Talking with the expert- KAMAL KISHORE SEEPANA
By Ashish Chhatani - Dec 12, 2018
Kamal Kishore Seepana, currently working as Manager- Information Security in Sony India Software centre comes with 10+ years of rich experience. He has excelled himself in various fields of InfoSec ranging from Governance, IT/IS Risk Management, Compliance, ISMS Implementation, ITGC audits, DLP implementation, Vulnerability assessment, Penetration Testing, System architecture design and review. It is great to have him sharing his thoughts and ideas with us. Here’s the interview of Mr. Kamal Kishore Seepana.
1. Please tell our readers a little bit about yourself.
Over a decade experience in information security, ranging from IT GRC, Vulnerability Management, security operations and Risk Management. Assisted in implementing and auditing of Information security controls for major clients in sectors like Banking, Finance, Manufacturing, Telecom, KPO and Pharmacy
2. Any specific reason to opt for Information security domain?
I used to show more interest on subjects like computer networks, Operating system and Cryptography during my graduation but realised the existence of cyber security domain only during postgraduation. Got industry exposure in InfoSec domain during internship and got fascinated by the scope of the domain and decided to purse carrier. Also the liking towards Sci-Fi and Cyborg stories/movies is one more reason
3. As we see you’ve worked in service based to leading product Based organisations. How’s the experience so far? Which One’s better or let me rephrase it which one’s more challenging And competitive to work?
I would prefer to share my experience by representing into two roles, revenue generation and cost centre. Revenue generation roles needs to focus on maintaining customer relationship, market solutions and efficiency in project execution whereas the cost centre roles needs to concentrate on building working relationship with business teams, alignment to corporate strategy and building trust. The other important aspect is Organisation culture which plays critical role in the experience.
4. We see you’ve got your hands on many areas. From governance to Vulnerability Management to architecture review to ISMS.What’s your area of interest in InfoSec domain? Network part or Web or Cloud or any emerging technology?
Tough question. On a personal note I would definitely love to work always on emerging technologies ranging from IoT, Machine learning and blockchain but needless to say that I am always excited to work in the existing areas like GRC, Security operations, Vulnerability Management to ensure operational efficiency.
5. Share your thoughts on transformation of InfoSec domain and Where do you see it in the coming time?
InfoSec community should play a bigger roles in ensuring confidence to the citizens while using new technologies/systems.
6. Do you feel the information security domain has got the Recognition as it should have got?
Lately yes, CISOs have started reporting to the board and attending the board/shareholder meetings. Almost all the industry sectors recognise the importance of information security.
7. Do you see any challenge that InfoSec domain is facing and that needs to be addressed?
- Alignment of information security strategy in line to business strategy
Effective communication of risks to the business
- Justifying of investment to management especially to replace the existing security tools stack with the next generation tools
Strategical approach in selecting security tools/solution
Shortage of skilled resources
8. Vulnerability that caught your attention for long time
If it has to be one then I would pick KRACK ("Key Reinstallation Attack"). The vulnerability caught my attention because of the wide usage of WPA2 and the weakness is identified at Wi-Fi standard level. Thankful to the WiFi Alliance on the release of WPA3 which addresses these brute force attacks.
9. What’s more dangerous? No knowledge or less knowledge?
Cyber security domain is vast and we can’t expect an individual to be more knowledgeable in multiple technical domains. If the organisation has defined security processes and carrier development plans neither are dangerous.
10. Best thing you find in InfoSec
An Infosec professional can work in any industry (Retail, Manufacturing, healthcare, banking and financial sector) of choice.
11.Which among Wannacry or Meltdown/Spectre, was the most unique incident according to you?
There are many SMB related vulnerabilities and wannacry one among those being popular because of the havoc it created whereas Melddown/ Spectre are definitely unique as they have change the focus towards hardware vulnerabilities.
12.The next big thing in Infosec will be….?
Upskilling knowledge to support businesses in adoption of IoT, Big Data, block chain and Machine Learning