Episode 73

full
Published on:

2nd May 2023

How To Transform Your Greatest Risk To Your Strongest Asset

Are You Ready To Become Your Company's Strongest Cybersecurity Asset?

Meet Ganesh Krishnan, the cybersecurity superhero with over 25 years of experience working with big tech companies like Yahoo!, LinkedIn, and Atlassian and a two-time founder.

In this episode, Ganesh shares his secrets to help you transform into a cybersecurity superstar.

Discover the three pillars of security and the most important one to focus on, and why SaaS tools are not enough to defend against cybersecurity attacks.

Ganesh also shares his insights on how to have a thriving career in cybersecurity and practical tips to thrive as an introverted leader.

Don't miss out on this episode and learn how to stay ahead of the curve in the ever-changing world of cybersecurity!

Ganesh Krishnan is a cybersecurity superhero with over 25 years of experience protecting the digital world from cyber threats.

As a two-time founder with a track record of success at some of the world's top tech companies such as Yahoo!, LinkedIn and Atlassian, Ganesh has earned a reputation as a thought leader at the forefront of cybersecurity.

In 2017 Ganesh launched his first company, an AI-powered cybersecurity startup called Avid Secure, which was acquired after only 18 months. But despite his success, he wasn’t content to rest on his laurels. He realised that in order to meet the challenges that lie ahead in the field of cybersecurity, the industry needed a paradigm shift. So he launched a new company, Anzenna, with a simple yet powerful goal: to reimagine cybersecurity by empowering every employee with simple and effective security tools.

Follow Jamal on LinkedIn: https://www.linkedin.com/in/kmjahmed/

Follow Ganesh on LinkedIn: https://www.linkedin.com/in/ganeshkrishnanlinkedin/

Ready to become a World Class Privacy Expert? Book your call to join the World's Leading Privacy Program


Subscribe to the Privacy Pros Academy YouTube Channel

► https://www.youtube.com/c/PrivacyPros

Transcript
Ganesh:

82% of creatures have a human element. Human error, human involvement, right? And what we do in the industry today is ignore humans or just put them through yearly compliance training and check the box and move on. Now, the thing to ask yourself is, would you be fit if you exercise once a year? Because cybersecurity threats, privacy threats, are happening on a daily basis. The thing that I wish I had done better is found better ways to overcome inertia and take risks sooner.

Intro:

Are you ready to know what you don't know about Privacy Pros? Then you're in the right place.

Intro:

Welcome to the Privacy Pros academy podcast by Kazient Privacy Experts, the podcast to launch progress and excel your career as a privacy pro.

Intro:

Hear about the latest news and developments in the world of privacy. Discover fascinating insights from leading global privacy professionals and hear real stories and top tips from the people who've been where you want to get to.

Intro:

We’re an official IAPP training partner.

Intro:

We’ve trained people in over 137 countries and counting.

Intro:

So whether you're thinking about starting a career in data privacy or you’re an experienced professional, this is the podcast for you.

Jamal:

orefront of cybersecurity. In:

Ganesh:

Thank you. Thank you, Jamal, for the kind introduction and having me on the show.

Jamal:

You're most welcome. Now, my first question for you is what famous actor would you want to play out your life story in a movie?

Ganesh:

Oh, boy. Okay, that's a doozy for me. Tom Cruise, because it's the exact opposite. It'll be hard for Tom Cruise. Tom Cruise couldn’t figure out my life.

Jamal:

I like that one. Okay, Ganesh, you've worked at top tech companies like Yahoo, LinkedIn and Atlassian. How did these experiences influence your decision to found Anzenna?

Ganesh:

For the longest time, and this is even now the case, I've been coached and kind of grew up with this notion that employees are the weakest link in cybersecurity. That's a legitimate thing because most breaches are due to human error. Even now, right? 80% or more per the last statistics. But to the contrary, throughout my career, my experience has been the opposite. Which is whenever we as a security team reached out to the rest of the employee base, explaining ourselves, explaining our problem and involving them in coming up with a creative solution to a hard problem, that pretty much always came out with a better solution for the business, for security, privacy and trust. So my belief is that we have to change our mindset to say, how can we actually empower employees and basically make them the strongest link in cybersecurity versus just treating them as the weakest link and ignoring them all the time. And the reason this is more and more and more important is because the surface area of cybersecurity is expanding dramatically. With SaaS, with work from home, with public cloud, employees are becoming quasi IT professionals. Most companies are actually decentralizing their IT function, and in that mode, it's not sufficient for employees to just experiment and use the greatest next SaaS tool that they need. They also need to be empowered on the best ways to secure their experience. So it's time to actually put money where our mouths are. We've always been saying as security professionals, hey, it's everybody's problem, let's make it so. Let's not wait. Let's figure out how to make it so empathetically in an engaging way.

Jamal:

Wow, I love that. That's so powerful. You've made the heads of my neck stand up. Because it's not often we get SaaS founders that come on here and that talk about similar things and have the similar kind of mindset to what we have in the Privacy Pros Academy. So one of the things that you said there, Ganesh, is we ask the question. So I teach my mentees in the Privacy Pros Academy that the results that you get, the quality of your life, the quality of your work, is all going to come down to the quality of the questions you ask yourself, and your colleagues and your team. And you've just given an example there of a brilliant question you've been asking that's only going to end up in brilliant results. How can we empower every single employee to become the strongest link when it comes to cybersecurity threat, just that on its own? I just have to pause for a moment because that's a powerful question. And when you start solving that powerful question, you're only going to get powerful results. And then you start talking about empowering individuals. And that's what I also talk about. I say, look, we have to go in as business leaders, as privacy leaders, and go in and say everyone is doing the best they can with the knowledge and resources available to them. It's up to us to take responsibility, to empower them, to be greater, to be more secure, to have more trust, to create those environments and that culture that we want. But it starts with us. And you've just said there in your introduction, you've brought all of those things and fused them together. And so I'm really excited to hear more about Anzenna. Tell us, what does Anzenna actually do and who is it ideal for?

Ganesh:

Yeah, so our vision is actually just to start with the top is to turn every employee into the strongest link in cybersecurity and trust. What we do is we are an all-in-one platform to empower and engage employees, to make them better and to help them take more ownership of their own cybersecurity issues. And the reason that this is, again, to reiterate, is important is because if you look at the breach data, 82% of breaches have a human element, human error, human involvement. Right? And what we do in the industry today is ignore humans or just put them through yearly compliance training and check the box and move on. Right? Now, the thing to ask yourself is, would you be fit if you exercise once a year? Because cybersecurity threats, privacy threats, are happening on a daily basis, so exercising once a year is certainly not sufficient. You're not going to stay fit if you exercise once a year. So how do you get employees to exercise more often in a way that's empowering and engaging to them? Right. It's not just about showing them a bunch of videos or showing them smaller videos, larger videos, engaging videos. It's about understanding what context the employee is working in, what are they trying to do to get their jobs done, and then figuring out, based on, let's say, their actions, their mistakes, reaching out to them in their existing flow and providing them contextual information on how they could do their job more securely. That is what our company does in a nutshell. We provide a cybersecurity engagement platform for companies to manage human security risk, an all-in-one platform.

Jamal:

And your solution, what kind of companies is it ideal for? Is it for any company? Is it for small companies, medium companies, enterprises? Who would you say is best positioned to benefit from Anzenna? Yeah.

Ganesh:

So the entirety of the solution is most beneficial for mid to large enterprises. There are elements of the solution that are also beneficial to smaller companies. And the reason for that is smaller companies are still looking at security from a compliance lens. Because if you're a small company, you're like, hey, I want to get my next deal. And what is my customer asking me for? Is it are you sock two certified ISO? Certified, right? And that's legitimate. But even there, you can foster at an early stage getting employees to think about security, owning it more and helping it be part of their daily work. So it applies very broadly because cybersecurity human problem applies to every company. Certain elements of it apply to all companies, and certain elements of it, the more sophisticated things apply to mid to large enterprises.

Jamal:

Got it. That’s okay.

Jamal:

And based on your experience, what's the most important cybersecurity challenges that companies aren't paying enough attention to right now?

Ganesh:

phishing attack I saw was in:

Jamal:

Yeah, that's super insightful, actually. So what you're saying is based on your experience, what you find or you've identified, it's two of the biggest problems that we're not paying enough attention to as businesses or as business leaders is number one is the people challenge. We need to focus a lot more on that and actually give them tools and help them and empower them in a way that actually makes sense. Ticking a box once a quarter, once a year isn't going to do that. Right. That doesn't keep fit. It needs to be consistent. And instead of just ticking a box and giving them a template, training or one size fits all, you need to actually have a look at what are they doing, how are they doing it, why are they doing it that way, and what risk is that presenting? And then provide an appropriate solution based on that understanding, which is going to bring that people element up. And then on the other side. You're saying, look, yes, you're thinking about cybersecurity. You finally address that. You actually have to get some individuals in, you have to put some resources in place to deal with that. But it's a very short-sighted approach because what you can't see is how quickly those risks are going to escalate and how quickly it's going to become a bottleneck, and it's not scalable. So we have to think about the bigger picture, we have to think about the longer term and come up with solutions that will actually scale as the business continues to scale, as the business continues to evolve and then new risks start presenting themselves.

Ganesh:

That's correct.

Jamal:

Thanks, Ganesh. Now, you describe yourself as an introverted CEO. What advantage has your introversion provided for you or given you in your leadership role?

Ganesh:

A few things. One is the ability to listen, make others feel more comfortable. Because, believe it or not, most people are introverts. They just won't admit it. You can see this if you go to a conference, you see people forming groups and it's very difficult to get out of those groups because a lot of folks are just uncomfortable going and introducing themselves to people that they don't know. That's why people stick to cults and groups, right? And so most people are like that, but those people have a better ability to listen, make others feel comfortable around themselves. And also over time, what has helped me is building a presence, better ways to convey points, like being conscious about communication, and then also figuring out how I can get better at writing. So these are things that introverts can do without being bombastic or talking with people all the time, right? And those are useful skills. Listening itself is a useful skill. Most people respond to talk but not to listen.

Jamal:

Right, you're absolutely right. You say something and then they just take what you've said and they just respond rather than actually take some time to understand what you've said and really join the conversation. And yeah, I see this challenge in the boardroom all the time. I see this challenge at meetings all the time. And you're absolutely right. People are just waiting to come and say what they need to say because they have a response, they have a witty response, they have a smart response, they have a clever answer to what you just said, but they haven't actually stopped and thought about the actual root challenge or the root cause sometimes. So that's great advice. I want to pick your brain for a little bit more advice. What advice do you have for privacy pros and privacy leaders who want to thrive in an extroverted business environment like you?

Ganesh:

I am a believer that everybody has weaknesses and strengths. Amplify your strengths and figure out how you augment your weakness. So if you think being an introvert is a weakness, then you can improve on things like presence, substance, which is whenever you speak, people respect what you say because they believe you have substance. Right. A lot of people say to, but you can quickly tell that their depth of knowledge in certain areas, right, when people speak. So that's a very important thing to hone. Right. If you're good at something, how do you develop substance? And when you speak that you speak the right things so that people respect you, that automatically comes right. The ability to listen is very, very important. And all of these that I'm saying, it's not that anybody's perfect at. And you have to be conscious when you are making a mistake and kind of course correct and then write well, convey a point, right. So those are some of the tips I would have. It's a misunderstood thing that if someone's quiet, that they are not respected. I've actually found that to be completely opposite. I've actually found leaders that I worked with ask me, hey, you're telling me this? What about this other your great technical architect who's really good? What are their thoughts on this? Right? I think don't just assume that people don't value your opinion because you're an introvert. In fact, the opposite ends up being true in a lot of cases.

Jamal:

Thank you. Great tips for the Privacy Pros listening. And if you find yourself being introvert or you have those introverted qualities, then Ganesh has given some excellent things that you can do. And also the confidence to know that just because you're not speaking all the time doesn't mean that you're being overlooked or you're not being respected. Actually, people value your opinion, and they will ask you for your opinion when they need to. So feel free to sit back and listen and really understand the problems, because then you have time to consider it. And you're not just responding because you want your voice to be heard, because you like the sound of your voice, or because you think that you have to say something for the sake of saying it. But when you actually are articulating an answer, it's thoughtful, it's meaningful, and it's actually valuable. My next question for you, Ganesh, is what are some emerging trends we see cybersecurity that you're particularly excited about and one that you're particularly concerned about? And feel free to bring in AI here if you want to.

Ganesh:

Yeah, well, that's the obvious answer, isn't it? You're concerned about AI at the same time you're excited about it. And so that's generally, definitely true. AI will play a bigger and bigger part, not just in cybersecurity. I think every business has already started incorporating AI in some way or fashion, right? So that's going to be the case. So are the bad actors, by the way. So, to give you a concrete example, don't train your employees to look for typos and phishing messages anymore, right? If you get a fake phishing email, there's all this training that says, oh, there's spelling mistakes and typos and those messages. So look for those, a smart attacker, that's not going to be the case because they're going to use AI to generate much more real looking emails, right. And so it's going to help the bad people as well as the good people. So it kind of cuts both ways. The threats will get more and more sophisticated and they have been actually. And so 20 years ago you used to see basic security threats stuff not port being open and somebody being able to take over a server from the internet. Those are less and less. But that means that your detection response attacks are getting more complex. So finding the attack is also going to get more complex. And then the thing that I'm most excited about is how do we solve some of the problems that we've considered difficult intangible we continue to do so, which I mentioned earlier, which is the human problem in cybersecurity. I think over the next decade we will make tremendous progress on that front and actually have way better security culture across organizations, right? And the role of the security teams and privacy teams, trust teams will change as a result from just being control owners saying, oh, it's a policy. I want to enforce this control to risk decision facilitators, if you will, because their role becomes how do I empower you to do your job more securely with privacy in mind, maintaining customer trust.

Jamal:

Great insights, thank you for sharing there. And I agree with you. When it comes to AI, it's just a tool. In good hands it can be used for good, in bad hands it can be used for bad. AI itself is neither good nor bad. It's neutral. It's just a tool. And we need to stop being scared of AI and when they actually start embracing and looking to understand this, so we can actually find ethical ways of using it, we can actually protect ourselves against the people who are using that tool. For bad, it's like a hammer. You can pick the hammer up and you can build a house and give somebody hope or you can take the hammer and you can destroy a house and you can make somebody situation have it worse. It's up to us to decide how we want to use that. But before we can decide whether we want to use it for good or bad, we first have to pick up, learn how to pick the hammer up and how it actually works. And it's the same with AI. We need to learn how AI works. We need to understand the fundamentals and foundations so then we can understand the limitations and also the advantages. And when we really appreciate and take time to understand that, instead of being fearful of it and saying block all innovation for six months, as some people have called for, we can actually start getting the kind of results and use it for good. Use it to get benefits, use it to maximize what we're doing in our organization, help us make a massive impact.

Ganesh:

Spot on, especially our industry, there's a trend of being fearful of new things, whether that be in, security, privacy, trusts, all the combined fields. And you're right, we have to better learn how to understand what the new things are, what the risks it brings, and then figure out how to mitigate those risks. Right, and this happened with cloud, this happened with remote work, this happened with every time the trend changes in the industry, every decade or so, we see this pattern.

Jamal:

Yeah, absolutely. Final question I have for you before you get an opportunity to ask me a question is if you could go back in time right at the start of your journey, before you even founded the two companies, let's say in your early twenty’s, what three pieces of advice would you give to your younger self?

Ganesh:

Yeah, I actually have no regrets. So the way I have sort of approached career, especially since this is about career, is just go with the flow. So I never had oh, I want to be X or I want to be Y, I want to be CSO there or CEO there. Those things will come if you enjoy what you do and you're basically going with the flow because eventually you'll end up at the right place where you're meant to be so I believe that the second is that the thing that I wish I had done better is found better ways to overcome inertia and take risks sooner. So the biggest impediment to human advancement is inertia the inbuilt inertia that all of us have and every day we are fighting it, right? And if we can figure out how to fight that faster and sooner earlier in life and take more risks, I think that's generally good for the person taking the risk because they learn a lot, they advance lot and it's good for humanity in general because it'll be a lot more innovation.

Jamal:

Wow, I like that. Okay, excellent. So for you listeners, make sure you pay attention to and rewind the last five minutes if you need to because what Ganesh said there is so powerful and you can see the results he's had. And those three pieces of advice is exactly what's helping Ganesh. He said, go with the flow. Right? Don't box yourself in and say I have to do this or I have to do that or I want to be there. And therefore I'm going to say no to all other opportunities. Go with the flow. Make sure you're doing what you enjoy and when you do what you enjoy, you're going to be great at event in land where you need to get to because the flow will just take you there. So don't fight that. Go with the flow. Secondly, he said a lot of the time you don't take action it's because of that inertia, because of that fear because you're scared to take a risk in case something bad happens or in case it doesn't go your way. And this is what I want to remind you of. Coming back to what we spoke about at the beginning is instead of asking yourself what could go wrong, ask yourself, wouldn't be great if and then fill in the blank. And that will help you to overcome that inertia and actually get excited about the possibilities of how great things could be. And it will get you to take that action. And those are the top pieces of advice that Ganesh has for you. And when you start implementing them, you too, will start seeing results. And you can also thrive in your career. And if you're interested in getting more privacy certification, if you're interested in getting that in depth privacy knowledge so you get that clarity and that confidence, so you can have that credibility for a thriving career, as well as supportive community, then just reach out to us and we'll do everything we can to support you to just like we've done with all of the hundred mentees across the world. Now, Ganesh, before we wrap up, you'll have the opportunity, like all guests do, to ask me a question.

Ganesh:

Great. Jamal, so I saw in your LinkedIn profile, it says you're the king of data protection. What does that mean to you?

Jamal:

What does that mean to me? Well, first of all, thank you to the BBC for dubbing me the king of data protection. I have no idea what it actually means to me, but what it does mean is that I now have a responsibility. I feel I have a responsibility to make sure that I am speaking up about privacy. I am advocating for privacy. I am making sure that when some people's privacy rights are being overlooked, I'm stepping up. And not just saying, hey, I don't want to talk about this topic on this radio station about keeping children safe because children are not my clients. I only want to talk about X-Y-Z. It's about no saying I have a responsibility. I have been given this title. I'm very grateful and thankful for that. But now what am I going to do? So I take it personally and I say, okay, that means I have to take responsibility for making sure that I'm advocating for the privacy rights of every woman, every man and every child on this planet so that anyone anywhere in the world enjoys their freedom over their personal information and enjoys control over that personal information too.

Ganesh:

Wonderful. I mean, such a great answer. Thank you. I mean, we need more advocates. Anybody listening become an advocate like that. It's so important to protect privacy, give people clarity, consistency, and control of their information in general. So it's wonderful. Thank you for that great response.

Jamal:

Thank you, Ganesh, I appreciate your compliments and I appreciate your support. So, guys, it's been an absolutely amazing podcast. We've spoken to Ganesh. He has shared with you his top tips. He's shared with you some insights into cybersecurity. And what he's reminded us is we need to ask powerful questions. We need to remember, yes, employees or our people are going to be a massive risk factor when it comes to cybersecurity. But just ticking boxes, giving them templated training, asking them to watch the same videos once a year isn't going to cut it. We need to take a bespoke approach, and we can use the software that he's come up with to actually help understand the context of how our people are working, what they're doing, how they're doing it, and help to understand the risks that they have in the context of which they're working. So make sure you check out Anzenna to see how it can help you. And if you're a medium or a large enterprise, then definitely check it out, because it was designed to really help you overcome your challenges and get over that challenge that we spoke about, of people being the biggest risk, and of that challenge with scalability, this helps overcome both those challenges. And if you're thinking about bringing in AI into your organization, if you've been hearing about it but you're on the fence, hey, it's just a tool. Don't get scared. Get excited. Because guess what? If you don't get excited and you jump on wood, you're going to get left behind and you're going to wish that you started looking into it a lot earlier. Ganesh, it's been an absolute pleasure speaking with you on this podcast. Thank you so much for coming and sharing your valuable tips.

Ganesh:

Thank you. Thank you so much, Jamal, for having me on the show. For any of your viewers, if you'd like to continue the discussion, reach out, please reach out on LinkedIn. Or if you'd like to learn more about Anzenna, Anzenna.ai

Jamal:

Yeah, and if you go into the Show notes, you can see that we've linked Ganesh’s profile in. So you can just click on that and you can say, Hi, I heard you on the podcast. These are my great takeaways. And just let him know what you love most about listening to him. And of course, if you want to know more about the actual product or the solution itself, then we're also going to link that into the show notes. So just click on that, have a look, read around there, share it with some people who also might be interested, and then get in touch with Ganesh and his team and find out what they can do for you.

Ganesh:

Thank you so much, Jamal.

Outro:

If you enjoyed this episode, be sure to subscribe, like and share so you're notified when a new episode is released.

Outro:

Remember to join the Privacy Pros Academy Facebook group where we answer your questions.

Outro:

Thank you so much for listening. I hope she'll leave you with some great things that will add. Value on her journey as a world class privacy pro.

Outro:

Please leave us a four or five star review.

Outro:

And if you'd like to appear on a future episode of our podcast or have a suggestion for a topic you'd like to hear more about, please send an email to team@kazient.co.uk

Outro:

Until next time, peace be with you.

Show artwork for Privacy Pros Podcast

About the Podcast

Privacy Pros Podcast
Discover the Secrets from the World's Leading Privacy Professionals for a Successful Career in Data Protection
Data privacy is a hot sector in the world of business. But it can be hard to break in and have a career that thrives.

That’s where our podcast comes in! We interview leading Privacy Pros and share the secrets to success each fortnight.

We'll help guide you through the complex world of Data Privacy so that you can focus on achieving your career goals instead of worrying about compliance issues.
It's never been easier or more helpful than this! You don't have to go at it alone anymore!

It’s easy to waste a lot of time and energy learning about Data Privacy on your own, especially if you find it complex and confusing.

Founder and Co-host Jamal Ahmed, dubbed “The King of GDPR” by the BBC, interviews leading Privacy Pros and discusses topics businesses are struggling with each week and pulls back the curtain on the world of Data Privacy.

Deep dive with the world's brightest and most thought-provoking data privacy thought leaders to inspire and empower you to unleash your best to thrive as a Data Privacy Professional.

If you're ambitious, driven & highly motivated, and thinking about a career in Data Privacy, a rising Privacy Pro or an Experienced Privacy Leader this is the podcast for you.

Subscribe today so you never miss an episode or important update from your favourite Privacy Pro.

And if you ever want to learn more about how to secure a career in data privacy and then thrive, just tune into our show and we'll teach you everything there is to know!

Listen now and subscribe for free on iTunes, Spotify or Google Play Music!

Subscribe to the newsletter to get exclusive insights, secret expert tips & actionable resources for a thriving privacy career that we only share with email subscribers https://newsletter.privacypros.academy/sign-up

About your host

Profile picture for Jamal Ahmed FIP CIPP/E CIPM

Jamal Ahmed FIP CIPP/E CIPM

Jamal Ahmed is CEO at Kazient Privacy Experts, whose mission is safeguard the personal data of every woman, man and child on earth.

He is an established and comprehensively qualified Global Privacy professional, World-class Privacy trainer and published author. Jamal is a Certified Information Privacy Manager (CIPM), Certified Information Privacy Professional (CIPP/E) and Certified EU GDPR Practitioner.

He is revered as a Privacy thought leader and is the first British Muslim to be awarded the designation "Fellow of Information Privacy’ by the International Association of Privacy Professionals (IAPP).