In a wide-ranging discussion, Vishal Salvi, CISO & Head of Cyber Practice at Infosys, sheds light on a range of topics from CISO empowerment to creating and sustaining a high-performance information security culture. He highlights the importance of "delivering on your agenda" for CISOs to gain trust and credibility. Vishal also recommends making the CISO role independent of the CIO, uniformly enforcing security policies across the organizational hierarchy, and operating at a high state of readiness.
Time Stamps
00:41 -- Please share some highlights of your professional journey.
02:00 -- Does your job keep you up at night? What worries you?
04:09 -- What makes you so good at what you do, what do you bring to the table by way of strengths?
07:54 -- If you had a say on how CISOs should be empowered by the organization, who should the CISO be reporting to? What would be the ideal organizational structure?
10:50 -- You will probably agree that to gain that kind of access or that level of reporting that you're talking about, the CISO has to earn the trust and credibility and be respected. What are your thoughts?
15:14 -- What would be a few metrics that you recommend CISOs track or you track that gives you a sense of whether you're on the right trajectory, or you need to do something different? What would those important metrics be?
17:36 -- Enhancing cyber transparency to customers and investors through formalized reporting, such as SEC reporting, could bring about a sea change in a variety of things, probably the most important of which is the top management commitment. What are your thoughts?
20:16 -- Given your extensive experience working across different organizations in the public and private sector, share some best practices of top management commitment?
24:01 -- I'd like your thoughts on what a high-performing information security culture is, how do you get there, and how do you sustain it?
29:15 -- If you approach security learning from the standpoint of say, one question a day that gets emailed to every person who has to respond, it's like these word games that people play every day. They have to come up with a solution, but one a day. So instead of trying to impart a one-stop-shop training at one go and then do it again six months later, if you infuse cybersecurity training into the organizational work practices whereby, just like I said, one question a day, and you approach it that way, what are your thoughts? Do you think that might help enhance awareness and sustain the level of knowledge? What are your thoughts?
31:23 -- I've often wondered, why that sensitivity to make training more substantive, is not there? Why is it that organizations are so compliance-driven that they don't recognize that compliance is often not enough, and they need to go beyond that, to have a substantive effect?
34:28 -- Why do individuals and organizations often drop the ball when it comes to cyber intelligence?
41:24 -- What advice and recommendations do you have for professionals who are either entering the field or who are considering cybersecurity as a career?
Memorable Vishal Salvi Quotes
"Cybersecurity roles actually test all your leadership capabilities fully."
"Every single CISO in the Indian banking industry is independent of the CIO."
"It is always preferred that you make the CISO independent of CIO and elevate the CISO to a level where you are able to drive the mandate of cybersecurity. So the more elevated and more empowered the CISO, the more committed is your mission to cyber."
"The most important thing for gaining credibility and earning respect is to deliver on your agenda."
"When you start defining policies for your organization, you need to be able to implement them consistently across the organization. You shouldn't have a separate set of policies for your senior leaders, and a separate set of policies for your juniors."
"Most of the courses that we see and organizations are not actually focused on learning, but they're more focused on going through the motions and achieving compliance."
"Our endeavor should always be to make our staff battle-ready in peacetime."
Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast
Please subscribe to the podcast so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes release every two weeks.
Connect with Dr. Chatterjee on these platforms:
LinkedIn: https://www.linkedin.com/in/dchatte/
Website: https://dchatte.com/
Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338
Welcome to the Cybersecurity Readiness Podcast
Introducer:Series with Dr. Dave Chatterjee. Dr. Chatterjee is the author of
Cybersecurity Readiness:A Holistic and High-Performance
Cybersecurity Readiness:Approach. He has been studying cybersecurity for over a decade,
Cybersecurity Readiness:authored and edited scholarly papers, delivered talks,
Cybersecurity Readiness:conducted webinars, consulted with companies, and served on a
Cybersecurity Readiness:cybersecurity SWAT team with Chief Information Security
Cybersecurity Readiness:officers. Dr. Chatterjee is an Associate Professor of
Cybersecurity Readiness:Management Information Systems at the Terry College of
Cybersecurity Readiness:Business, the University of Georgia, and Visiting Professor
Cybersecurity Readiness:at Duke University's Pratt School of Engineering.
Dr. Dave Chatterjee:Hello, everyone, I'm delighted to
Dr. Dave Chatterjee:welcome you to this episode of the Cybersecurity Readiness
Dr. Dave Chatterjee:Podcast Series. Today, I have the pleasure of talking with
Dr. Dave Chatterjee:Vishal Salvi, Chief Information Security Officer, and Head of
Dr. Dave Chatterjee:Cyber Practice, Infosys. I'm sure you all are familiar with
Dr. Dave Chatterjee:Infosys. But just in case you're not, Infosys is a global leader
Dr. Dave Chatterjee:in next generation digital services and consulting. So
Dr. Dave Chatterjee:Vishal, delighted to have you, it's truly an honor. And I'd
Dr. Dave Chatterjee:like to bring you into the discussion, and let you share
Dr. Dave Chatterjee:with the listeners a few things, your highlights about your
Dr. Dave Chatterjee:professional journey. So welcome.
Vishal Salvi:Thank you, Dave, for having me here. And it's my
Vishal Salvi:pleasure to be here on this podcast, my name as you're
Vishal Salvi:already introduced me, but my role is of protecting Infosys as
Vishal Salvi:a global CISO for Infosys. And apart from that, I have an
Vishal Salvi:additional responsibility of delivering the same value for
Vishal Salvi:our customers. So I head the cybersecurity business as well.
Vishal Salvi:And this positions me to really be end-to-end accountable for
Vishal Salvi:cybersecurity across all spectrums in my organization.
Dr. Dave Chatterjee:Great to hear! One question I like to ask
Dr. Dave Chatterjee:all CISOs and especially somebody like you who's a global
Dr. Dave Chatterjee:CISO of a major organization, does your job keep you up at
Dr. Dave Chatterjee:night? What worries you?
Vishal Salvi:so many challenges stacked against you. It's an
Vishal Salvi:asynchronous sport, you need to make sure you're protecting all
Vishal Salvi:your vulnerabilities. And the bad guys need to just exploit
Vishal Salvi:one. So so for a large part of my career, I always thought that
Vishal Salvi:we were like sitting ducks. But then, once I started to work in
Vishal Salvi:organizations, which are committed to investing in people
Vishal Salvi:and technology in and committing to the cause of security, I have
Vishal Salvi:kind of begun to change my opinion on this. And I do
Vishal Salvi:believe that this problem can be solved. It just needs that
Vishal Salvi:mindset, and the resources, which are required for you to be
Vishal Salvi:able to deal with it. Right. And it's not about, it's not about
Vishal Salvi:doing something today, and then forgetting about it, because
Vishal Salvi:you've done some good work here. It's constantly watching how the
Vishal Salvi:threat landscape is changing and pivoting to a new way of
Vishal Salvi:working, and you're constantly sort of agile and adaptive to
Vishal Salvi:what's happening around and not having a status quo. Now, I know
Vishal Salvi:I've given a long answer to your question. But in reality, I have
Vishal Salvi:a very peaceful sleep most of the time. And that's largely
Vishal Salvi:because you know that you and your team have done the right
Vishal Salvi:things for your organization. And therefore it would be a
Vishal Salvi:better situation as compared to where it was yesterday. And so
Vishal Salvi:long as you're doing that, you know, you can be happy about it,
Vishal Salvi:you just don't want to have a self goal created, or, or
Vishal Salvi:something which is fundamentally missing, right. So I think those
Vishal Salvi:are the things that you need to really care for. If you do that,
Vishal Salvi:you will have a much stress free role as a CISO. Great, great.
Dr. Dave Chatterjee:So continuing on that reflective
Dr. Dave Chatterjee:trajectory, I also want to ask you, and this is good for your
peers to hear:what makes you so good at what you do, what do you
peers to hear:bring to the table by way of strengths?
Vishal Salvi:So I would not like to use that adjectives for
Vishal Salvi:myself that I'm good or these are the things but I can
Vishal Salvi:obviously share some of the lessons learned and what one
Vishal Salvi:could look at. So I think that our first thing is about, you
Vishal Salvi:know, your professional traits or your leadership traits. And
Vishal Salvi:then it's about what you do for the domain. But the reality is
Vishal Salvi:and it's so fascinating that cybersecurity roles actually
Vishal Salvi:test all your leadership capabilities fully, because you
Vishal Salvi:need to you need to be able to engage with your Are leadership
Vishal Salvi:with your board. And so you need to really have a good executive
Vishal Salvi:presence, right? You need to be tactful to really answer
Vishal Salvi:questions, difficult questions in a very, in a manner in which
Vishal Salvi:people can really understand and relate to at the same time you
Vishal Salvi:don't, you don't make mistakes, and you don't give wrong
Vishal Salvi:information. So you need to be on top of your data and facts,
Vishal Salvi:that's very important. The next thing is, you need to be able to
Vishal Salvi:articulate, first of all, define a vision and then articulate
Vishal Salvi:that vision for your team. So they have something to look
Vishal Salvi:forward to, and something to target that requires a fair
Vishal Salvi:amount of understanding on how to design a strategy, what goes
Vishal Salvi:into the execution of a strategy, that's very important.
Vishal Salvi:The third, and a very important aspect of the job is your
Vishal Salvi:influencing skills, right? Because at the end of the day,
Vishal Salvi:you are trying to influence all of the stakeholders who are not
Vishal Salvi:cybersecurity, so that typically a cyber security organization is
Vishal Salvi:either 0.5 to 1%, of your whole organization. And you have, and
Vishal Salvi:we all know that security is everyone's responsibility. So
Vishal Salvi:this 0.5% of your organization, is trying to get the 99.5% to do
Vishal Salvi:the right thing when it comes to security. And so it needs a lot
Vishal Salvi:of influencing for people to do the right things, and take the
Vishal Salvi:right decisions when it comes to protecting their organization,
Vishal Salvi:and also making right behavior, which is a very difficult change
Vishal Salvi:management program in any given organization. So you need to be
Vishal Salvi:able to understand human behaviors, why people take
Vishal Salvi:decisions in certain days, and then touch upon the topic of
Vishal Salvi:psychology of security, understand the biases, and then
Vishal Salvi:work on these biases in a way where you can have the right
Vishal Salvi:interventions for you to be effective in changing the
Vishal Salvi:culture and changing the behavior, right? Absolutely,
Vishal Salvi:yeah. Apart from that, there are things like engaging with the
Vishal Salvi:vendor community and partnering with them, because at the end of
Vishal Salvi:the day, security is delivered by their technologies, and you
Vishal Salvi:are as good as what weapons you have in your hand. So how do you
Vishal Salvi:engage with them? How do you engage with law enforcement to
Vishal Salvi:help in better propagation of how to catch the adversaries?
Vishal Salvi:And how do you make them attribution and then make them
Vishal Salvi:accountable. And then, you know, also law and enforce apart from
Vishal Salvi:law enforcement, you talk about regulators, and looking at
Vishal Salvi:shaping of compliance and all those things. So I mean, there
Vishal Salvi:are plenty more stakeholders, including customers. So as a
Vishal Salvi:CISO, you need to really be able to understand all these
Vishal Salvi:stakeholders, and be able to work on yourself as an
Vishal Salvi:individual to make these relationships successful. And
Vishal Salvi:that that will test all these elements that I talked about.
Dr. Dave Chatterjee:Yeah, as you were talking, I was thinking
Dr. Dave Chatterjee:about the significance of CISO empowerment, I'd like you to
Dr. Dave Chatterjee:speak to that. If you had a say on how CISOs should be empowered
Dr. Dave Chatterjee:by the organization, who should CISO be reporting to? What
Dr. Dave Chatterjee:would be the ideal organization structure.
Vishal Salvi:So this is one topic, which has been hotly
Vishal Salvi:debated for many years in the Information Security in the
Vishal Salvi:cybersecurity space, right. If you look at an example, in
Vishal Salvi:India, in the Indian banking industry, the local regulator,
Vishal Salvi:which is the Reserve Bank of India has mandated that every
Vishal Salvi:CISO needs to be reporting independent of IT. And this
Vishal Salvi:happened around seven years back as a mandate. And so there's
Vishal Salvi:every single CISO in in the Indian banking industry is
Vishal Salvi:independent of the CIO, right? If you look at North America,
Vishal Salvi:and if you do the survey of all the global organizations, it's
Vishal Salvi:5050, right 50% of the CISOs report to CIOs and 50% report to
Vishal Salvi:somebody else, right, my view is like this, you need to ensure
Vishal Salvi:you remove all the conflicts that could exist in an
Vishal Salvi:organization when it comes to driving cybersecurity, it is
Vishal Salvi:always preferred that you make the CISO independent of CIO and
Vishal Salvi:elevate the CISO to a level where you are able to drive the
Vishal Salvi:mandate of cybersecurity. So the more elevated and more empowered
Vishal Salvi:the CISO is, the more committed is your mission to cyber. So you
Vishal Salvi:could as an organization say that security is very important
Vishal Salvi:to all your stakeholders. But if you're made the CISO report to
Vishal Salvi:somebody three levels below a CIO, you know, in reality,
Vishal Salvi:there's hardly any difference that CISO is going to make, even
Vishal Salvi:if he's capable of all the traits that I talked about, the
Vishal Salvi:organization structure would not allow that CISO to perform in a
Vishal Salvi:manner which is required for the independence of that CISO.
Vishal Salvi:Right. And the last thing I would say is that apart from
Vishal Salvi:independence, you need to have the CISO report to the most
Vishal Salvi:powerful person in the organization, because then you
Vishal Salvi:get the right resources and sponsorship for your
Vishal Salvi:organization. So if the CFO is the most powerful, then maybe go
Vishal Salvi:to CFO, if it is, if the chief operating officer then go to the
Vishal Salvi:Chief Operating Officer, I think it's very important that you
Vishal Salvi:need to really position that person, I am not a fan of saying
Vishal Salvi:that the person should report to CEO because the CEO will be so
Vishal Salvi:busy doing so many other things on business and other things
Vishal Salvi:that would not be able to give the time and bandwidth for the
Vishal Salvi:CISO to do the job effectively. So you need somebody who is able
Vishal Salvi:to give time and bandwidth as much as should be powerful. So I
Vishal Salvi:think those aspects will definitely empower the CISO to
Vishal Salvi:perform to the best of that person's ability.
Dr. Dave Chatterjee:Yeah, and I'm sure you will probably agree
Dr. Dave Chatterjee:that to gain that kind of access, or that level of
Dr. Dave Chatterjee:reporting that you're talking about, the CISO also has to earn
Dr. Dave Chatterjee:the trust and credibility and also be respected. To earn the
Dr. Dave Chatterjee:trust, to earn that respect, what are some things that CISOs
Dr. Dave Chatterjee:should be doing? And I pose this question with an example. I was
Dr. Dave Chatterjee:speaking with the CISO of a restaurant chain last year, I
Dr. Dave Chatterjee:believe. And she made a very interesting statement. She said,
Dr. Dave Chatterjee:I never cry wolf. Anytime I walk into a boardroom at a major
Dr. Dave Chatterjee:management meeting, and I offer my thoughts and my suggestions,
Dr. Dave Chatterjee:my concerns about information security related matters, it's
Dr. Dave Chatterjee:taken very seriously, because they know that I would not be
Dr. Dave Chatterjee:going in there requesting stuff that is unnecessary, or I won't
Dr. Dave Chatterjee:be overselling anything. So that got me to recognize and believe
Dr. Dave Chatterjee:how important it is for the CISO to set the mindset to set that
Dr. Dave Chatterjee:tone that earns the respect of the leaders, and that helps pave
Dr. Dave Chatterjee:the way for greater empowerment and greater access. And again,
Dr. Dave Chatterjee:I'm coming at it from outside-in, you're the one who
Dr. Dave Chatterjee:works in the organization who has significant experience, what
Dr. Dave Chatterjee:are your thoughts?
Vishal Salvi:So I think it's very important. You know, there
Vishal Salvi:are different traits of an individual or a team, which can
Vishal Salvi:help you to build that credibility. I think building
Vishal Salvi:that credibility is important to get what you want out of the
Vishal Salvi:organization, right. And so it's not only about getting
Vishal Salvi:sponsorship, it's also about getting support across all your
Vishal Salvi:stakeholders that I just talked about, right? So I'll give you
Vishal Salvi:an example. So whenever we used to, or whenever I go for any
Vishal Salvi:funding requirement, maybe perhaps most of them it was to
Vishal Salvi:the finance, you give some commitments to them in terms of
Vishal Salvi:what you would do with that money. Right? I think it's very
Vishal Salvi:important that once you're kind of implemented that project, you
Vishal Salvi:go back and show that evidence of that outcome, and stay
Vishal Salvi:accountable to do to deliver that outcome. Even if you're not
Vishal Salvi:been asked to do that, that increases your credibility in
Vishal Salvi:front of the person because they would be more trusting in future
Vishal Salvi:when you go back and ask for something more. Right. So
Vishal Salvi:that's, that's one strategy. The other example is about being
Vishal Salvi:able to explain and talk the consequences of various
Vishal Salvi:decisions. And to be honest with you, Dave, I think your
Vishal Salvi:strategies need to be dynamic to the situation, and to the
Vishal Salvi:culture of a given organization. So I've seen that I've worked in
Vishal Salvi:seven organizations, and I've seen that what worked in one
Vishal Salvi:would not work in another you need to really understand the
Vishal Salvi:culture, and then decide on what strategies you want to adopt. I
Vishal Salvi:won't say cry wolf is a good strategy. But then trying to
Vishal Salvi:explain to them the impact of no action is very important. And
Vishal Salvi:making it very transparent and open for decision making is very
Vishal Salvi:important, right? So I think that I think is very critical.
Vishal Salvi:If you do these things, then I think you're able to sort of
Vishal Salvi:create a level of credibility for yourself. It could also be
Vishal Salvi:the last point I wanted to mention is it could also be that
Vishal Salvi:you allowed somebody to take a particular decision in spite of
Vishal Salvi:you warning but and once that risk manifests, you need to make
Vishal Salvi:sure you are able to actually remind that individual or team
Vishal Salvi:of the consequences of the decision that are taken so that
Vishal Salvi:in future they're very careful about you know, these aspects.
Vishal Salvi:So I think it's a combination of all of these strategies and
Vishal Salvi:more, which helps you to build your credibility within your
Vishal Salvi:organization, but about all of these things. The most important
Vishal Salvi:thing is that you should be able to deliver on your agenda always
Vishal Salvi:right. So if you are telling all of these things, getting money,
Vishal Salvi:but you're not able to deliver on your projects, and you're not
Vishal Salvi:able to give the feeling to all your stakeholders that security
Vishal Salvi:is going in the right direction, then you will not be able to
Vishal Salvi:gain the credibility that you want
Dr. Dave Chatterjee:Delivering on your agenda. So, if that's
Dr. Dave Chatterjee:the goal, and which makes total sense, what would be a few
Dr. Dave Chatterjee:metrics that you recommend CISOs track or you track that gives
Dr. Dave Chatterjee:you a sense whether you're on the right trajectory? Or you
Dr. Dave Chatterjee:need to do something different? What would those important
Dr. Dave Chatterjee:metrics be?
Vishal Salvi:So one of the things that I have been using
Vishal Salvi:for almost two decades now in cyber is to really create a
Vishal Salvi:maturity model of areas of work that you want to run for, for
Vishal Salvi:your program. Right. And the good thing about cybersecurity
Vishal Salvi:is that there is a well defined articulation of how you would
Vishal Salvi:want to look at the components. Now, one of the ways to look at
Vishal Salvi:it is to look at NIST, which is very clearly articulated in
Vishal Salvi:terms of what are the high level components? And what are the
Vishal Salvi:subcategories, you could create your own framework. I have been
Vishal Salvi:using ISF, the Information Security Forums framework very
Vishal Salvi:extensively, and it has really served me well. And so you sort
Vishal Salvi:of make security into components. And then once you
Vishal Salvi:have defined those components, you start putting a maturity
Vishal Salvi:model on the controls that you want to operate in each of those
Vishal Salvi:components, and then figure and build a methodology in terms of
Vishal Salvi:measuring the maturity of each of those controls, and then
Vishal Salvi:start executing your plan to improve the maturity on a year
Vishal Salvi:on year basis. Right. And that has really worked for, for me,
Vishal Salvi:in terms of engaging with the leadership engaging with the,
Vishal Salvi:with the Board, helping me to create a strategy of giving a
Vishal Salvi:clear vision to the team in terms of what that goal is, and
Vishal Salvi:then striving towards improving that maturity. Because like I
Vishal Salvi:said, security is is challenge is all about getting better
Vishal Salvi:every single day as compared to whatever yesterday. So that
Vishal Salvi:model has really worked. And it it helps you to define and
Vishal Salvi:therefore it helps you to measure, right. And once you
Vishal Salvi:start doing that you improve. The last thing I wanted to say
Vishal Salvi:is that just so that you are kept honest, you always get a
Vishal Salvi:third party to audit your assessment and analysis of your
Vishal Salvi:maturity. So that a third party also validates that you're on
Vishal Salvi:the same page. And it gives independent assurance to all
Vishal Salvi:your stakeholders in terms of how you're progressing,
Vishal Salvi:including yourself. Yeah,
Dr. Dave Chatterjee:absolutely. You want that reality check. And
Dr. Dave Chatterjee:you want that third party party validation and external
Dr. Dave Chatterjee:validation. That's so important. You know, along those lines,
Dr. Dave Chatterjee:once again, I'm referring to a discussion I had with a CISO,
Dr. Dave Chatterjee:who made a very interesting comment. He said, today's
Dr. Dave Chatterjee:companies lacked disclosure requirements that showed the
Dr. Dave Chatterjee:level of cyber risk for publicly traded companies and their
Dr. Dave Chatterjee:software. And he is of the opinion, he believes that
Dr. Dave Chatterjee:enhancing cyber transparency to customers and investors through
Dr. Dave Chatterjee:reporting, you know, formalized reporting, like in the US, we
Dr. Dave Chatterjee:have the SEC reporting that could bring about a sea change
Dr. Dave Chatterjee:in a variety of things, probably the most important of which
Dr. Dave Chatterjee:being the top management commitment. What are your
Dr. Dave Chatterjee:thoughts?
Vishal Salvi:Yeah, I'm all for increasing the transparency and
Vishal Salvi:making every organization accountable for, you know,
Vishal Salvi:sharing, whatever is happening in their organization on
Vishal Salvi:breaches and attacks. I'm all for that. I think we also need
Vishal Salvi:to see as a society, how we are mature to receive such
Vishal Salvi:disclosures. So in past whenever there has been a major breach, I
Vishal Salvi:think the organization which I've got impacted have actually
Vishal Salvi:been more victimized than been empathized towards, you know,
Vishal Salvi:something like that could have happened to them. Right? I think
Vishal Salvi:things are changing. And gradually, as I believe, you
Vishal Salvi:know, when, when the SolarWinds disclosure happened, you know,
Vishal Salvi:we handled it much more mature in a much more mature way as
Vishal Salvi:compared to perhaps what happened in case of Target. So I
Vishal Salvi:think as a society, if you are mature to say that, the more you
Vishal Salvi:disclose, the more we will appreciate what you are as an
Vishal Salvi:organization, I think it's important. Otherwise, you know,
Vishal Salvi:the organization's find it very difficult because they get
Vishal Salvi:caught between the two issues of disclosure versus the
Vishal Salvi:reputational damage that that could cause so so I think we
Vishal Salvi:need to start looking at that. Of course, when it comes to
Vishal Salvi:matters of privacy, I think, you know, if you don't do timely
Vishal Salvi:disclosures there are significant penalties, that is
Vishal Salvi:motivation enough for people to do it in a timely manner, which
Vishal Salvi:is a good thing. So I think overall, I would say that we
Vishal Salvi:have a lot of work to do to make sure that we are able to
Vishal Salvi:encourage people to do a transparent and honest
Vishal Salvi:disclosures, rather than looking at them with suspicion, and the
Vishal Salvi:fact that they have not had security controls in place, you
Vishal Salvi:know, that's the point I would like to make.
Dr. Dave Chatterjee:Okay, well, thank you for that. So I'd like
Dr. Dave Chatterjee:to take this opportunity to share with listeners that Vishal
Dr. Dave Chatterjee:spoke to my class on cybersecurity at Duke
Dr. Dave Chatterjee:University. I teach in the Master's program there, and
Dr. Dave Chatterjee:Vishal was very kind to connect with us. It was late in the
Dr. Dave Chatterjee:night in India morning here in the US, and he came online, and
Dr. Dave Chatterjee:he spoke, and he made some telling points, the students
Dr. Dave Chatterjee:were very impressed. So I draw from some of the things you
Dr. Dave Chatterjee:shared with the students and with me the other day, and one
Dr. Dave Chatterjee:of the things you emphasize was the importance of top management
Dr. Dave Chatterjee:engagement, top management commitment. Again, given your
Dr. Dave Chatterjee:extensive experience working across different organizations,
Dr. Dave Chatterjee:in the public and private sector, what would you consider
Dr. Dave Chatterjee:to be some best practices, where you can say, you know, this is a
Dr. Dave Chatterjee:good example, when the top management walks the talk. So
Vishal Salvi:I've been privileged to work in
Vishal Salvi:organizations who have been very security conscious. And I've had
Vishal Salvi:the privilege of working with leaders who have been stalwarts,
Vishal Salvi:and great role models in decision making, right, but I
Vishal Salvi:would not say that, that you will find this, you know, across
Vishal Salvi:organizations and across industries, so you will always
Vishal Salvi:have various examples. When you look at risk decisions, right?
Vishal Salvi:At a very fundamental level, you're talking about value at
Vishal Salvi:risk versus cost of remediation. So you really don't want to have
Vishal Salvi:a situation where the cost of remediation is higher than the
Vishal Salvi:value at risk, right. So that's a foundational principle. The
Vishal Salvi:second thing is, when you start defining policies for your given
Vishal Salvi:organization, you need to be able to implement it
Vishal Salvi:consistently across the organization, you don't need to
Vishal Salvi:have a separate set of policies for your senior leaders, and a
Vishal Salvi:separate set of policies for your juniors, you don't want to
Vishal Salvi:have a situation where all the USB admin access is removed. And
Vishal Salvi:password policies are stringent for juniors and exactly the
Vishal Salvi:opposite for leaders. Right. So I have had ensured, you know,
Vishal Salvi:that it is consistently implemented, right from the CEO,
Vishal Salvi:to the last person who's a frontline warrior. Now, this
Vishal Salvi:kind of a dilemma comes in, you know, in major organizations,
Vishal Salvi:and I've seen many examples where we have, we have admired
Vishal Salvi:leaders who have stood by the policy statements and have
Vishal Salvi:ensured that, you know, we are able to talk to some senior
Vishal Salvi:people saying why it is important for them to comply.
Vishal Salvi:So, for example, at Infosys, everybody has to take a
Vishal Salvi:mandatory cybersecurity course, right from the President's to
Vishal Salvi:the junior staff. And if they don't, the next day, their
Vishal Salvi:email, outbox, you know, and sending mails will get blocked,
Vishal Salvi:till such time they've completed, and that is
Vishal Salvi:consistently implemented across. So this is one example of how
Vishal Salvi:important it is. Another example is, you know, if you, if you're
Vishal Salvi:asking every employee to display their iCard, you know, the CEO
Vishal Salvi:needs to do the same, and needs to do it with pride, so that
Vishal Salvi:there is consistency, and people follow your role models, right.
Vishal Salvi:So, there are many such examples, you know, when you're
Vishal Salvi:trying to introduce an application into production, and
Vishal Salvi:there are multiple risks and gaps, you're identified. It's
Vishal Salvi:the decision that a leader takes whether you hold back for
Vishal Salvi:another couple of weeks and hold a business opportunity, but make
Vishal Salvi:sure that the security is implemented. And it's a tough
Vishal Salvi:call, but that gives them sets the tone in your organization,
Vishal Salvi:whether you are security focused, or you want to take
Vishal Salvi:risk decisions.
Dr. Dave Chatterjee:And when you say setting the tone of
Dr. Dave Chatterjee:whether you are security focused, or you're taking risk
Dr. Dave Chatterjee:decisions, that brings up the next topic that I want to talk
Dr. Dave Chatterjee:to you about. And you alluded to that we talked about that in my
Dr. Dave Chatterjee:class, which is Information Security culture. And as you
Dr. Dave Chatterjee:probably have read in my book, I talk about creating and
Dr. Dave Chatterjee:sustaining a high performance information security culture.
Dr. Dave Chatterjee:Culture is something which is kind of abstract, it is very
Dr. Dave Chatterjee:hard to get your arms around it. So whenever you bring up this
Dr. Dave Chatterjee:discussion on culture, people want to, for lack of a better
Dr. Dave Chatterjee:word look the other way, and they want to focus on things
Dr. Dave Chatterjee:that are more tangible. But I'd like your thoughts on what a
Dr. Dave Chatterjee:high performing Information Security Culture is, how do you
Dr. Dave Chatterjee:get there, and how do you sustain it?
Vishal Salvi:That's a great question, Dave. And I think you
Vishal Salvi:know, there are there are a lot of dimensions to this right. At
Vishal Salvi:a fundamental level, what you would want to do is to, at a
Vishal Salvi:minimum, tell all your employees or all your stakeholders within
Vishal Salvi:your organization, what is the difference between right and
Vishal Salvi:wrong behavior, right? So nobody can claim that they were
Vishal Salvi:ignorant when they actually committed a mistake or an error.
Vishal Salvi:So, at a minimum, you need to make sure that that is said to
Vishal Salvi:every single stakeholder. Right? That's number one. Now, in spite
Vishal Salvi:of you talking about, you know that smoking is injurious to
Vishal Salvi:health, you still have people who go ahead and smoke, right.
Vishal Salvi:And that's a behavior issue, or let's say, habit issue, right?
Vishal Salvi:It could be because of somebody is conditioned to doing certain
Vishal Salvi:things from his previous organization, and would expect
Vishal Salvi:that to happen in your organization as well, right. And
Vishal Salvi:I can give you an example of a person who came from another
Vishal Salvi:organization, and he was boasting about that he still
Vishal Salvi:continues to have the laptop with him, in spite of leaving
Vishal Salvi:the organization, and nobody cared to come and collect that,
Vishal Salvi:guess what, when he left, he thought he could exfiltrate
Vishal Salvi:data, because he thought nobody will care. And he was caught
Vishal Salvi:stealing it, and he was made accountable for that action. So
Vishal Salvi:you know, there are these examples where people are
Vishal Salvi:conditioned to do certain things from their previous habits and
Vishal Salvi:for no fault of theirs, because that's the culture that they
Vishal Salvi:were they were into, right. And so that's what they know. And so
Vishal Salvi:it's a very difficult thing to make them understand and change
Vishal Salvi:their behaviors and habits, once they get into your organization.
Vishal Salvi:And over there, you need to use all the channels of diplomacy,
Vishal Salvi:right in terms of giving them carrot, giving them a stick,
Vishal Salvi:building a competitiveness within them, you know, in terms
Vishal Salvi:of so all of that is required for you to really use these
Vishal Salvi:avenues for you to really create a culture within your
Vishal Salvi:organization. And culture is not something that you can do
Vishal Salvi:overnight. It's something which takes time, you know, and you
Vishal Salvi:need to give it that time for it to emerge, right, I have to keep
Vishal Salvi:doing small things every day for it to become what it should,
Vishal Salvi:right. So, so that's also very important. And the third thing
Vishal Salvi:is the example that I just gave, you know, in terms of what is
Vishal Salvi:the tone that we are setting from the Board, from the
Vishal Salvi:leadership, and commitment, and that also creates a culture,
Vishal Salvi:right? So so I know, for example, we we have a very
Vishal Salvi:strong control over the use of USBs use of admin access, use of
Vishal Salvi:download of any software. And we are a technology firm, right?
Vishal Salvi:And anybody would argue that, you know, experience is
Vishal Salvi:important high tech, you need to be allowed to do whatever you
Vishal Salvi:want to do. But in reality, we know that security tools have
Vishal Salvi:not matured enough to give you a seamless experience of using
Vishal Salvi:technology without being hampered by some controls. So
Vishal Salvi:you need to draw a fine balance till the tools become so mature
Vishal Salvi:that security is effective and still transparent, right? Till
Vishal Salvi:such time, you need to be able to understand that, yes, I need
Vishal Salvi:to have a speed breaker for me to control my car, right?
Vishal Salvi:Because that's really how it is. And we need to govern it. But
Vishal Salvi:there are certain countries where you don't need it, because
Vishal Salvi:the rules are working perfectly fine. So I think we need to be
Vishal Salvi:able to build that understanding and culture and allow every
Vishal Salvi:single person to adopt to that which which creates the right
Vishal Salvi:behavior within an organization. And the last thing I will say is
Vishal Salvi:that we spent a lot of time doing red teaming and testing
Vishal Salvi:technologies and systems and finding out vulnerabilities. We
Vishal Salvi:need to also do that on humans, because they are the ones who
Vishal Salvi:get most exploited to social engineering and various attacks.
Vishal Salvi:And you need to test their ability to take right decisions,
Vishal Salvi:for example, you catch them doing these activities, that is
Vishal Salvi:what we call them as teachable moments, right? That's when they
Vishal Salvi:are most open to learn and change behavior. So you will
Vishal Salvi:catch them through those diagnostics, and then ask them
Vishal Salvi:to change their behavior. I think the change is more
Vishal Salvi:lasting. So these are some of the things that goes into
Vishal Salvi:creating a culture and spreading awareness within within the
Vishal Salvi:organization.
Dr. Dave Chatterjee:Great examples. Thank you so much for
Dr. Dave Chatterjee:sharing. This is very helpful. So there are a couple of things
Dr. Dave Chatterjee:I want to follow up on. One of them is learning and you
Dr. Dave Chatterjee:mentioned just a little while back that doing things in small
Dr. Dave Chatterjee:chunks. So my thought is that if you approach security learning
Dr. Dave Chatterjee:from the standpoint of say, one question a day that gets emailed
Dr. Dave Chatterjee:to every person who has to respond, it's like these word
Dr. Dave Chatterjee:games that people play every day. They have to come up with a
Dr. Dave Chatterjee:solution, but one a day. So instead of trying to impart a
Dr. Dave Chatterjee:one-stop shop training at one go and then do it again six months
Dr. Dave Chatterjee:later. later, if you infuse cybersecurity training into the
Dr. Dave Chatterjee:organizational work practices whereby, you know, just like I
Dr. Dave Chatterjee:said, one, one question a day, and you approach it that way,
Dr. Dave Chatterjee:what are your thoughts? Do you think that might help enhance
Dr. Dave Chatterjee:awareness, sustain the level of knowledge? What are your
Dr. Dave Chatterjee:thoughts?
Vishal Salvi:So I agree with this idea and the concept,
Vishal Salvi:because, you know, doing a security awareness course, once
Vishal Salvi:in a year for one hour, is just you're going through a motion to
Vishal Salvi:just get it over. And then, you know, go back to what you were
Vishal Salvi:doing, I would say that you need to kind of make it more modular,
Vishal Salvi:I would also say that you need to make it more specific. So for
Vishal Salvi:example, you can have a different kind of a
Vishal Salvi:questionnaire or a course for your sales team, you could have
Vishal Salvi:a different one for your operations team. And you could
Vishal Salvi:have a different one for your leadership or your managers,
Vishal Salvi:right. So that you can cater to the questions are more relevant
Vishal Salvi:to their context and their day to day operations. So I am, I'm
Vishal Salvi:fully up for making it more modular, and more specific to
Vishal Salvi:them. And I think that way, you can become more razor sharp on
Vishal Salvi:what you really want to achieve and what outcomes you want to
Vishal Salvi:achieve.
Dr. Dave Chatterjee:Yeah, that's what I was thinking that
Dr. Dave Chatterjee:many in many organizations, you know, they are compliance
Dr. Dave Chatterjee:driven, and I can't fault them for that. And in the name of
Dr. Dave Chatterjee:complying with regulations, they have this, maybe twice a year,
Dr. Dave Chatterjee:this one hour, you talked about training, where you go through
Dr. Dave Chatterjee:the motions, I just went through one, I essentially saw the same
Dr. Dave Chatterjee:set of questions that I saw last time, and I just flew through it
Dr. Dave Chatterjee:well, maybe partly because I work in that area. But I was
Dr. Dave Chatterjee:thinking that I wish these questions scenarios were were
Dr. Dave Chatterjee:customized to what I do in the organization over and above the
Dr. Dave Chatterjee:general level of awareness. And I I've often wondered, I'm
Dr. Dave Chatterjee:surprised that why is that sense sensitivity to make training
Dr. Dave Chatterjee:more substantive, not there. Why is it that organizations are so
Dr. Dave Chatterjee:compliance driven that they don't, they don't recognize that
Dr. Dave Chatterjee:compliance is often not enough, and they need to go beyond that,
Dr. Dave Chatterjee:to have a substantive effect. You know, once again, I want you
Dr. Dave Chatterjee:to draw upon your experience, and shed some practical light on
Dr. Dave Chatterjee:this matter.
Vishal Salvi:So I think, you know, the way to look at it is,
Vishal Salvi:even for example, if the organization is doing for
Vishal Salvi:compliance, the security teams still have a responsibility to,
Vishal Salvi:you know, drive it in the way that they want outcomes to
Vishal Salvi:achieve, right. So they clearly have an opportunity to make it
Vishal Salvi:more modular, and, you know, drive that within the
Vishal Salvi:organization. But of course, you know, if you look at an
Vishal Salvi:organization of our size, where we have hundreds and 1000s of
Vishal Salvi:employees, one hour commitment, or even 15 minutes commitment
Vishal Salvi:translates into a huge amount of commitment, right, for every
Vishal Salvi:single employee. So you need to be you need to take the
Vishal Salvi:responsibility of why you're committing yourself. I would
Vishal Salvi:like to add that the framing of questions and scenarios is a
Vishal Salvi:very, it's an art, okay, you cannot, an average person, even
Vishal Salvi:in security will not will not be able to get it, right. So it
Vishal Salvi:needs to be curated in a way where every single answer, or a
Vishal Salvi:decision that somebody is making in that training should lead to
Vishal Salvi:a learning. And sometimes you just go through the motions of
Vishal Salvi:asking questions and answers that you lose the real meaning
Vishal Salvi:and reason why you're really asking that particular question.
Vishal Salvi:So I think the framing is very important, where somebody would
Vishal Salvi:have to really think through an answer. So that even if, for
Vishal Salvi:example, it was tough for that person to answer it, eventually,
Vishal Salvi:afterwards, there is a learning, which comes out of that, and it
Vishal Salvi:should not be something where he's able to just get it just
Vishal Salvi:breeze through it. So I think that's very, very important. And
Vishal Salvi:it's not, that is not easy. And that's why, you know, people,
Vishal Salvi:you know, most of the courses that we see and organizations
Vishal Salvi:are not are not actually focused on learnings, but they're more
Vishal Salvi:focused on going through the motions and, you know,
Vishal Salvi:compliance.
Dr. Dave Chatterjee:Very true, very true. Okay, so, we are kind
Dr. Dave Chatterjee:of coming towards the end of our discussion. I do have two final
Dr. Dave Chatterjee:questions for you. The first one relates to effectively
Dr. Dave Chatterjee:monitoring and responding to cyber intelligence. You know,
Dr. Dave Chatterjee:when you read about breaches, and you hear stories about how
Dr. Dave Chatterjee:somebody dropped the ball, did not act on the intelligence they
Dr. Dave Chatterjee:received from their service provider. You wonder what's the
Dr. Dave Chatterjee:real issue. It's easy to criticize and say, you know,
Dr. Dave Chatterjee:you'll need to be more diligent, more disciplined, you shouldn't
Dr. Dave Chatterjee:drop the ball. But when you are there battling this problem,
Dr. Dave Chatterjee:what are the challenges? Why do you think individuals,
Dr. Dave Chatterjee:organizations, often drop the ball when it comes to cyber
Dr. Dave Chatterjee:intelligence?
Vishal Salvi:Yeah, so I like to give an example, you know, and
Vishal Salvi:it's a fascinating example. So I was last month, we had gone for
Vishal Salvi:a trek. And it was a very difficult trek personally for
Vishal Salvi:me, and I reached there, and then we saw a bunch of Army
Vishal Salvi:folks walking to that cliff. And we were just observing, and they
Vishal Salvi:were then rappelling down from that cliff, like, like it was a
Vishal Salvi:cakewalk. Okay. And I was extremely amazed with the amount
Vishal Salvi:of preparation and the physical fitness that they were actually
Vishal Salvi:there. And they were planning for a run, a midnight run from a
Vishal Salvi:couple of cliffs, you know, you know, then then they were going
Vishal Salvi:to finally do the rappelling, and it was extremely difficult,
Vishal Salvi:but that person was doing it so easily and efficiently. That was
Vishal Salvi:like a simple walk. And I was I was suggesting that this is
Vishal Salvi:peacetime, right. And people are training so rigorously, so that
Vishal Salvi:when they're so they're basically battle hardened,
Vishal Salvi:right, and, and when something really is required, they're
Vishal Salvi:fully ready, and resilient to deal with it. I don't think we
Vishal Salvi:are able to replicate that level of preparedness with our cyber
Vishal Salvi:soldiers. We have multiple solutions, like cyber range and
Vishal Salvi:bridge attack simulation and MITRE framework and, you know,
Vishal Salvi:we do a lot of tabletop exercises, it's nowhere close to
Vishal Salvi:how Army looks at it, right. And so when you see a real incident
Vishal Salvi:happening, it's very difficult for the person to really, you
Vishal Salvi:know, go through that as diligently because it's a very
Vishal Salvi:rare event. 95% of the time, the security teams are focusing on
Vishal Salvi:protecting building controls, they are not defending, you
Vishal Salvi:know, managing incident response, only very rare
Vishal Salvi:occasions when you know, somebody is really attacking
Vishal Salvi:your organization. So, so that was just one analogy I wanted to
Vishal Salvi:give you. But you know, we are obviously, you know, it's not
Vishal Salvi:like a gloomy picture completely, because we have a
Vishal Salvi:lot of solutions and tools at our disposal. And our endeavor
Vishal Salvi:should always be that how do we make all our staff battle ready
Vishal Salvi:in peacetime, right. And that requires a lot of rigor, a lot
Vishal Salvi:of focus, a lot of training, and getting everybody ready to
Vishal Salvi:capture the flag and all those events, we do a lot of that,
Vishal Salvi:right. And by doing so, we are able to make good progress. But
Vishal Salvi:we could do much more for them to be fully ready, you know, and
Vishal Salvi:therefore, you then have the situations where we see examples
Vishal Salvi:of, you know, it was there, it was to be seen, but nobody acted
Vishal Salvi:on it.
Dr. Dave Chatterjee:Right. It's interesting, you shared that
Dr. Dave Chatterjee:metaphor of the army training. And that brought back some
Dr. Dave Chatterjee:memories. If you think about the consequences of the attacks, if
Dr. Dave Chatterjee:the consequences of an attack is fatal, is catastrophic, I
Dr. Dave Chatterjee:promise you, the training and the preparedness would be at a
Dr. Dave Chatterjee:different level. But when the consequences are not of that
Dr. Dave Chatterjee:nature, maybe that has some impact on how we prepare
Dr. Dave Chatterjee:ourselves. To be more specific, again, referring to my book, I
Dr. Dave Chatterjee:just share an example of the culture that exists in the
Dr. Dave Chatterjee:United States Nuclear Navy, the submarine program, and I have
Dr. Dave Chatterjee:several former students who have worked on those submarines who
Dr. Dave Chatterjee:have trained on the submarines. And they come back and tell me
Dr. Dave Chatterjee:that Dr. Chatterjee, the training is so rigorous, because
Dr. Dave Chatterjee:we can't afford to make a single mistake, because a single
Dr. Dave Chatterjee:mistake could be catastrophic, could lead to a nuclear
Dr. Dave Chatterjee:disaster. And they share with me several examples. One that I
Dr. Dave Chatterjee:found kind of very interesting was when you receive an order
Dr. Dave Chatterjee:from your superior, you're supposed to repeat the order
Dr. Dave Chatterjee:verbatim before you execute it. In other words, they are trying
Dr. Dave Chatterjee:to avoid any kind of communication loss or
Dr. Dave Chatterjee:communication leakage, but to do it religiously, consistently,
Dr. Dave Chatterjee:day in and day out, that discipline is motivated by the
Dr. Dave Chatterjee:consequences of not doing it, which is death. Just a thought,
Dr. Dave Chatterjee:means there could be any number of reasons that, like you said,
Dr. Dave Chatterjee:we are nowhere close to being as disciplined or as prepared as
Dr. Dave Chatterjee:they are in the army. Could maybe that that could be the
Dr. Dave Chatterjee:reason. Who knows. You're
Vishal Salvi:right. Because if you look at even the another
Vishal Salvi:example of, you know, airplane security system, right, whether
Vishal Salvi:you're flying a low budget airline or you know, full class
Vishal Salvi:airline, you would when it comes to security, there is no
Vishal Salvi:compromise. Even the manuals of the different airlines have the
Vishal Salvi:same table of content, that level of standardization, just
Vishal Salvi:so that people are able to learn from master, the security kind
Vishal Salvi:of general operations of airlines and the technology that
Vishal Salvi:works underneath. So because the consequences are very high,
Vishal Salvi:right, and it's linked to human human, my sense is that, you
Vishal Salvi:know, we, we, the moment we start seeing the high frequency
Vishal Salvi:high impact events happening, perhaps we will become much more
Vishal Salvi:focused than what we are today. I'm not saying we're not
Vishal Salvi:focused, but we are giving it attention as much as it
Vishal Salvi:deserves. But the consequences are not, like you said, as high.
Vishal Salvi:But for example, if you start seeing, given that we're talking
Vishal Salvi:about connected, devices, connected, cars connected
Vishal Salvi:everything, if it starts creating harm to humans,
Vishal Salvi:suddenly things will start changing, right, and we'll start
Vishal Salvi:giving more attention to it. Because today, right now, we are
Vishal Salvi:actually adding more and more vulnerabilities and issuing more
Vishal Salvi:and more patches every year. Somebody should ask the question
Vishal Salvi:as to why is the case? Why is the rate of innovation and pace
Vishal Salvi:of innovation so important that you are actually ignoring
Vishal Salvi:security? Right? So the answer is that we can do it because we
Vishal Salvi:can get away with it. Tomorrow, if you can't, and we are more
Vishal Salvi:accountable, then, you know, perhaps things will start
Vishal Salvi:changing, because that's the root cause of the problem. Yep,
Dr. Dave Chatterjee:the truth. So we shall, I also wanted to
Dr. Dave Chatterjee:share with the listeners, your passion about mentoring young
Dr. Dave Chatterjee:individuals, how you encourage them, how you guide them to
Dr. Dave Chatterjee:successful careers in cybersecurity. And of course,
Dr. Dave Chatterjee:that passion was evident when you came connected with our
Dr. Dave Chatterjee:class online, in the evening, your time, and you were very
Dr. Dave Chatterjee:generous with your time. And he spoke at length two questions.
Dr. Dave Chatterjee:So what advice and recommendations do you have for
Dr. Dave Chatterjee:professionals who are either entering the field, or who are
Dr. Dave Chatterjee:considering cybersecurity as a career?
Vishal Salvi:So one of the things which I talked about in
Vishal Salvi:the early part of our discussion was the fact that it will
Vishal Salvi:actually test all your faculties, right, because of the
Vishal Salvi:various dimensions to the role. So I think it's very exciting.
Vishal Salvi:There's never a dull day or a dull moment in cybersecurity
Vishal Salvi:space. Number two, it's such a vast topic. And there are so
Vishal Salvi:many areas, so you can master one and then look forward to
Vishal Salvi:going into something else, whether it is technology,
Vishal Salvi:whether it is behavior, whether it is organizational dynamics,
Vishal Salvi:whether it is governance, all of those get tested. And so you can
Vishal Salvi:keep planning your career in a way where you can start building
Vishal Salvi:those as milestones. Number three, it's a great career
Vishal Salvi:opportunity. It's one of the top three jobs in the world right
Vishal Salvi:now. And so, you know, once you select this as a profession,
Vishal Salvi:you're assured for the next two to three decades that you know,
Vishal Salvi:you will have a good career, you know, we have zero person
Vishal Salvi:employment issue right now in the cybersecurity space, right?
Vishal Salvi:So unemployment is never a risk, or, you know, you can remain
Vishal Salvi:secure in your job, but I think most important of all, is the
Vishal Salvi:cause, right? Because it's, I call it as noble profession,
Vishal Salvi:because you're trying to protect you are the Sentinels, you are
Vishal Salvi:and so, therefore, the ability to create value for your
Vishal Salvi:organization for the ecosystem is immense, right? So, so I
Vishal Salvi:think, you know, and the world is getting to a stage where we
Vishal Salvi:are getting more and more digitized. And so, we need cyber
Vishal Salvi:sentinels, who are doing this noble cause of fighting against
Vishal Salvi:this very dangerous, you know, threat that is there in the
Vishal Salvi:world. So, so, there is a lot of fulfillment, you know, when you
Vishal Salvi:when you do this, you know, and, and for example, when I mentor
Vishal Salvi:young kids, you know, I get immense amount of fulfillment,
Vishal Salvi:and that you know I am creating value and adding value to the
Vishal Salvi:community and ecosystem by getting more people initiated
Vishal Salvi:into this. So I will say these four parameters clearly clincher
Vishal Salvi:for a profession, like this
Dr. Dave Chatterjee:Fantastic! we're gonna end on that note, we
Dr. Dave Chatterjee:greatly appreciate your time Vishal, hope to talk to you
Dr. Dave Chatterjee:again. Thank you so much.
Vishal Salvi:Thank you for having me. Thank you so much. It
Vishal Salvi:was a pleasure.
Dr. Dave Chatterjee:A special thanks to Vishal Salvi for his
Dr. Dave Chatterjee:time and insights. If you like what you heard, please leave the
Dr. Dave Chatterjee:podcast a rating and share it with your network. Also,
Dr. Dave Chatterjee:subscribe to the show, so you don't miss any new episodes.
Dr. Dave Chatterjee:Thank you for listening, and I'll see you in the next
Dr. Dave Chatterjee:episode.
Introducer:The information contained in this podcast is for
Introducer:general guidance only. The discussants assume no
Introducer:responsibility or liability for any errors or omissions in the
Introducer:content of this podcast. The information contained in this
Introducer:podcast is provided on an as-is basis with no guarantee of
Introducer:completeness, accuracy, usefulness, or timeliness. The
Introducer:opinions and recommendations expressed in this podcast are
Introducer:those of the discussants and not of any organization.