Welcome to Speed Data: Quick Conversations With Cybersecurity Leaders. Like speed dating, our goal is to capture the hearts of CISOs with intriguing, unique insight in a rapid format for security professionals pressed for time.
Our guest this week is Aaron Ansari, the virtual CISO for Exela Pharma Sciences. Aaron has an impressive background in global management and security solution development. His expertise extends to risk management, both in cybersecurity and mental fortitude, as evidenced by his most recent Ironman completion. Read on to learn Aaron’s take on the importance of proactive planning and why he says your organization may not have as much control as you think.
Predicting the cloud transition trend
Almost 20 years ago, Aaron Ansari saw the writing on the wall.
“I saw the trend of migration from on-prem to cloud starting back in 2006,” the vCISO for Exela Pharma Sciences said. “I was at a financial firm, and we were looking at moving our applications to the cloud. At the time, talking about putting your bank account online — people would laugh you out of the room.”
“So I kept a career eye on it and eventually dove into the cloud realm, specifically with workload protection, CNAP, and cloud security posture management.”
Now, Aaron leads a team responsible for everything related to security, from simple password resets to data breaches and nation-state attacks.
“We’ll get attempts to log in from Russia, but we don’t have any employees in Russia,” he said.
The key to Aaron’s success is managing his schedule and meticulously planning each step. Without this foresight, his team could be left playing catch-up.
Of course, little fires will come up, and we have to work as firefighters, but if we’re not proactive in building our weeks and months, we will quickly be on our heels.
Aaron Ansari, vCISO of Exela Pharma Sciences
Symbiotic relationships in cybersecurity
Aaron said that part of being proactive in planning is maintaining trusted partnerships. Building these relationships ahead of time is paramount to achieving the highest level of preparedness in case an incident happens.
“We have to ensure we have retainers in place so that when we have to make the call that we have an incident, it’s not somebody that’s like, ‘Who are you? We don’t know who you are, and we’ve got 50 other people before you, so take a place in line,’” Aaron said.
When it comes to the shared responsibility model, which divides security responsibilities between the cloud service provider and their customer, it’s crucial to understand the distinctions between ownership and control, Aaron said.
When you’re not the one governing the infrastructure and physical components, you have to know where your responsibility starts and where it stops.
Aaron Ansari, vCISO of Exela Pharma Sciences
An organization’s actual level of control might be less comprehensive than they assume.
“Even when you’re on-prem and have everything in your four walls, you don’t have as much control as you think you have,” he said. “You’ll discover all sorts of things happening in your network that you didn’t know were happening.”
Varonis gives organizations visibility into their sensitive data, who has access to it, and what they are doing with it. Uncover your org’s critical security risks with a free Data Risk Assessment.
What should I do now?
Below are three ways you can continue your journey to reduce data risk at your company:
Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.
See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.
Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.
