Secret CSO: Sohail Iqbal, Veracode | #cybersecurity | #conferences


Name: Sohail Iqbal

Organisation: Veracode

Job title: CISO

Date started current role: August 2020

Location: Boston, MA, USA

Sohail Iqbal is a distinctive cybersecurity leader and practitioner. He has led to successful security practices and developed effective security programs. Iqbal has been instrumental in developing and maturing security practices as Head of Cybersecurity Operations at Dow Jones / WSJ, CISO at J2 Global, and recently Head of Information Security at CarGurus. He has also served as a Director for MediaISSF (Media Industry Security Sharing Forum), a CISO-led board to share cybersecurity challenges faced by the media industry and has served on the Cybersecurity Advisory Council for Rutgers University.

What was your first job? My first job was with IBM as a Customer Engineer in New York City. It was an interesting experience; I was responsible for Point of Sale (POS) systems. This required visits to many retail giants. I learned the importance of customer service and professionalism.

How did you get involved in cybersecurity? My professional career has been mostly driven by curiosity, passion and proactive thinking. It’s quite interesting how I switched my career focus from core technologist to cybersecurity professional. At Quest Diagnostics, I was responsible for active directory, messaging and platform architecture. There used to be periodic internal audits, and in every audit, we saw risk findings. This inspired me to see the Information Systems from the same lens internal auditors do. I wanted to be proactive and limit the number of risk findings, and was motivated to pursue a Certified Information Systems Auditor (CISA) certification. I found phenomenal support from Quest Diagnostics management to transition temporarily into the internal audit team, and I was given the chance to perform an audit for the Mexico Business Unit. I noticed at the end of audit that the majority of findings pointed towards security risks. The rest is history. I feel lucky and blessed to be in this profession–it challenges my proactive and risk-conscious personality and allows me to deliver on an area I am very passionate about.

What was your education? Do you hold any certifications? What are they? I attended City University of New York – College of Staten Island and have a B.Sc in Engineering. I hold the following certifications: CISSP, CISA, ITIL.

Explain your career path. Did you take any detours? If so, discuss. When I was at Dow Jones, I was handpicked by our CIO to join a four-person team to kick off Dow Jones’ cloud journey to AWS.  I won’t call it a complete detour, as the AWS migration aspect really helped me to understand the cloud platforms, have a view into the SaaS world, and understand the challenges of modern workloads and the risks associated with them from the ground up.

Was there anyone who has inspired or mentored you in your career? There are many mentors who have helped me throughout my career. I would certainly like to name several whose contributions stand out significantly in my career. Russell Gibson, Director, Infrastructure Architecture-Systems Engineering at Quest Diagnostics was an early mentor that helped me to pursue my goals. I was a core technologist and stepped out of that role to pursue auditing and security. Russell was the manager that gave me confidence and provided me with opportunities to test my skills and pursue a career in cybersecurity.

I am also fortunate enough to have been mentored by Justine Bone, CISO at Dow Jones. She is a visionary leader. It was always encouraging to bounce ideas of her. She would hear them passionately and encourage me to further refine them. She helped me tremendously with prototyping my first security product idea.

In personal life, my role model has been the legendary Imran Khan, a brilliant sportsman, a fearless leader, an upright politician and a great environmentalist. I am an avid cricket player and grew up watching Imran playing cricket, so I was naturally a fan of him. What really impressed me though is how he managed to plant one billion trees in war-torn Pakistan within a one-year span. To me, this shows dedication and commitment that never fail.

I am very thankful to all those who have supported me throughout my career and enabled my accomplishments. It has been a very fun journey.

What do you feel is the most important aspect of your job? What I love about my job is establishing a personal connection with people and building a deep understanding of the business. It’s imperative in cybersecurity that you establish a good partnership with your workforce. Humans are the weakest link in security, and your programs are only as good as the weakest link in your organisation. There was a time when cybersecurity was seen as a backend operation, and I have made the upmost effort to turn cybersecurity into a customer service operation. Each member of the workforce is my customer, and navigating their way through on a user-friendly path with the least friction and risks is my responsibility.

What metrics or KPIs do you use to measure security effectiveness? It’s imperative to ensure that all metrics and KPIs are attached to business goals and aligned with the company vision.



Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

fifty − forty two =