On the lighter side of things we ask to Mustafa Gangardiwala, Head of Information Security Unit, Industrial Bank of Kuwait, about what makes him tick.
What would you describe as your most memorable achievement?
During my career, I have gain technical expertise in different technical areas. Even though I have a core technical understanding, I always believe that without considering and addressing the people factor, an acceptable level of security can’t be achieved. In the early stage of my career, I got an opportunity to work with higher management and I failed to persuade them on one of the important security initiatives.
After that when looking in the mirror, I realised that the issue was in my method of communication. I again worked hard and changed my communication style so non-IT people could understand. After that, I was able to explain and convince them on the same initiative. This was one of my most memorable achievements which taught me the importance of soft skills.
What first made you think of a career in technology?
It was the early 90s when technology was not widespread and reachable to most people. My brother had already started his career in the technology field and because of that I came to know the fascinating capabilities of technology and how that will change the future.
This motivated me to start my journey in the technology arena. As I was early in that field it was not easy to find the resources for self-learning. I was lucky as I got the suitable opportunity which consistently demanded and motivated me to learn new technology.
As technology is constantly evolving and at the same time businesses are demanding to adopt these new technologies to give themselves an edge, security is key in this journey. Each new technology comes with new security challenges and understanding these new technologies always fascinates me and keeps me motivated.
What style of management philosophy do you employ with your current position?
I use a combination of a strategic and affiliative management style. Even though I motivate my team to work independently, I also adopt the example-setting management style so my team are in-sync and increase the standard of their output. Regularly providing the guidance and motivation, being part of the team and providing adequate training is crucial to build the trust in team members. In addition to that, identifying the key capabilities of the team and helping them to build further in that area helps the team to achieving great results with limited resources.
What do you think is the current hot technology talking point?
To address the consistent dynamic business requirements, hybrid cloud, micro services and API have great potential. In addition to that robotics, automation, predictive analysis and Blockchain will provide great benefits on different areas of the business. As these new technologies have great potential, adoption of these innovative technologies will largely depend on the risk appetite and security maturity of the organisation.
How do you deal with stress and unwind outside the office?
I follow the ‘stop and think before reacting’ rule which helps me to take a rational and analytical decision instead of an emotional one. Also assigning priority and time management is key to reducing unnecessary stress in working time.
I keep reading good books and visit new places as I love nature so spending some time with it refills all the required energy and helps me to focus again. Some quality time spent with family and friends always helps to unwind the stress.
If you could go back and change one career decision what would it be?
Every decision is based on circumstances and information available at that time and I always learn from that. Even if I have the opportunity to change my career decision, I still like to proceed on the same path because I am passionate about my work. The only thing I will do is obtain the soft skills with my technical skills at a very early stage as security is not only about technology it’s about the people who are using it.
What do you currently identify as the major areas of investment in your industry?
Micro services and API will be a major area of investment due to the capability of highly improving productivity by faster service delivery to address the business requirements. In addition to that adoption of cloud and compliance management is another area of major investment due to different dimensions of risk posed by these new innovative technologies. As new and targeted threats are consistently increasing, Artificial Intelligence and predictive analysis-based security technologies will be one major area of investment to counter the threat.
What are the region specific challenges when implementing new technologies in the Middle East?
As adoption of new technologies increase, this multiplies the present security threat due to lack of expertise on these new technology areas. As Zero Day vulnerabilities and targeted attacks are consistently rising, compliance authorities also increase the necessary protection benchmark to protect from these advanced attacks. Data/cybersecurity controls and adequately securing these technologies is the main challenge for adoption of new technologies.
What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months?
As higher management is more technology demanding, at the same time they are more aware about the potential cybersecurity risks and support to reduce the potential issues raised because of the adoption of technology. These changes require extensive soft skills including a better way to communicate so you can talk to the business in their language and explain the risk management more efficiently. It’s also necessary to build trust between stakeholders and embedded security into the overall digital strategy of the organisation.
What advice would you offer somebody aspiring to obtain a C-level position in your industry?
Keep the basics right and first reduce the attack surface. Your previous experience of the security domain is not sufficient as each organisation has unique business and cultural challenges.
You can help to secure the business only with an understanding of the business and this will help you to align the security with business in the most efficient way and boost the trust with stakeholders.
Adopt the framework and consistently measure the maturity, plan for new initiatives to increase the maturity; Keep this process as businesscentric. It’s a myth that security risk can be reduced by just purchasing security products. The key is for this to enforce the proper process, procedure and secure configuration baseline.