When did you first became interested in the cyber?
I started my career in cybersecurity after just one year of working experience when I joined the security validation team at SAP. I would say that it wasn’t because of interest, but rather security chose me. I was in a different field when I applied for the job; I was hired for the security domain based on my willingness to try new things. My interest started by working on the topic and growing with it.
It's not always about what job you do, it’s more about being willing to learn.
What was that like starting a career you had no background in?
Being curious and having an openness to learn helped me to pick up the topics easily. In the early days of my security career, I was fortunate to have a mentor who helped me a lot with security related topics and exploring new things. It's not always about what job you do, it’s more about being willing to learn. One instance to quote: my mentor used to suggest topics to explore, and I used to configure certain security controls on the system and document the same. In this way, I started picking up interest in areas apart from my regular work and further boosted my confidence to continue in the cybersecurity domain.
Did you have a dream job growing up?
Initially, I saw myself working as a developer or something similar, but after getting into security, I found my passion in this and continued the journey. I moved on exploring new domains in security, acting as a security expert in development organization and as a cloud security expert, and now working in a customer facing role, basically helping the customer as a trusted advisor. My passion and my dream is becoming larger day by day. With all the new technology coming in, we all need security.
Sometimes that's how a passion is born. You don't know you're into it until you get placed in it. In a few sentences, what is your role at SAP now?
My role is to act as a trusted advisor for the security and data protection across SAP solution offerings. I lead customer engagement and build trust in SAP along customer lifecycles, from engagement to renewal on security and data privacy and go to market initiatives. Apart from my current role, I take out time to drive one of the key initiatives at SAP – I lead SAP Women in Cybersecurity (SWICS) across SAP Labs India. It is a flagship program launched at SAP Labs India (SLI) to build in-house talents by training and mentoring women and enabling them to grab opportunities in the security & privacy domains, as there is an increasing demand in the cybersecurity profession across the industry and the ratio of female employees is fairly lower. SAP Labs India is a pioneer in this, and we can proudly say Made in India.
Why are there so few women working in cybersecurity?
The perception of women in cybersecurity is a tricky topic. A wrong perception, that at least I had during the middle of my career, is feeling like you can’t explore more when you haven’t learned the skills. That's one thing I somehow felt, along with most of the women whom I talk to, because it's a more technical field to really understand. Another misconception is most often people think security means hacking. That’s not the case. I mean there are different domains in security which are unexplored by most of us and could be taken up by any woman who is not technical. One can come from a quality background, a program management background, or project management background and be fine.
What obstacles do women face that men might not?
Most of the women colleagues I know are stuck in their mid-career because of family situations. Having children/spending time with aging parents can make it challenging to take out time and think a bit about their career. On the other hand, women often need more of a push to move up than men. They want somebody to boost them in their career, somebody to back them.
Security is a fairly simple idea, but it's an ever-growing topic and now largely evolving because of emerging technologies, so you need to have a lot of motivation and passion to learn new areas.
Your top 3 tips for surviving in a man’s world?
First, don't think security is only a technical field. Second, I would say security is a fairly simple idea, but it's an ever-growing topic and now largely evolving because of emerging technologies, so you need to have a lot of motivation and passion to learn new areas. Every role, be it a developer, quality manager, product owner, or architect has a part to play in security. Lastly, I would say: don't constrain yourself. As a growing field, mistakes are common and there are a lot of people who can help you and guide you. We have a large community at SAP who can boost confidence and help you in any other aspects that you want.
You mentioned, in addition to leading customer engagement, you also lead the SAP Women in Cybersecurity (SWICS) forum at SAP Labs India. Can you tell us a little bit about that kind of work and what you do for them?
In short, the SWICS program is short-term investment for a long-term career in security. We work as a group to train colleagues from basic to intermediate topics of security. People are joining us from all levels. We conduct monthly sessions/workshops on various domains like threat modeling, data protection and privacy, audits & compliance, security testing, and so on. The program is backed up with mentors, who handhold and offer 1:1 sessions for participants to boost confidence. We encourage them to participate and present in external security events and also circulate current trends in cybersecurity. Participants gain the required knowledge to start as security experts, security Point-of-Sale (POS) or Data Protection & Privacy (DPP) experts, and security auditors in different opportunities across SAP.
We also have a group of mentors, which I am a part of. If someone wants to take up a technical role, I personally coach and give them the materials they need to pursue that path. I recently mentored one of my colleagues who was in Africa. She comes from a governance and risk profile background and is not a technical lady, so I gave her the options which best suited her. For example, what security certification she could take to progress in her career. She took a lot of interest in that, and now she is pursuing certification in one of the new topics.
It’s a great network. How long has this community been running?
It’s now a one-year-old community, and we just started the second batch on International Women's Day on March 8th. This batch includes 40 people, and we extended our wings to the APJ region this year, covering China, Japan, and Singapore.
Do you have any advice to young girls and women interested in pursuing a career in STEM?
The guidance that I would like to give to any girl just starting in their career is to know that security is a constantly growing field. The path will be fruitful, and you will definitely have a successful career going forward. The second piece of advice that I would give to young girls in our generation is to be passionate about this topic and always be motivated. Because learning new things is very important in security. There are many new attacks and threats coming in, so keeping up to date about the new topics is very important and you should be excited to learn. The third one is, from the package or money perspective, cybersecurity is well-paid in the market. That's an important factor for younger girls. But all in all, hard work, motivation, and your enthusiasm is most important.
