Women Reshaping The Cybersecurity Industry: Shanthi Boppana oF Sotero On The Five Things You Need To Create A Highly Successful Career In The Cybersecurity Industry

An Interview With David Leichner

Network: Building a personal network within the cybersecurity community can open doors to opportunities, knowledge sharing, and collaboration.

The cybersecurity industry has become so essential and exciting. What is coming around the corner? What are the concerns we should keep an eye out for? How does one succeed in the cybersecurity industry? As a part of this interview series we had the pleasure of interviewing Shanthi Boppana

Shanthi Boppana is co-founder and CTO of Sotero, where she oversees the company’s technology development. Throughout her career, Shanthi has held several senior technology positions and has built innovative analytical solutions on a broad range of modern platforms. Before co-founding Sotero, Shanthi was Vice President of Big Data and Analytics at Infogroup, where she was responsible for modernizing legacy platforms and re-architecting applications to leverage cloud computing.

Thank you so much for doing this with us! Before we dig in, our readers would like to get to know you a bit. Can you tell us a bit about your backstory and how you grew up?

I was born and brought up in Southern India. Growing up in India, a land of vast cultural diversity, was quite a ride for me. My childhood has been fairly good, and I am indebted to my parents, grandparents, and family for that. I was raised to be allowed to voice my opinions and given the freedom to shape my destiny, which I am thankful for. I grew up amidst the best teachers who encouraged us to take pride in who we are and to follow our dreams without any limits or restrictions.

Is there a particular book, film, or podcast that made a significant impact on you? Can you share a story or explain why it resonated with you so much?

Yes, I read the book “Roots” written by Alex Haley in my teenage years. It resonated with me as the whole book revolves around family as a central unit and how a family links you to your past and future. The long and arduous journey the author takes to find his own identity is unprecedented.

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

The Adobe data breach in 2013, which exposed approximately 40 million active users and their sensitive information, was a tipping point for me. I started my career as a data engineer, but as data started exploding, I began embracing distributed technologies and cloud computing. With cloud computing came the challenges of data security. I realized the importance of protecting data from breaches and started dedicating significant amounts of time to building with innovative solutions to address the problem.

Are you working on any exciting new projects now? How do you think that will help people?

I am currently involved in developing the next-generation data security platform. This platform not only protects sensitive elements in data stores but also leverages sophisticated machine learning algorithms to detect malicious activity. It can help organizations not only curb data breaches, but also enables them to monetize data without any data security concerns.

Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry seems so exciting right now. What are the 3 things in particular that most excite you about the industry? Can you explain or give an example?

1. Innovative smart IoT devices: The increasing number of IoT devices poses exciting challenges and opportunities in cybersecurity. For example, in the healthcare industry, connected health devices are making daily lives easier, but the data generated by these devices needs robust protection.
2. Cloud adoption: As organizations move to the cloud for cost and operational efficiency, data security in the cloud becomes paramount.
3. Third-party services and platforms: Companies leveraging third-party services for accelerated time to market need to ensure robust data protection practices to mitigate the risk of data breaches.

What are the 3 things that concern you about the Cybersecurity industry? Can you explain? What can be done to address those concerns?

1. Data explosion through smart IoT devices: The increasing use of smart IoT devices creates a vast attack surface. The healthcare industry, for example, needs to adopt tools and platforms that protect sensitive patient data without compromising ease of use.
2. Third-party risks: Organizations relying on third parties for various services should put practices in place to protect their sensitive data and avoid exposing it to third parties.
3. Severe shortage of skilled cybersecurity professionals: The shortage of talent in the industry requires initiatives to encourage more people to pursue cybersecurity careers and invest in training and education programs. Organizations must also look to solutions or platforms that offer multiple benefits while reducing required resources or cybersecurity experts to manage these solutions.

Can you share how you are helping to reshape the cybersecurity industry?

As the Co-Founder and CTO of Sotero, I am actively involved in developing a next-generation data security platform. This platform not only addresses data protection but also leverages advanced technologies like machine learning to detect and mitigate threats effectively. We are working to provide innovative and robust, scalable solutions that help organizations safeguard their data assets and stay ahead of evolving cyber threats.

As products, devices and vehicles become connected, this is creating a new and emerging threat vector. How do you think manufacturers and their customers should prepare to be as safe as they can be?

Manufacturers should prioritize security starting at the design phase itself. Building security into the product’s lifecycle and continuous monitoring and updates are essential. Customers should be educated about the importance of firmware updates and secure configuration practices. Adopting security-first principles in the development and usage of connected products will help mitigate potential threats.

Can you share a story from your experience about a cybersecurity breach that you helped fix or stop? What were the main takeaways from that story?

As a security software provider, I cannot reveal the specific experiences of our customers. However, I can mention that in general, our team helps customers protect their data from both internal and external threats. We not only mitigate malicious threats but also enable organizations to unlock the value in their data assets when we remove the threat of data loss.

As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a layperson can see or look for that might indicate that something might be amiss?

1. Anomalous connections: Unusual login activity, odd locations, and nonstandard usernames could indicate unauthorized access.
2. Sudden changes in transaction rates: Sudden spikes in transaction rates, unexplained traffic, and changes in latency and throughput may indicate potential data breaches.
3. Errors and unusual user behavior: Unexplained errors in applications and system logs, new users with admin privileges, and suspicious user activities may raise red flags.

After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?

The first step is to stop the breach as quickly as possible — time is of the essence. Once contained, the organization must assess the damage caused by the breach, including identifying the type of data involved and notifying affected parties as per regulations. Conducting a comprehensive security audit to assess current security practices and bridge any gaps is crucial to prevent future breaches.

What are the most common data security and cybersecurity mistakes you have seen companies make? What are the essential steps that companies should take to avoid or correct those errors?

1. Exposing sensitive data: Companies should avoid exposing sensitive data to employees or third parties without adequate protection.
2. Weak password policies: Enforcing strong password policies can prevent easy access for unauthorized users.
3. Using outdated and unauthorized software: Regularly updating software and limiting access to authorized tools are essential cybersecurity practices.
4. Companies should perform internal audits of sensitive data, adopt platforms that comprehensively protect data, and implement robust security measures to safeguard applications.

Thank you for all of this. Here is the main question of our discussion. What are your “Five Things You Need To Create A Highly Successful Career In The Cybersecurity Industry?

1. Passion: Choosing a career in cybersecurity requires passion and dedication. Being a leader in the industry requires genuine interest and commitment to solving complex security challenges.
2. Teamwork: Success in cybersecurity is often a team effort. Mentorship, collaboration, and creative problem-solving with team members contribute to overall success.
3. Innovation: To excel in the industry, one must think holistically and innovatively to address evolving threats and security challenges effectively.
4. Evaluation: Objective self-assessment is vital to understand one’s strengths and weaknesses, leading to personal and professional growth.
5. Network: Building a personal network within the cybersecurity community can open doors to opportunities, knowledge sharing, and collaboration.

We are very blessed that very prominent leaders read this column. Is there a person in the world, or in the US with whom you would like to have a private breakfast or lunch, and why? He or she might just see this if we tag them :-)

Yes, I would love to have a private meeting with Melinda Gates. I admire her immensely for her work to address critical global issues and her efforts to empower young girls and women. Her commitment to investing in organizations that empower girls and women, such as “Girls Garage,” is inspiring, and I would love to learn from her experiences and insights.

Thank you so much for joining us. This was very inspirational, and we wish you continued success in your important work.

About The Interviewer: David Leichner is a veteran of the Israeli high-tech industry with significant experience in the areas of cyber and security, enterprise software and communications. At Cybellum, a leading provider of Product Security Lifecycle Management, David is responsible for creating and executing the marketing strategy and managing the global marketing team that forms the foundation for Cybellum’s product and market penetration. Prior to Cybellum, David was CMO at SQream and VP Sales and Marketing at endpoint protection vendor, Cynet. David is a member of the Board of Trustees of the Jerusalem Technology College. He holds a BA in Information Systems Management and an MBA in International Business from the City University of New York.