Cat, mouse, and endless curiosity

Dr. Srijith Nair (CISO at Careem) has a broad range of experience in the cybersecurity sector, and a strong focus on the intersection between security strategy and business strategy. His Ph.D considered the problem of information flow control and the enforcement of policy – and he maintains a curious learning mind in his approach to security today. 

We asked him why the field of cybersecurity called to him, and what he does to stay ahead of the curve. 

What first sparked your interest in cybersecurity – and what's the best thing about your job?

“I remember being fascinated by the cat-and-mouse nature of cybersecurity. The delicate balance (dare I say) between the attackers and the defenders keeps this field an ever-intriguing one. 

“Add to this the fact that humans are not used to thinking in terms of risk, the field of cybersecurity provides you a fascinating interplay of technology and macroscopic and microscopic human behaviour. 

“This, along with the fact that it provides a great opportunity to bring together my interest in information security, product development, human behaviour and organisation building, makes my job a rather interesting one.”

Do you think the role of CISO has evolved in recent years – and if so, in what way(s)?

“It is sometimes humbling to remember that the role of CISO is a rather new one. It was only as late as 1995 that Steve Katz took on the role of the first Chief Information Security Officer at Citigroup. 

“At the same time it is interesting to see the evolution of the role from a rather technical one that focused purely on advising the other C-suites, to a more nuanced one that works hand in hand with the other leaders to consider the overall risk to the business. Today, it encompasses legal and strategic responsibilities and requires a delicate balance that takes into consideration proactive cybersecurity controls and measures, as well as compliance with an ever-growing list of regulations.

“Over the years, successful CISOs have shown to balance risk and tactical/strategic decision-making, fostering innovation and transformation, cultivating wider cyber security awareness and playing a partnership role in securing product and service development without hindering the velocity of such development. 

“This is no easy feat and I foresee the role becoming more important and critical for the overall success of an organisation – and thus more demanding.”

What do you do to stay ahead of the curve and see emerging threats on the horizon?

“That is a hard question to answer, especially because there is no easy way to know if one is doing a good job or not until the threats stare at you right in the face. Like all professionals in this area, I try to keep abreast of the latest technological developments by reading and listening voraciously. 

“Given my background that is rooted in academics and research, I try to cover the full spectrum of academic and industry research articles to practitioners guides and invaluable discussions with leaders in the field. Events like Black Hat MEA play a crucial role in being able to prepare for the future. 

“I try, with at best moderate success, to approach new developments with a beginner’s mindset and open curiosity.”

If you could go back to the beginning of your career and tell yourself one thing you wish you'd known then, what would it be?

“That is an interesting question. I have had a meandering career (but probably not as meandering as some others) and I would tell my younger self two things: 

“(a) your life and the career is a marathon but be ready for sprints in between,

“(b) saying yes to things and opportunities that you are scared of is a sure-fire way to learn something interesting, especially about yourself.”

Finally, why are events like Black Hat MEA valuable to you and your work?

“Black Hat MEA brings together a great mix of information security field practitioners, researchers, hackers and other relevant professionals under the same roof, providing the venue to exchange information, ideas and equally importantly, learnings that are hard to come by. 

“You can hop between talks and demos that go deep into the hard skills, as well as those that provide a cautionary tale on how to manage topics like burn outs in this field; and how to, as a leader, build a successful resilient information security team. The vendors and their range of products, services and capabilities add to the impact of such events.”

Thanks to Dr. Srijith Nair at Careem. Register now to attend Black Hat MEA 2024 – and learn firsthand from the leading minds in cybersecurity.