He has always been a workaholic. Even while doing his bachelor’s in engineering, Amit Pradhan was working for two different companies, one in the morning and the other in the evening. While on one hand he gained expertise in software development, on the other he got valuable experience in electronics and instrumentation. Being a strong believer in sticking it out, Pradhan, after completing his education, made a conscious decision to enter sales. This happened while most of his classmates were going abroad or taking up postgrad courses. He always wanted to do something different. However, his first brush with security came in the form of Locus, a medical transcription company. Pradhan helped the company put security around their products. He later went on to convince the organization to expand the security portfolio. “That is when I realized that I was good at security. Even in that domain, I had an edge over the others despite not having any certification in the initial days. I came with hands-on experience in sales, software development and instrumentation,” recalls Amit Pradhan, Chief Technology and Security Officer (CTSO), Vodafone.
After working as a consultant for companies like KPMG, Pradhan decided to get back to the industry as he felt he was losing his social life. He moved into various leadership roles in the security domain with companies such as RBS, Cipla (where he got his first senior management exposure). He joined his current position at Vodafone on the recommendation of a colleague. “In all the industries that I have worked with including banking, security had its place. But it was never driven. You had to drive it. Telco was one that I noticed was driven by security. There is a pull. Compared to other industries, the dynamics are very different. And I wanted to take up a challenging role. It has been four years now. And Vodafone has completely changed my outlook not only towards security but also as a professional,” says Pradhan.
With the cyber security domain being so dynamic, Pradhan has words of advice.
According to him, a CISO should have the confidence and the ability to understand what is expected out of him or her by the senior management, while protecting and securing the infrastructure. It is very important to understand how the management thinks. The second most important thing is business alignment. A CISO can’t work independently or in isolation, feels Pradhan. Everything has to be aligned with business. That can only happen if one creates a very different stage for oneself. A CISO has to be more of an enabler rather than being a gatekeeper or restrictive. S/he has to find ways to make the organization more flexible. S/he also needs to know what is going on in the industry to be aware of the advancement of threats, attacks, etc. and thus plan his strategy accordingly. Lastly, s/he also needs to be a good relationship manager. Security is something that nobody likes. Nobody likes restrictions.
When asked what Pradhan brings to the table in his current role, he says that he understands what the senior management wants from the function of a CISO. It is, however, easier said than done. “It means I spend time and energy to understand where they are heading and where they are coming from when they talk to me. I try to read their mind. Why did they say something that they did? Secondly, I am good at governance and operations. I try to put everything in auto pilot mode and make systems fool proof. If you do that through a good process or automation, then the hazards are taken care of. Most importantly, the basis of security is trust and therefore one needs to build that. And for that there is need for a strong and robust team. As a leader, I stand up for my colleagues when things go south or they make mistakes,” he adds.
Regarding his outlook on cyber security, Pradhan says that the sector is dynamic and ever changing. Perceived threats or risks are not the same as they were three years ago. With the Internet of Things (IoT) coming in, it is altogether a different ballgame. “In the last two years, I have witnessed so many high-voltage incidents. I have seen and experienced them first hand,” says Pradhan.
According to him, it is important for every company to bring the focus on cyber security. This does not mean just hiring a CISO. He says that cyber security has to be a part of the key agenda in every quarter in the Executive Committee meeting. Every quarter, security needs to be discussed at the senior-most level. He believes that if that happens, there will be a pull created for the CISO and the organization towards security.
Talking about security and privacy in a digital world, he is of the view that one can’t imagine the digital world without security: Right from identity and personal profiling, or using Artificial Intelligence for decision making and predictions. “If you are not taking care of security in all these aspects, you are basically staring at disaster. With digital around, everything is integrated and connected. Cyber security is an inherent part of it. We cannot isolate it,” he adds.