Project Management and Cybersecurity: Mantras of Growth

PART 2

Following an engaging first day where the experts shared their views on how to enhance one’s project management skills, we were all set to welcome our news guest speakers on day two of the virtual summit. 

DAY 2

The speakers of day 2 included:

• Mr. Jigar Mehta, Delivery Project Manager, Capgemini
• Ms. Shruti Nair, AMC, ICICI Prudential
• Dr. Rashmi Jain, Academician, Chetana’s Institute of Management & Research
• Mr. Vivek Kedia, Founder, MobiTrail
• Mr. Lalit Popli, COO, ARCON

The panelists of the panel discussion:

• Mr. Vikaas Sachdeva, CEO, Emkay Investment Managers Ltd.
• Mr. Ranjan Revandkar, Head – Information Security, Sun Pharma
• Ms. Vandana Verma, Founder, Infoseckids
• Commander Vinod Singh Ujlain, Retired Officer, Indian Navy
• Mr. Vishal Samant, CIO, Mirae AMCMr.
• Lalit Popli, COO, ARCON (Moderator)

The second day of the summit started with a compact session of Mr. Jigar Mehta, Project Manager, Capgemini, talking about the new wave of Project Management: “Lean-Agile”. The key extracts from the session are as follows:

• The traditional way of delivering projects with the help of Waterfall methodology that goes with the flow of requirements, design, development, testing, deployment and maintenance.
• Agile – the modern way of delivering projects is a set of principles for software development in which requirements and solutions evolve through collaboration between self-organizing teams and cross-functional teams
• The three major characteristics of Lean-Agile principle are faster delivery, elimination of wastage, and built-in quality
• Multiple teams work together in Agile methodology that is aligned to a common mission known as ART (Agile Release Train)

The second session of day 2 was on Customer Centricity by Design Thinking. Ms. Shruti Nair, AMC, ICICI Prudential and Dr. Rashmi Jain, Academician, Chetana’s Institute of Management jointly discussed this topic that revealed a number of avenues of customer behaviour and satisfaction. The key takeaways from this session are:

• The importance of customer-centricity in any business lies in factors like satisfaction, testimonials, sharing of experiences and more – if there is no customer, there is no business
• Customer-centric enterprises keep these aspects in mind always – focus on the customer, understand customer needs, think and feel like customer, and create a lifetime customer value.
• Customer experience, customer emotion, customer loyalty and rational value describes the crux of customer-centricity
• In order to create a customer centric culture in an organization, it requires relevant project management to measure and ensure customer satisfaction
• Design thinking is a methodology where we can put ourselves in the customer’s shoes and realize the problem to offer the best of the best solution
• Understanding of customer needs stands on four pillars – what he/ she says, what he/ she thinks, what he/ she does, what he/ she feels
• The advantages of design thinking method are top priority of the users, focus on empathy, leading breakthroughs, value adds through customer delight, and business growth through collective knowledge

Now, coming to the last ‘trinity’ among the three, Mr. Vivek Kedia, Founder, MobiTrail, discussed ‘Incorporating Information Security into IT Project Management’. IT security or digital security is the core of a successful business growth strategy, hence, this session turned to be engaging. After a brief introduction of MobiTrail, he said there are organizations that are more sensitive to data security vulnerability (like the BFSI industry). He spoke about the traditional IT Project Management cycle where the IT security vulnerabilities lie.

• The journey of a project starting from Ideation to Deployment consists of Information Security and VAPT Testing by the IT development team who are responsible for testing
• Typically, InfoSec teams are small compared to developers though the scenario is changing drastically and IT organizations are giving equal focus on security teams as well
• Security Testing teams are always overloaded and are under-equipped to handle evolving cyber threats.
• It’s time for IT developers also to understand Information Security and they should know the security gaps and vulnerabilities.
• Information security should be an integral part of any organization and not an afterthought.
• CERT-IN certified labs can be the best standard solution today to ensure security preparedness – the latest certifications, standards and cyber threat patterns released and discussed in CERT-IN can help organizations to stay tuned with the necessary security measures

The next part of the session was taken over by Mr. Lalit Popli, COO, ARCON, who shared his insights on the “Importance of Identities and Privilege Management Users in Information Security” domain. The key takeaways from the session were:

• Cybersecurity is protecting our cyberspace (critical information) from cyberattack, cyber espionage, malicious activities, privacy misuse and more
• The challenges related to cyber security are inherent due to innumerable entry points to the internet and emerging threats are outpacing defense technologies
• The expansion of cyber threat patterns are no more restricted to just organized cyber criminals – rather it has infiltrated in-house in the form of malicious insiders giving a rise in the demand for predictive IT security solutions
• Phishing, Pharming, Man-In-the-Middle Attack, Targeted Attacks, Identity Thefts, Data Breaches, Misuse of Data Privacy, Spying on Confidential data assets etc. are expanding the threat surface limitlessly
• Data is the ‘New Gold’ and thus data security concerns are rising as the question is no more “If it will be breached”; rather it is “When it will be breached”
• Today data is in the cloud (even hybrid) resulting in almost 71% organizations suffering from data breaches or data breach attempts
• Organizations count on super user identities to ensure smooth IT operations whereas malefactors also target on these identities, known as Privileged Identities, to steal business data
• Privileged users are responsible for managing, monitoring and controlling privileged access across IT periphery in an organization – thus security of privileged access is the top priority in modern enterprises 

Towards the end of the event, there was a panel discussion among all the delegates and invitees as mentioned above. Mr. Lalit Popli from ARCON was the moderator of the session. It was the concluding session of the virtual summit. This esteemed panel covered all the areas that were showcased in the last two days and added their valuable inputs to ensure a complete knowledge sharing session.

• How to stay abreast with the latest cybersecurity trends?

Mr. Vikaas Sachdeva contributed to this question by stating that the paranoia of a CIO is the key to stay updated with the emerging IT risks and the threat patterns. He added that organizations keep on adopting new technologies to stay competitive with the security trends. However, very few among them conduct regular audits to ensure security effectiveness as well as preparedness. Even minutest glitches should be addressed to avoid any catastrophic incident.

• How does a CISO plan his/ her day of work?

Mr. Ranjan Revandkar responded to this question humbly by bringing the context of an age-old saying, “Devils never sleep.” Being a CISO, it is never possible for anyone in any organization to plan for a routine. Mr. Ranjan added that whenever there is an apparent end-of-the-day, a black-hooded hacker might start his/ her day at that time. The result is that a CISO’s day is not yet over. Hence, even if we plan a day’s work, it might not lead to accomplishment at the desired time. Any priority might arise anytime (even at the wee hours) and then a CISO is at work.

• How is Information Security important to kids and parents?

Ms. Vandana Verma, being the founder of InfoSeckids and a core researcher of this project, explained that educating kids about what is right and what is wrong has become too crucial today. In this digital age, it is never possible for parents to restrict their children from internet access. Normally parents give in to the curiosity of today’s kids. Also, when parents are working, then keeping a smartphone with their kid is ‘apparently’ more convenient for instant communication to stay updated with their whereabouts. While countries from Europe and N&S America have already given utmost importance to cyber rules for kids, Ms. Vandana focused on this area of cybersecurity in India to prevent ‘digitally uncontrolled & unsecured’ childhood. Many parents today are not even aware that YouTube and YouTube Kids are two different apps. So, awareness is the key to ensure a digitally sound future for our next generation.

• How does cybersecurity contribute to defence and the army?

While responding to this, Commander Vinod Singh Ujlain spoke about cyber warfare. While most of the confidential defence strategies are kept secret under government supervision, there are certain operational blueprints of the army that require complete secrecy. Earlier, it required secret locations to store the records, but today digital storage has emancipated the requirement of a secured access control environment. The extent of confidentiality is so much over here that the lieutenants or colonels are not updated about these strategic secrets.

• What kind of team structure is ideal to ensure an impenetrable IT security cordon?

According to Mr. Vishal Samant, while answering the question, identification of the key personnels to appoint for a project is very important. Every individual has a different set of KRAs and it is upto the organization how they can utilize those KRAs for a successful project. Any project would also require a team of senior management who can keep a track of proceedings on a regular basis to ensure timely completion. A project coordinator also has to coordinate from all levels – including senior management to basic first level employees through clear communication. If there is any plan for introducing HRMS application for HR or ERP application for finance – any project would require involvement of all levels of employees with different roles and responsibilities. The conventional project organization chart helps enterprises to chalk out a proper project plan with a proper allocation of resources. 

Conclusion

The educational and knowledge sharing 2-day virtual summit ended with a thanks giving note. Dr. Madhumita Patil and Mr. Lalit Popli thanked all eminent speakers and panelists for making this virtual summit a grand success. This gathering of industry stalwarts added value to the whole idea of bringing the connection of customer, security and project management in the modern business world.