 for entirely personal reasons.
Industry has been indebted for his contribution to the cause of cybersecurity and thus awarded him time and again. In 2016, Data Security Council of India (part of India’s top software and IT services association Nasscom) recognised him as a Security Leader of the Year, which he truly deserves. Not just that, for his leadership and technical knowledge, he won the stellar Best People Manager (2016) award.
Early in his life, he is credited with building and managing the information security practice for GE Capital International Services. As the CISO of Idea Cellular, Sunil was entrusted with the responsibility of securing over 100 million customer base, the telecom company’s network, and entire internal IT.
Apart from his vast experience in the enterprise domain, he is also the commander and cybersecurity advisor to the Kerala Police. Sunil is an active speaker and has presented at more than 60 public events/sessions in over 12 countries including RSA Conference, Trend Micro’s CloudSec, and other similar high-profile conferences on various information assurance domains. He has published over 40 articles in various print and online media.
In addition to contributing to numerous publications, he has 11 certifications including CISSP, CIPP/US, GSNA, CGEIT, CRISC, CISA, ABCP, ITIL- V2 (Red Badge), and Six Sigma GB certified.
What makes Sunil stand apart from the crowd is his great academic acumen and quest for knowledge.
A Snapshot of the three patents Sunil has applied for:
- Patent on methods and systems for integrated risk management in enterprise environments
- Patent on system and method for generating cognitive security grid for enterprise security
- Patent on method and device for classifying uniform resource locators based on content in corresponding websites