Thought Leaders in Cyber Security: Rao Papolu, CEO of Cavirin (Part 3)

Sramana Mitra: I’m asking the question a bit more not specific to your particular solution. I’m trying to get you to forget that you are the CEO of your company and just really give me an objective analysis of how to make this decision.

As I’m speaking with you, I’m thinking that I’m going to bring a few CISOs on and ask the question so I can capture an unbiased perspective on this. This is getting very complicated. AWS is one niche. Azure is one niche. Then there are players like Fortinet. The CISO’s life seems to be very complicated.

Rao Papolu: Yes. You are absolutely right. Under a CEO, there may be a CISO, CFO, and even a Chief Risk Officer. Sometimes, CISO will directly report to the CEO. At the end of the day, the CEO wants the business to run and have it protected. It is not only about protecting but also growing the business. Anything related to information together with infrastructure is the role. If something happens, how can this be hedged? What type of preventive measures should be taken?

A CISO is predominantly focused on the infrastructure. When it comes to infrastructure both at the cloud and enterprise level, how is it protected? If there are new things coming, how do we protect? When it comes to cloud, there are a lot of uncertainties. At the same time, the development cycle and production have to continuously improve and grow. As a CEO, all these people ensure that they continuously protect the company and at the same time continuously run the business.

If I’m a CEO, then I’ll ask a CISO, “Where are the risk points? What are the preventive measures? What type of application is getting your more value?” The risk and compliance guys need a quarterly audit to ensure that all the systems in place are protected. Each role has a unique way of positioning himself.

Sramana Mitra: I’m actually looking a bit more granular for this series. Let’s say if you’re on the Board of a public company and you’re looking to assess risks, these are perfectly fine questions. For this, I’m looking for two levels down where I want to know how the CISOs are making these decisions.

How does a CISO, for example, decide between a Frotinet versus Cavirin? Who does what and how do you resolve the overlap? There’s so much overlapping functionality. How do you work through all these options? Then there are 500 smaller vendors who are also trying to come into the process. It’s incredibly complicated right now.

Rao Papolu: You’re absolutely right. That’s why I mentioned that each role has a different way of justifying. Every day is a tough day for CISOs because of too many hacks happening. There are people continuously hacking.

This segment is part 3 in the series : Thought Leaders in Cyber Security: Rao Papolu, CEO of Cavirin
1 2 3 4