Talking with the expert- FATHIMA RIYAZHYDER
By Pankaj Rane - Oct 06, 2018
Fathima Riyazhyder aka Suhana, is a team lead for Sony picture entertainment currently working in Sony India Software Centre. She comes with an experince of 10+ years in Information Security domain. We're glad to have her sharing her valuable insights of InfoSec domain and her journey in this month's edition. Kudos to Pankaj Rane to get this done and bringing Suhana in October edition. Here're are the questions that were asked to Suhana.
1. Please tell our readers a little bit about your journey so far.
It was an exhilarating journey. I started my career as a security analyst performing application/network assessments and configuration audits. And looking back I am thankful that I chose this career. I loved everything about it like the thrill of finding a new vulnerability, learning new tools and techniques. It is also a great feeling to know that I am helping companies to be secure.
2. How did you get into this domain? Was it predetermined?
After my graduation I did not want to rush into a job, instead I wanted to evaluate options. That is how I came across information security opening with Paladion, and I started reading about it. More I learned, the more I realised that it is a great career option.
3. As we see you’ve worked in leading product based and service based organisations, How’s the experience so far? Any preference between them?
Both service-based organisations and product based organisations have their own pros and cons. Service based organisations give more exposure and learning for somebody who is starting their career. However, products organisations can give you depth and specialisations.
4. What are your areas of interest in Information Security?
My primary area of interest in Information security is application security. I enjoy finding vulnerabilities in the applications and new ways of hacking into the applications.
5. Do you see equality for women in InfoSec or there are still some gaps to fill in? Any challenges you see for women working in InfoSec?
Across IT streams I personally feel gender equality is better in comparison with other sectors and Information Security is no different. Considering the kind of work we do and the type of opportunities that we get, I feel women who are looking for IT career should evaluate IT security. I have worked with many women ISOs across various geographies. I am sure this is going to be the situation quite soon in India as well. Even in Sony, the company that I currently work for the Infosec stream is headed by Ranjini Sethupathy. I feel it is a good field for women to get in.
6. What does it take to become a good manager?
To be a good manager we need to do 3 things primarily. First is to listen and take decisions faster. Second, to delegate. The third I feel is to help your team to achieve the goals set and nurturing the team.
7. As Sony pictures faced a significant hack in the past, Do you feel an extra pressure to keep it more safe?
Information security is all about being aware and being alert. There is no concept of 100% security. Our objective is to ensure that vulnerabilities are identified earlier and mitigated faster. I think it is not about the pressure but actually about the direction the company takes after an attack. It makes the organisation aware of security issues and some organisations responds to it positively. I think Sony has done a great job by ramping up their information security operations.
8. What keeps you going even if the odds are not in your favour?
Motivation, recognition and trust from my peers and managers.
9. Any interesting incidents related to InfoSec you would like to share when you thought its a big deal to handle?
I felt it is a big deal to convince the developers to fix the vulnerabilities. In my previous job for one of the client I had to demonstrate the attack scenarios and risk that vulnerability can pose to the organisation. This helped the client understand the criticality of the issue and the need to fix on priority.
10. Any advice to the young minds specially girls planning to pursue InfoSec as a career?
As said earlier it is a great field to work, grow and get exposure. I feel the women who are looking for IT career should evaluate Information Security domain.
11. What’s next in the bucket to achieve?
AI, Artificial Intelligence. Using AI to optimise various information security practices is evolving. It could be advanced threat detecting and attack prevention. Just like in any other stream AI is actually big. This is something I would like to keep myself abreast with.