Vaibhav Patkar's career spans over three decades, beginning at a time when the term "cybersecurity" had yet to be coined, and technology operated largely on trust. Currently the Vice President and CISO of India-based IT solutions provider Orient Technologies, this veteran security executive has developed over the years a deep understanding of how human factors—such as communication, empathy, and cultural awareness—play a crucial role in successfully managing security teams across global organizations.
In our latest installment of CISO Conversations, Vaibhav shared his assessment of today’s evolving threat landscape with Chandu Gopalakrishnan, emphasizing the importance of balancing human elements with the need for automated security solutions to address modern cyber risks effectively. Here are the excerpts of the conversation:
Vaibhav, you have an impressive career spanning over three decades in cybersecurity, right from the early days of large-scale internet use. How has your journey shaped your approach to leading cybersecurity initiatives across different organizations?
When I began my career 30 years ago, cybersecurity as a term didn’t exist. We had Electronic Data Processing (EDP) and IT teams, and everything operated on trust. The focus was on innovation, collaboration, and sharing knowledge. However, as cyber threats emerged, the focus shifted to information security. Today, it’s essential for any internet-facing organization to separate IT and InfoSec operations, ensuring that each manages accessibility and security effectively. IT and InfoSec teams must understand their complementary roles to prevent long-term damage, and aligning with organizational objectives is critical.
Throughout my career, I've navigated the challenge of balancing IT and InfoSec priorities many times. Another significant challenge is communicating security priorities to senior management, who often don’t speak the security language. It’s vital for security leadership to frame discussions in terms management understands—cost savings, reputation management, and peer comparisons. Although difficult, these efforts are necessary to secure the right investments.
Speaking of challenges, you have held leadership roles at companies like Qualfon, Orient Technologies, and Sutherland Global Services. What do you consider the most challenging cybersecurity situation you’ve encountered in your career?
In the outsourcing industry, I’ve worked with clients across retail, healthcare, technology, telecom, and financial sectors, each with unique security needs. One of the biggest challenges was supporting a telecom giant across 20+ global locations in securing PCI DSS certification for handling credit card transactions.
We set up a central project office to oversee tasks like vulnerability scans and access control, with regional SPOCs coordinating local efforts. After initial preparations, we devised an audit plan to optimize auditor travel and reduce downtime. At one point, we had seven auditors conducting PCI audits in seven different locations simultaneously. Despite tight deadlines and the looming risk of penalties, we delivered the certification on time. Over the years, this process became smoother, reflecting our team's growing capability.
I believe automation of processes has had a huge role to play in streamlining this process. Following from your experience with these challenges, how did human behavior or organizational culture play a role in either mitigating or exacerbating these threats?
In a multinational organization, cultural differences add complexity to managing teams across countries like the US, Canada, Egypt, and the Philippines. Clear communication, setting expectations, and maintaining a supportive attitude are key to overcoming these challenges.
When team members see that management has good intentions and aligns with organizational goals, they become more motivated. In my experience, clear communication and unwavering support allow teams to achieve even the most difficult tasks. The bond I built with my teams was so strong that we continued collaboration even after moving on to different roles, proving the value of mutual respect and commitment.
We usually rely on the certifications to ensure that the security professional has this experience and understanding. Your profile ticks all the certification boxes, including CISA, CISM, and CISSP, which demonstrate strong technical expertise. In your experience, how important is it for cybersecurity leaders to balance technical skills with managing human factors effectively?
Certifications like CISA, CISM, and CISSP are important for showcasing technical expertise, but they don’t guarantee effective team management. Leadership in cybersecurity also requires strong interpersonal skills—active listening, empathy, motivating others, and managing conflicts.
Building trust and fostering a culture of openness are crucial for a team’s success. Over the years, I’ve focused on cultivating these skills, ensuring my teams operate with confidence and fairness, which in turn drives higher performance.
This human supervision is becoming more and more concentrated to key operations. Looking ahead, what do you see as the key cybersecurity challenges that organizations will face in the next few years, particularly in the evolving threat landscape?
Cybersecurity is evolving rapidly, with AI and ML increasingly being used in ransomware and data exfiltration attacks. The growing use of IoT devices further expands the attack surface, as many lack adequate security measures.
A common misconception is that migrating to the cloud solves security issues. However, under the shared responsibility model, while cloud providers secure the infrastructure, clients are still responsible for their data. Ensuring equal or better security in the cloud environment remains critical.
Additionally, insider threats and geopolitical tensions are driving concerns about state-sponsored cyberattacks and espionage. These factors will require heightened vigilance and proactive security measures in the coming years.
ICT Group's Kelvin Rorive told us earlier that absolute security is an illusion. From your perspective, how can organizations better prepare to face these challenges, and what role does leadership play in driving these changes?
To navigate today’s cybersecurity landscape, organizations must prioritize identifying vulnerabilities, implementing robust security measures, and conducting regular risk assessments. While new challenges arise, traditional approaches still prove effective in protecting key assets. Continuously identifying and patching vulnerabilities is crucial in minimizing exploitation risks. Tools like Hadrian can be instrumental in this process.
Regular risk assessments are vital to spot and address gaps, whether through technical investments or updates to policies and processes. Creating a culture of awareness through employee training is equally important for mitigating potential threats. Effective incident response planning is also essential. Ultimately, strong leadership is key to driving these initiatives and ensuring resilience against future challenges.
For a tech enthusiast, you put tremendous emphasis on the human element of cybersecurity. As a mentor and coach to many cybersecurity professionals, what advice would you give to those aiming to excel not only in technical skills but also in leadership within the cybersecurity space?
I always stress the importance of continuous learning and personal growth. Staying updated on new technologies, acquiring new skills, and fostering a mindset of lifelong learning is essential, no matter your age. Developing soft skills like open communication, empathy, and a positive attitude is equally crucial for leadership.
Taking ownership of both successes and failures is key. Viewing mistakes as opportunities for growth and encouraging your team’s development helps build a strong, cohesive unit. It’s important to offer praise when deserved, delegate tasks to focus on the big picture, and not get bogged down by minor setbacks. These are the core skills needed to excel as a leader in cybersecurity.
Proactive security and action mitigates risk probabilities. Unlock the strategies for a smooth transition into your new CISO role with Your First 90 Days - A CISO Transition Guide, an essential resource from Hadrian.