Ms. Rakhi R Wadhwani: Exhibiting Seasoned Leadership in the Indian InfoSec Landscape
THE LEADER BEHIND AN ADMIRABLE COMPANY 2023
An interview with Rakhi R Wadhwani | InfoSec Author, Auditor, Trainer
Ms. Rakhi R Wadhwani | ISOQAR India Private Limited
Rakhi R Wadhwani is a published author, auditor, and trainer in cyber security having over 20 years+ experience working as a Technology Professional, holding multiple certifications in Digital Forensics, Ethical Hacking, and Information Security and Privacy.
Experienced assessor focused on improving business compliance, workflow, and processes through detailed audits and optimization recommendations. Successful track record for fully evaluating information, structures, and procedures and initiating corrective actions.
Seasoned operationally oriented compliance executive with multi–industry experience in delivering high-impact, value-adding external audits with excellent client feedback.
Competent problem-solver with proven capabilities of working in dynamic teams in a fast-paced environment. Outstanding leadership and interpersonal skills in building relationships with people from different organizational levels and cultures.
Skills and know-how encompass across multiple specialty areas like Information Risk Management and Assessment, Regulatory and IT Compliance, Security Controls, Compliance and Technical Audit, Business Continuity and Disaster Recovery Management, Vulnerability Management and Information Protection and Data Loss Prevention, Internal and External Audits.
She is also Editor-in-Chief in Digital Forensics (4N6) Publication.
Hello, Ms. Rakhi Wadhwani Please introduce yourself to our readers.
I am working at ISOQAR India Private Limited as a Senior Assessor and Trainer. I am a published author, auditor, and trainer in cyber security. I have over 20 years+ of experience working as a Technology Professional, holding multiple certifications in Digital Forensics, Ethical Hacking, and Information Security and Privacy. My skills and know-how encompass across multiple specialty areas like Information Risk Management and Assessment, Regulatory and IT Compliance, Security Controls, Compliance and Technical Audit, Business Continuity and Disaster Recovery Management, Vulnerability Management and Information Protection and Data Loss Prevention, Internal and External Audits.
How did you start your journey in the cyber world?
My journey into the cyber security domain was not by my choice. Even in the school days, there were no specific choices for this domain. However, I always wanted to be in the technology domain. As it happened, my first job was in Information Technology; this is when I realized my passion for cyber security which I then took up seriously to build my professional career.
Tell us about your experience as a woman in infosec space.
My journey in the infosec space has been very enriching, exciting, and full of challenges. The learnings and discussions you have on a day-to-day basis working with colleagues and customers always encourage me to take another step further.
What are the various career opportunities in information security?
I would like to emphasize that cybersecurity/information security is a very tough field. Learning in information security is never-ending given how the field is evolving so quickly. There are plenty of opportunities available in Risk and Compliance, Governance, Identity and Access Management, AI and ML, IoT, Legal, Cloud Security, Audits, Incident Management and Forensics, SOC, and Application Security. Depending upon your area of interest one can work or build upon a career in one or multiple areas.
Do you think most of the organizations have a capable team and they are ready to adopt the new information security standards?
A tricky question and the answers are May Be or May Be Not.
The information security standard provides a guideline on how can the organization implement controls to minimize the risk to the acceptable level and ensure that the information is safe. However, these are just guidelines and may overlap with some of the best practices followed by the organization. Now a days, many of the organizations already have a dedicated cyber security business unit that focuses on SOC Management, Risk and Compliance, Governance, and Audits to stay in compliance with the industry standards and security standards. Many times, it is a challenge to provide training to the existing staff to deal with the new and emerging tools and technology. Hence is it good to build competencies within the organization based on the skill matrix and also partner with the external organization or vendor who have specific capabilities and the right skilled resources to address the organization’s needs.
What are the various Open Source IP Compliance failures you see in the current industry?
Nothing is free today however many of us assume that open source is freely available and can be downloaded by anyone to use. Open source is associated with the best-known OSS license which is known as GNU General Public License (GPL). We need to read the terms and conditions of the licenses thoroughly before we use them. Open source has certain limitations on usage, copying, modifying, and distribution and we need to know them before using them. Moreover, in open source, there is a possibility of finding more security issues than the licensed or proprietary software.
What are the useful online and offline sources to learn Vulnerability management and Open Source IP Compliance?
There are many resources available for vulnerability management. Many online communities also provide training to keep you abreast of the latest tools and technology. For Open Source IP Compliance, one can begin to start with FOSSID (https://fossid.com/) or Fossology (https://www.fossology.org/)
What certification do you suggest to master the skills in infosec space? Please suggest the right path and resource to achieve it.?
Learning in information security is never-ending given how the field is evolving so quickly. The urge to earn a degree each time you change your job role or job profile is not easy and feasible. Hence professional certificates are a good choice to close the skill gap you may have. There are various programs such as Information Security, Risk Management, and Incident Management to name a few which would provide a foundation for jobs in this domain. However please be sure that self-learning and dedication is the key to success. You can learn by reading books, online sources, mentors, peers etc. For more details on the training and certification, you can visit: https://www.isoqarindia.com/
What are the myths companies have in their mind while dealing with cybersecurity?
Installing the best defence security products such as Firewalls, Intrusion Detection Systems (IDS), Intrusion Protection Systems (IPS), Antivirus, etc does not secure the organization. These solutions if not configured correctly could lead to disaster. No organization is completely safe and secured, there is always an undisclosed vulnerability and the only solution is to remediate it as soon as possible.
Do remember, the security solutions and products are only a part of the security strategy.
Have you ever faced any gender discrimination in your career? What do you think about women in cybersecurity?
As per my experience, gender is not an issue, and a lot of people in the industry want to see more diversity. Being treated equally and judged on the quality of the work and the level of expertise rather than anything else is by far the most common experience for me.
Do you think the Indian Government should implement some new rules or laws to prevent cybercrimes? If Yes, then kindly mention what it should be?
Many Rules, Many Challenges. I feel the Indian Government should have more judiciary who are aware of cyber security and its challenges. They should be a single point of contact for cybercrime-related issues. They should work together with various sectors to create awareness and look at new tools and technologies to curb the new threats and risks.
To explain the scarce presence of women in cybersecurity, one study shows that 52% of them do not have any interest in computing and therefore discarded developing a professional career in this field. You are a good example of a professional who has not had to take a STEM career to become specialized in computer security, what is it that attracted you to this field? Why you’ve decided to pursue Information Security as your career option?
A career in Information Security can lead you to many different specialized paths such as you can be proficient and specializing in compliance, legal, privacy, risk management, incident management, threat monitoring, etc. The most fascinating thing about this domain is that it is now attracting more personnel from various fields and also personnel with a wide diversity of interests by simply upskilling or reskilling.