Monday, September 4, 2017

The weight of responsability

Not everyone is good at being a leader. History gave us perfect examples over the years, as it can be Spanish empire, going from “The empire on which the sun never sets” to just a part of the Iberian Peninsula with a handful of islands. Everything starts with the Habsburg´s Reign, whose decisions made fall down everything theirs ancestors build up…

Because of the bad decisions empires and companies have crashed, friendships have been broken and more. That´s why the responsibility positions have to be held for people able to decide and, in case of mistake, assume the consequences. Today, in the interview of the week we bring you Mohan Gandhi declarations, CEO at Entersoft Security, who is clear about the weight of his decisions. 

When Mohan Gandhi decided to start Entersoft, he had a clear idea “We started with a simple objective to be a cyber security company, providing security for anything digital that needs protection. But more than that, we wanted to build a cyber security company that hackers can come and do actual hacking for the greater good. But we have moved so far beyond that, so now we work as white-hat hackers - you tell us about the most important parts of your business, the core competencies, and then we hack into those to test their strengths. You pay us only when we are able to break through and hack into your application.”

Over the years, Gandhi has drawn some conclusions. “We had seen the applications and the websites were generally the core competencies and their business would go down if the website went down. The data is also one of the things they want to protect and often these are stored in the apps. Naturally, app security became a big focus for us. Typically people use a lot of audit tools and scanners, but the biggest problem is that most businesses don’t have the capabilities to fix the bugs, or it takes a long time. Ultimately, it comes down to the DevOps competency of the businesses. So, we started to help people fix those bugs and fix them fast. We don’t just stop at audits and scans; and go end-to-end with app security.”

Regarding to FinTech election´s market niche, Mohan explains: “FinTechs represent a really big challenge for hackers as they are built on things like blockchain and are very secure, and the returns are very high, but also the impact on the ecosystem is very high. Businesses can close down if there is a security breach”. When it comes to Internet of Thing (IoT), says: “IoT has been targeted a lot by hackers, and security is a massive component as one part that is down can affect everything. You are thinking on a gateway and cloud level and everything is connected. You have to consider IoT security in many different angles.”

Analyzing the challenges that Fintech´s market confronts about security, Mohan says: “The biggest challenge is scaling up. Typically there are only a handful of developers or product people in the business, and they are thinking of the cost of security whilst trying to drive down spending. But the biggest gap is that it’s difficult to scale up engineering. You don’t have a proper dev-ops process or security when you set up the company, which has a big negative impact on their growth as there is no security process.”

And concerning the challenges of cibersecurity sector, Mohan responses: “The biggest challenge has always been talent and the talent that fits in our culture. We are people who have very organised but very unbalanced lifestyles. We’re a team of hackers! It’s quite demanding when we have clients on. There’s a lot of pressure on us if we don’t do our job right as this has a big impact on businesses and could result in real loss. There’s also a big education piece which we‘ve been trying to do, moving businesses from thinking that security is a cost or after-thought or luxury.”

For last, when he´s asked about what he stares on contrating time, he marks a few points: “So firstly, they need to be good hackers, but typically this is quite hard to find. Most applications we get are not from start-ups, they’re from people who worked in enterprise. These people are normally good in scanning and auditing etc but they don’t fit our culture. We then shape this talent over the next 2 or 3 years to make them into really good hackers. We’ve been training hackers for years and have become really good at it. We train at least 20 people in a month and then take in about 2 or 3 people. The rest always have a core understanding of the code and all of these. Unfortunately this is a really time-intensive way to hire and people take a long time to grow, so it’s difficult to balance between training and putting hackers on active projects.”

Leaders, presidents, kings, bosses have been a lot and there will continue being. But we don´t have to mix up these roles with the leader one. They can coincide but (unfortunately), they don´t use to. At least, in security subject, from here where are glad to find authentic leaders as Mohan Gandhi who try to make the network a safer place.  

0 comments:

Post a Comment