An interview with Rakhi Wadhwani | InfoSec Author, Auditor, Trainer
Updated: Jun 28, 2020
1. Hello, Ms. Rakhi Wadhwani please introduce yourself to our readers.?
I am working at ISOQAR India Private Limited as Senior Assessor. I am a published author, auditor and trainer in cyber security. I have over 20 years+ experience working as a Technology Professional, holding multiple certifications in Digital Forensics, Ethical Hacking, and Information Security. My skills and know-how encompass across multiple specialty areas like Information Risk Management and Assessment, Regulatory and IT Compliance, Security Controls, Compliance and Technical Audit, Business Continuity and Disaster Recovery Management, Vulnerability Management and Information Protection and Data Loss Prevention, Internal and External Audits.
2. How did you start your journey in the cyber world?
My journey into the cyber security domain was not by my choice. Even in the school days there were no specific choice for this domain. However, I always wanted to be in the technology domain. As it happened, my first job was in Information Technology; this is when I realized my passion for cyber security which I then took up seriously to build my professional career.
3. Tell us about your experience as a woman in infosec space?
My journey in the infosec space has been very enriching, exciting and full of challenges. The learnings and discussion you have on day to day basis working with colleagues and customers always encourages me to take another step further.
4. What are the various career opportunities in information security?
I would like to emphasize that cybersecurity / information security is a very tough field. Learning in information security is never-ending given how the field is evolving so quickly. There are plenty of opportunities available in Risk and Compliance, Governance, Identity and Access Management, AI and ML, IoT, Legal, Cloud Security, Audits, Incident Management and Forensics, SOC, Application Security. Depending upon your area of interest one can work or build upon career in one or multiple areas.
5. Do you think most of the organizations have a capable team and they are ready to adopt the new information security standards?
A tricky question and the answers are May Be or May Be Not.
The information security standard provides a guideline on how can the organization implement controls to minimize the risk to the acceptable level and ensure that the information is safe. However, these are just guidelines and may overlap with some of the best practices followed by the organization. Now a days, many of the organization already have a dedicated cyber security business unit which focuses on SOC Management, Risk and Compliance, Governance and Audits to stay in compliance with the industry standards and security standards. Many times, it is a challenge to provide the training to the existing staff to deal with the new and emerging tools and technology. Hence is it good to build competencies within the organization based on the skill matrix and also partner with the external organization or vendor who have specific capabilities and the right skilled resources to address the organization needs.
6. What are the various Open Source IP Compliance failures you see in the current industry?
Nothing is free today however many of us assume that open source is freely available and can be downloaded by anyone to use. Open source is associated with the best-known OSS license which is known as GNU General Public License (GPL). We need to read the terms and conditions of the licenses thoroughly before we use them. Open source has certain limitations on usage, copying, modifying and distribution and we need to know them before using them. Moreover, in open source there is a possibility of finding more security issues than the licensed or proprietary software.
7. What are the useful online and offline sources to learn Vulnerability management and Open Source IP Compliance?
There are many resources available for vulnerability management. Many online communities also provide trainings to keep you abreast on the latest tools and technology. For Open Source IP Compliance, one can begin start with: FOSSID (https://fossid.com/) or Fossology (https://www.fossology.org/)
8. What certification do you suggest to master the skills in infosec space? Please suggest the right path and resource achieve it.?
Learning in information security is never-ending given how the field is evolving so quickly. The urge of earning a degree each time you change your job role or job profile is not easy and feasible. Hence professional certificates are a good choice to close the skill gap you may have. There are various programs such as Information Security, Risk Management, Incident Management to name a few which would provide a foundation for jobs in this domain. However please be sure that self-learning and dedication is the key to success. You can learn by reading books, online sources, mentors, peer etc. For more details on the trainings and certification you can visit: https://www.isoqarindia.com/
9. What are the myths companies have in their mind while dealing with Cyber Security?
Installing the best defence security products such as Firewalls, Intrusion Detection Systems (IDS), Intrusion Protection Systems (IPS), Antivirus, etc does not secure the organization. These solutions if not configured correctly could lead to disaster. No organization is completely safe and secured, there is always an undisclosed vulnerability and the only solution is to remediate it as soon as possible.
Do remember, the security solutions and products are only a part of security strategy.
10. Have you ever faced any gender discrimination in your career? What do you think about women in cybersecurity?
As per my experience, gender is not an issue and that a lot of people in the industry want to see more diversity. Being treated equally and judged on the quality of the work and the level of expertise rather than anything else is by far the most common experience for me.
11. Do you think the Indian Government should implement some new rules or laws to prevent cybercrimes? If Yes, then kindly mention what it should be?
Many Rules, Many Challenges. I feel the Indian Government should have more judiciary who are aware of cyber security and its challenges. They should be a single point of contact for cybercrime related issues. They should work together with various sectors for creating awareness and looking at new tools and technologies to curb the new threats and risks.
12. To explain the scarce presence of women in cybersecurity, one study shows that 52% of them do not have any interest in computing and therefore discarded developing a professional career in this field. You are a good example of a professional who has not had to take a STEM career to become specialized in computer security, what is it that attracted you to this field? Why you’ve decided to pursue Information Security as your career option?
Career in Information Security can lead you to so many different specialized paths such as you can be proficient and specialize in compliance, legal, privacy, risk management, incident management, threat monitoring etc. The most fascinating thing about this domain is that it is now attracting more personnel from various fields and also personnel with wide diversity of interests by simply upskilling or reskilling.
The few studies that we find about the low representation of women in cybersecurity suggest that people with social skills are needed, not only with coding skills. In your opinion what woul
13. The few studies that we find about the low representation of women in cybersecurity suggest that people with social skills are needed, not only with coding skills. In your opinion what woul ho are interested to start their career in cyber security?
Do not say "I cannot do it". Always be curious to learn every aspect of tools and technology. Just because you are newbie does not mean that you do not know about the technology. Wear confidence and specialize on day one that will surely make you a winner in the time to come.
14. Anything additional you would like to add here which gives value to our readers?
Don't Compromise Yourself. Your Talent will make room for YOU.
No one will come and give you anything!!!, especially in the male dominated field of cyber security or information security. You are the only one who will have to put yourself out there! You never know who is on lockout to hire a confident woman to demonstrate her skills and initiative in this domain. There are many ways to enhance your path into the security domain however networking is the most effective. You can join various security groups such as ISACA, OWASP, CAP, Null, CyberFrat, Digital Forensics, InfoSecGirls etc. You can present your papers at conferences. You can be a volunteer at conferences. You can present papers in local chapter meetings and meetups.
Remember networking and relationships are the key differentiator in this field, and giving back is an excellent way to build a long term and beneficial relationships. Get out and get to know your local security chapter community.
15. What upcoming challenges do you see as per the current security postures of companies? Please share your thoughts on the impact of COVID-19 on cybersecurity.
It is a fact that cybercriminals tend to spy on unexpected events; when the normal way of working gets disrupted the cybercriminals takes this an opportunity. We will observe a rise in phishing attacks, Malware, Ransomware Attacks which will result in more infected computer systems and smart phones. Most the users who are connected online are being targeted. Cyber Security Hygiene needs to be taken seriously by the organization as well as individuals during this pandemic attack.