Paytm | Fintech
Aditya Khullar – Tech Security Leader
Key IT Spending Areas FY 2018-19: Threat Intelligence tool, NAC , MDM , cloud security & audit tool
5 Key Solutions Deployed in 2017-18: 1. Bug bounty program was started , 2. Code review tool (SAST and DAST) , 3. DLP implemented at network and end point level , 4. EDR , 5. Technical security training program for application developer teams.
WHAT DOES DIGITAL MEAN FOR YOU? –
Interconnecting various end points to gather a spectrum of IT and Application infrastructure. This assures a pro-active approach of looking at threats, if any.
Name 3 Best practices for aligning IT with new normal business demands? (100 Words)
- The largest IT initiatives, in terms of budget and resources should be directly linked to business goals and objectives.
- Business managers should drive major IT initiatives in conjunction with IT managers.
- IT strategy and planning should be directly linked to the company’s strategy and planning processes. Moreover, IT should be an equal agenda item in the company’s strategy and planning sessions.
What is that one key message you would like to give to IT vendors? –
One of the key messages so as to have a good relationship with vendors is to know what they must do & to not expect them to do anything more. Secondly, vendor should lay down the contract clearly. If it doesn’t, then the business needs to find out quickly and get the contract clarified. This is important because this is the only thing one (business) can count on when the going gets tough, so make sure that your expectations are aligned to it.
Significant milestones as CIO/CISO (current and past roles):
Past role :
Threat Intelligence program was deployed at Indigo airlines (Year : 2017-18)
Due to ongoing threats looming with respect to ransomware, malware and virus outbreaks, the business was facing the challenge to keep the infrastructure secure from both remote and local insider attack vectors. To counter the threat, the company decided to implement threat intelligence for the infrastructure.
The company performed threat landscaping, basis the instances of different attack vectors which could affect them. A sandbox environment was implemented which could pro-actively assess a threat before it hits. Real-time threat advisories are sent to the end infra teams to pro-actively manage network, servers and applications.
Present Role :
MDM (mobile device management) was deployed enterprise wide. This was to ensure that mobile users data is protected .
NAC (Network access control) : This ensured that any device which got connected to the official network is governed through an access control mechanism. This in turn eliminates local and remote exploits to a great extent.