Dineshwar Sahni is Director, Product Security at Visa. He currently oversees a global product security team and is responsible for ensuring all Visa products are free from vulnerability before release. He is also focused on the security of the Software Supply Chain and ShiftLeft, a practice in application security that involves finding and fixing security vulnerabilities earlier in the software development cycle. He previously worked as a senior product manager at PayPal and held management positions at TD Standard & Poors and TD Bank. He recently spoke to The Innovator about why establishing strong cybersecurity requires diversity.
Q: What do you see as the greatest cybersecurity challenges for all companies in 2024?
DS: I think the greatest cybersecurity challenges for all companies in 2024 will be:
- Increasing Complexity of Cyber Threats: As technology evolves, so do the threats. Organizations will need to continue to stay ahead of bad actors. Cybersecurity has become an interdisciplinary field where we need everyone to pitch in to help an organization to stay secure. The constant evolution of technology, such as the rise of IoE (Internet of Everything) devices, AI, and machine learning, presents new vulnerabilities and potential attack vectors. These technologies can also be used by cybercriminals to enhance their capabilities and automate their attacks. Companies need to keep pace with these changes and adopt a proactive and adaptive approach to security.
- Shortage of Skilled Professionals: There’s a significant shortage of skilled cybersecurity professionals worldwide, making it difficult for organizations to adequately defend themselves. According to some estimates, there will be around four million unfilled cybersecurity jobs by 2025.
- Lack of Diversity The shortage of skilled professionals is compounded by the lack of diversity. There is a strong push in the industry for diversity, equity, and inclusion, but it is still not enough. We all need to do our part to change the status quo, including ensuring that there are more women and other under-represented communities in cybersecurity.
- Regulatory Compliance: To counteract cybercrime and support privacy concerns, every country and region has been compelled to formulate new rules and regulations. Keeping up with the various cybersecurity regulations and standards will be challenging.
Q: There is a huge shortage of cybersecurity talent. Is it a good idea for companies to broaden their ideas about the profiles and skill sets of the people they are recruiting for cybersecurity roles?
DS: Yes. We need to both expand the talent pool and increase diversity of thought. Many cybersecurity roles do not require a specific degree or technical background, but rather a combination of skills, such as problem-solving, critical thinking, communication, and creativity. By looking beyond the traditional STEM fields, companies can tap into a wider and more diverse pool of candidates who may have the potential and interest to learn and grow in cybersecurity.
We need not only diversity in gender, race and thought but also in backgrounds. During Cybertech Europe ‘23, The Innovator moderated a panel with amazing women in cybersecurity roles with backgrounds in history, linguistics, law, and other non-STEM backgrounds. If you look beyond STEM and bring onboard people in non-technical roles – analysts, project managers, auditors, lawyers, trainers, etc. – you will see there is value in cross-pollination and your teams will be better prepared to take on cybersecurity challenges.
About 60% of the student body at universities is made up of women. They might not be studying STEM subjects but there is talent and potential. We all need to think outside the box and find ways to encourage women to join the cybersecurity field. Organizations should mentor and train them to use the tools, and this will help to leverage their talent for mutual success.
Q: What does your own team look like? How hard was it for you to recruit people of different gender, race, and ethnic groups?
DS: I’m proud to say we’ve got a great mix of people from varying ethnic backgrounds, gender identities, and socioeconomic backgrounds. As a leader, one needs to look for potential beyond the resume. For example—a few years ago, we partnered with the YearUp program to hire an intern. He was unable to finish his undergraduate degree due to hardship, but empowered by mentorship and training, he performed at an outstanding level as an intern. Eventually, we offered him a full-time role, in which he continues to excel. I’m very happy to share that with the support of leadership and his peers, as well as employee tuition reimbursement, he was able to juggle work and family while completing his undergraduate education. I have also worked to bring gender neutrality and inclusivity to my team and to build allyship. Building this team came naturally to me, because I come from a family that valued education, diversity, and equality. I encourage my team to participate in employee resource groups, Pride, Girls Who Code, WiCys and other events that promote diversity. This helps raise Visa’s profile in these communities and helps bring more diversity into our talent pool.
Q: Since there are not enough cybersecurity experts in the field companies are being advised to try and recruit people with the right skill sets in-house. What is the best way to go about that?
DS One of the best ways to recruit and retain cybersecurity talent is to promote allyship. This means encouraging everyone to support women and other underrepresented groups in the field, to challenge stereotypes and biases, and to share opportunities and resources. Allyship can create a more inclusive and respectful work culture, where everyone feels valued and empowered.
Allyship can be a powerful tool to support women and other underrepresented groups in cybersecurity, by providing them with guidance, feedback, networking, and career development opportunities. Mentors can also help mentees overcome challenges, such as impostor syndrome, lack of confidence, or isolation. Additionally, mentors can benefit from learning new perspectives, expanding their network, and enhancing their leadership skills. Companies can create formal or informal mentorship programs, where both men and women can serve as mentors and mentees, and foster a culture of mutual learning and support.
Many women and other underrepresented groups leave the cybersecurity field due to personal or professional reasons, such as family responsibilities, career transitions, or burnout. However, they may want to return to the field at some point, and bring with them valuable skills and experiences. Companies can develop return-to-work initiatives, such as internships, retraining programs, or flexible work arrangements, to attract and accommodate these potential candidates. Moreover, companies can create a welcoming and supportive environment, where returning workers can feel confident and comfortable, and receive the necessary resources and assistance to succeed.
Q: There is a lot of competition for cybersecurity talent. What advice do you have for companies looking to enlarge and diversify their cybersecurity teams.
DS: I think the most important thing is to create a culture that attracts and retains cybersecurity professionals. That means offering them a work life balance that respects their personal and professional goals, celebrating their achievements and contributions, providing them with opportunities to train and mentor others, and showing them a clear path to growth and excellence. Cybersecurity is not only a technical field, but also a creative and collaborative one, so companies need to foster an environment where people can learn from each other, share ideas, and solve problems together.
To access more of The Innovator’s Interview Of The Week articles click here.
This article is content that would normally only be available to subscribers. Sign up for a four-week free trial to see what you have been missing.