Welcome to Speed Data: Quick Conversations With Cybersecurity Leaders. Like speed dating, our goal is to capture the hearts of CISOs with intriguing, unique insight in a rapid format for security professionals pressed for time.
This week, we welcome Shesh Kondi, Salesforce Director of the Americas Security Architects, to Speed Data. Shesh shared his take on the evolution of security over time, why many leaders have fickle feelings about data, and the surprising characteristic unique to the cybersecurity field. Read the blog post below or check out the full episode or podcast.
How security transitioned from optional to table stakes
Before the turn of the millennium, leaders focused primarily on sales projections, marketing strategies, and financial performance. Security considerations were often a footnote in the budget, and then only addressed if any remaining resources existed.
“Back in the days, if you look at security, it was an afterthought,” said Shesh Kondi, Salesforce Director of the Americas Security Architects. “The idea was, let’s talk about selling and innovation and then bring in security.”
“But in the last 10 or 15 years, it has started to occur to people that we need to talk about security as an enabler and something that’s going to be a leading entity to making sure business transformation works the way it should.”
“Now, we get a seat at the table to talk about business transformation from the get-go and influencing strategy based on security.”
Is data a friend or foe?
Over the years, Shesh has observed a cyclical trend in how cybersecurity leaders perceive data.
We’ve all gone through this five-year cycle where we look at data as an asset. Data is fantastic. And then suddenly GDPR came in, and everyone’s like, ‘Data is a liability now!’ and ‘I only want to keep as much data as I need and can use.’
Shesh Kondi, Salesforce Director of the Americas Security Architects
“And here comes the gen AI revolution, which is all about data — you need data to run AI, data feeds out of AI, and gen AI creates more data,” Shesh said. “You feed the data back into LLMs, and now it’s all about data being an asset.”
“If you look at what’s going to happen next, I think the new things coming are regulations on how we use this data and what kind of consent management we have in place for our consumers.”
Simplifying cybersecurity
A distinctive aspect of the cybersecurity industry is that competitors openly exchange knowledge instead of hoarding it.
“We never compete,” Shesh said. “It’s a very unique thing about the security domain.”
We always share information and collaborate because we all know that if I get hit with something — malware, ransomware, or whatever it could be — it’s just a matter of time before somebody else is going to get hit.
Shesh Kondi, Salesforce Director of the Americas Security Architects
Being an effective security leader involves more than just imparting knowledge and insight, though. It also includes the ability to explain the intricacies of cybersecurity to consumers and customers in an easily digestible manner.
“One thing that’s important in our domain is being able to explain something in layman’s terms to somebody who doesn’t get it,” Shesh said. “We always have this conversation of, how would you explain to your grandma not to share her password?”
“When there is a room full of security-focused people, we talk about all kinds of things from quantum computing to confidential computing to encryption levels, but when you have to relay that to somebody else who doesn’t get the technical aspects of it and help them understand the use case and modify behavior based on that, it’s hard.”
Varonis helps organizations simplify data security. The cloud-native platform continuously discovers and classifies critical data, removes exposures, and stops threats in real time with AI-powered automation.
Curious to learn more? Sign up for a free Data Risk Assessment
What should I do now?
Below are three ways you can continue your journey to reduce data risk at your company:
Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.
See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.
Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.
