Participant Profile – Anil Varghese
Anil Varghese, a renowned industry veteran with over two decades of global experience in the information security arena – including stints at American Express and Sony Electronics, Inc.. Anil most recently served in executive leadership with two Blackstone portfolio companies.
Under his leadership, Anil had direct responsibility for setting strategic direction on IT risk, security, compliance, and privacy issues. He has been engaged to support sensitive M&A due diligence initiatives and fostered key strategic relationships with a keen eye towards the needs of the business. He has established credibility across corporate boardrooms by focusing on managing risk and not promoting fear. Anil also served as an esteemed thought leader and security evangelist across the industry for PayPal and others.
Anil serves as a go to advisor for Fortune 500 firms and startup clients alike on IT risk management matters and is a sitting Board member at Southern Methodist University (SMU) in developing their master’s and undergrad cyber program(s). He also provides guidance in a security and privacy thought leadership capacity bringing unique insights to investors that aim to bring innovative solutions to the marketplace by engaging with numerous private equity (PE) and venture capital (VC) firms alike (Greylock, Work-Bench, LightSpeed, Landmark, …). Anil recently completed the Global Policy in Cybersecurity program at Harvard University’s Kennedy School of Government. He is an active member of the information security/assurance community, including roles as a presenter/speaker to ISSA, Blackhat, CISO Roundtable, InfraGard, ISACA, and the FBI.
What business challenges have you been facing that impacts your ability to achieve desired business outcomes?
Businesses are approaching problems with a different lens during this COVID-19 Pandemic by looking at what makes sense, what’s tactical vs strategic and impacts to revenue stream and livelihood.
The biggest challenges have been reshuffling the deck and reprioritizing the here and now, versus 18 months from now.
Managing risk in new landscape outside of the walls of the corporate structure (for example remote workers).
Looking at programs/projects that were already in the pipeline and validating what the net gain will be now.
It is key to address these challenges for competitivity and longevity.
As downstream impacts begin to be seen from suppliers and vendors there must be that capability within your organization that sets you apart from competitors. Firms are forced to be more nimble and agile as they approach new efforts and initiatives.
Where is your organization leading the way and where do you feel you are lagging?
Leading in the way of innovation, some of long-term efforts that were already in flight, aligning with corporate strategies and making sure product(s) are still viable in current market.
The Lag/ Challenge is fostering that engagement across different entities across the organization outside regular corporate settings. Aligning amongst peers, discussing impacts and risks associated with change, and realignment for how efforts are being refocused on priorities.
By taking a crawl, walk, run approach as teams get used to the new setting. Engagement is critical, not just having conference calls but making sure people are still going back to their plans, strategic objectives, and adjusting accordingly with a new lens.
How is your organization getting alignment in remote setting?
A focus on training and awareness. For example, security perimeters have collapsed with new remote needs whereas, before it was controlled between the four walls of the office and realization that entire workforce may be sitting outside of corporate setting. First response mandated that in light of the pandemic, new enforcement mechanisms, new technologies, and full support capabilities were brought to bear in enabling teammates to work remotely in a secure manner.
What are some of the things that you are changing or doing differently?
Key things we need to look at are:
How the organization is structured, does it make operational sense and are there opportunities to re-align and collate relationships.
How risks are being managed. To include recovery plans, positioning for other crisis, working remote, lack of travel, reliance on conference tools, home bandwidth considerations, software licensing, and capabilities needed to strengthen defenses.
What are your next one or two must-do priorities, especially given how much things are changing today?
Most difficult challenges are understanding the priorities for the here and now that align to opportunities in the future.
Currently organizations are firefighting as long-term projects have been put on hold and organizations have to focus on availability. What needs to happen is to understand if all these things align in the long term so we ensure there isn’t a lack of focus. Leaders should be looking ahead for any and all opportunities.
In the current environment of the maturity curve of strategic goals, where is the group in terms of ability to pivot with new challenges you see, and what efforts are being made as you assess IT needs to ensure organization is fully supported moving forward?
Specifically, within the security space, it’s all about adaptability, moving with planned/unplanned environmental changes. Threats evolve on an hourly basis with more phishing attacks, especially those that are COVID-19 related because the bad guy knows people are at home and may be more susceptible to varying attacks
Looking at that current situational context, being able to understand it, and cultivating security awareness within the team to meet foreseeable demands.
How? Engagement with Executive team, boards, vendors and trusted partners. You want to be able to leverage full capacity of those relationships and relay that to your executive leadership ensuring it is clear that you are not looking to spend just for today, but to leverage investments already made.
If you had a piece of advice for other leaders facing similar challenges, what would it be?
At the Executive level it is all about relationship management with partners and peers within the business, across IT and with vendors. To ensure exposure to different clientele and vendors to discuss what works and get assistance on where they should go for the future, how to plan accordingly and pivot in the right directions for long term success despite current challenges.
How are you establishing relationships when you can’t be face-to-face?
Daily Newsletter: Providing clear transparency to current state of environment, healthcare landscape across markets you serve, new technologies and opportunities to be more social (virtual meetings, hangouts with teammates, providing additional models to collaborate etc.)
Maintain important connections with employees: With the blurring of lines between home and work, focus on employee/teammate well-being.