Pankit Desai is one of founders of Sequretek, a startup that is making waves in the cybersecurity market with its plethora of products and services. An information technology veteran, Desai has previously worked with a number of top-notch organizations, such as IBM, Wipro, Cognizant, Rolta, and NTT Data. In an exclusive interview with CISO MAG, he talks about Sequretek, the cyber threats looming over businesses, and much more.
It has been almost four years since you co-founded Sequretek. How has the journey been so far?
The journey has been very fulfilling for us so far. The company continues to grow; we have more than doubled our headcount in the last one year, and are on track to continue to grow exponentially. In the initial days, it was difficult for us to get our message beyond the security buyer community within the customers. However the events of recent past on account of well publicized global threats, senior management of companies have started to realize the security threats they face and are asking hard questions around whether their security posture will have business continuity or a brand impact. This in turn is making our message of Simplify Security as well as looking at security from a 360 degree perspective that resonates well with our customers.
What makes Sequretek unique in the information security domain?
Sequretek probably is the only company that offers a blend of our own core threat and intelligence products along with both on-premise and cloud services. We present a multi-dimensional view on security. We are not a reseller, or just a product provider or just a service provider. We have the ability to cross leverage various components of security for our customers and that is what they (customers) appreciate. We have the ability to look at every dimension of how a company operates with regards to security that gives customers the confidence that we will not depend on anyone else to solve their problems and the buck will not be passed. Secondly, we are a startup and, therefore, very nimble and responsive. Thirdly, we are a core security company, having no distractions that plague some of the other players in the industry for whom security is a miniscule part of their offering. Our single-minded focus is on security and that is something that draws customers toward us.
I am sure during the last four years, Sequretek must have hired a lot of security professionals. Did you witness any skill gap in the domain?
It is difficult to find information security professionals who are good at their job. If you see educational institutions that have cyber security as part of their curriculum, most of the times their focus is on the theoretical understanding of the security. On the other hand, most private security training institutions have courses that focus lot around audits and governance which are not the only pillars of cyber security. The real world security encompasses governance, security management and security operations across the full spectrum of organization tech stack. This is an area which does not get much focus in these courses.
Also, there is a lack of holistic understanding of cybersecurity in the upcoming talent. Many professionals are good in one component of cybersecurity. For example, if we talk about endpoint security, someone would know only about anti virus or encryption or data leakage, but a very limited understanding of how these work in conjunction with the rest of the organization or their adjacent security stack.
One of the biggest cybersecurity issues that companies face is insider threats. What is Sequretek doing in that regard?
Any security issue stems from three aspects: people, process, and technology. Insider threats come from people who either make mistakes or indulge in some malicious activities. To tackle it, you need to be in a position to provide proper training to the employees, and make them aware of potential risks to the organization that their actions may bring. In this regard, we run security awareness campaigns for our customers to identify the ways they can get compromised.
With regards to process component, we help clients understand aspects like identifying critical data elements, the data flow, the potential risk of flowing data in a certain environment, the ingress and egress points existing in the organization, etc.
The last aspect is technology. It is important to first understand what technology you can deploy to protect the data. The second step would be monitor that technology environment 24/7 to understand the epicenters of the breaches, if any, and be in a position to find out if the organization is suffering from any breach or about to suffer from one.
As a cybersecurity solution provider, what kind of training is provided to your employees with regards to insider threats?
“Practice what you preach” is the mantra that we go by. We are primarily a product company, therefore, very close of being paranoid about security. Right from not allowing data to be stored locally to having technologies for encryption and back-up, we have implemented a number of security practices. There is continuous auditing of our infrastructure to make sure that there are no vulnerabilities. Our processes comply with international standards, and we maintain strong documentation that deeply follows the security processes. And lastly, we make our employees aware how their actions can potentially impact the organization with regards to cybersecurity.
I was reading an article written by you on LinkedIn few years ago where you talked about “Perfect Storm,” caused due to sudden explosion of the Internet and the cyber risks that came with it. According to you, how far have we been able to overcome the “Perfect Storm” and what are the measures we are not employing to tackle it?
Honestly, the “perfect storm” has become more perfect in the last few years. If you look at the article, it focused a lot on smartphones, Internet, data integrity and other aspects. What it did not focus on was the change in the financial eco system that the financial inclusion initiative of the government has brought about. With the JAM (Jandhan, Aadhar and Mobile) stack, India has now a complete tech stack reaches the last Indian on a remote corner of the country. The stack allows access to citizen services, financial inclusion, access to subsidy, e-commerce and maybe at some point healthcare at home. Just the sheer reach of this technology combination has thrown upon a significant potential security challenges. This is something that I had not foreseen when I wrote the article.
At Sequretek, we are already working on building a security framework that can leveraged by enterprises wishing to take advantage of this wave whilst giving a secure experience to their customers.
What are the biggest challenges you face in the year ahead?
First of all, I would like to thank our stakeholders –customers, employees and investors – who have worked with us to make the company successful. Despite being a startup, we are very well accepted in the industry and have been able to grow in a difficult competitive environment. We have proven ourselves to the stakeholders that we are a company to reckon with. To continue growing, we have to consistently meet the commitments made to our customers. We are also looking to raise funds to fuel our growth and expand internationally. We would want to add to our current portfolio of solutions and add acquire security companies in this space, and stick to the growth strategy that we charted for ourselves.