Career Notes 6.12.22
Ep 104 | 6.12.22

Deepen Desai: A doctor in computer viruses. [CISO]


Deepen Desai: Hello, my name is Deepen Desai and I'm the Global CISO at Zscaler.

Deepen Desai: So, uh, growing up, I mean, I come from a family full of doctors, they're all in the field of medicine. So that, that was an area that intrigued me. But at the same time, I was very fascinated by computers and, you know, developing newer, programs, software developing. That was the area of interest for me when I was growing up.

Deepen Desai: It was really interesting the way I ended up in the field of, uh, cybersecurity. This is more than 20 years ago. I was introduced to an online game, where there were folks, literally cheating, right? Such as hacking, and Aimbots, a lot of the features that some of the gamers were using to take advantage, uh, to gain advantage over the competition and more than the game, the part that really intrigued me was how those cheating applications were working. What were they doing in the backend? So that's when I got exposed to Microsoft Windows APIs, uh, things like DLL injection, how was the behavior of a legitimate process being modified to gain advantage, right? So that was my first exposure in that area and then, as I started getting more deeper into the field of software security, OS security, it's a thing that continues to evolve and there is never a dull day in the field of security as most cybersecurity experts will agree.

Deepen Desai: Right at the master stage all my coursework was focused on software fundamentals, OS fundamentals, and then with inclination towards cybersecurity. So I created a client that is able to detect any kind of DLL injection, any kind uh, attempt to modify that legitimate application behavior. So that was the first thing, then I was able to get, uh, an internship at a startup that was building UTM appliances back in the day and then the next, uh, opportunity from their onwards, uh, I got to build detection technologies that was at Dell SonicWALL where I influence some of the detection technologies on the cloud side, uh, some on the next generation firewall that was introduced and that really was very very satisfying, cause now you're doing something that you love doing and it's having an influence in protecting thousands of organizations around the globe.

Deepen Desai: The most recent stent and this is, uh, eight years old, 2014 is when I joined Zscaler and the concept was very, very disruptive, um, there was already a fire. We came up with this security cloud platform where, you know, the organizations around the world that were struggling to manage those appliances and pine products, now we're offering that as a service, right? So the entire security stack is in the cloud, um, and that provided, uh, me and my team ability to, uh, perform some of the next generation detection, technology changes. Honestly it's a disruption in the field of cybersecurity where, uh, we're able to scale where we are able to protect uh, organizations globally, um, even in the, in the situation where pandemic hit, um, most organizations that were using the older technologies were struggling, whereas if the organizations that were using what we have built, they were excelling in, we continue to see more and more adoption as well.

Deepen Desai: When I'm in the group of doctors, which is on the family side, I always call myself hey, I am also a doctor, but in the field of treating digital viruses. Just like you guys treat physical viruses, targeting human body. We are the internet doctors trying to make sure it's a safe place and protecting the organization.

Deepen Desai: There are two important components when you're trying to groom a new security, uh, expert. So, number one is you need to provide time to train and research, um, especially in the field of security research, uh, the way you need to structure their daily routine is 70% of their time may go towards what is needed for the business, whether it's tracking certain malware, family, tracking certain exploits, or developing those detections. 30 to 35%, at least that's the minimum you need to provide time to those folks to develop their skills, do research, right? Learn about newer techniques and continue to improve their ability to analyze those new evolving threats. So that's how I always have made sure my team was built and structured in a way that they are enabled uh, to do that research activity and then that in a way also helps them contribute towards that 60 to 70% of the goal where they're trying to protect the customers.

Deepen Desai: For the folks that are aspiring to get into the field of cybersecurity, my number one recommendation is to have strong fundamentals on software development side as well. Understanding the technologies and whether it's operating system fundamentals or, uh, some of the programming languages, those are some of the things that really helped me. As I plunged into this completely different field, because unless you know, the fundamentals you will struggle as you try to learn about how the threat actors are trying to abuse the existing technology.

Deepen Desai: I'm really proud of two things and that's honestly the areas where I would love to be remembered as well. So number one is, you know, there is a significant skill shortage when it comes to the field of cybersecurity. So every time when I hire someone, the team that I've built, it, it brings me immense pleasure as I see them progress through their career and them developing newer skills, them picking up newer responsibilities. I still remember my first team that I built, 15 years ago. Most of those guys are leading key technologies at many of the major security vendors, and some of them are still with me. So, that's one area where I would like to be remembered as a mentor that helped get them into the field and learn and allowed them to pick up some of the newer stuff. The second piece is the detection technologies, especially, um, aimed towards the zero trust. The cloud-based security where, I had some exposure at my previous job, but at Zscaler it's been to the next level. So getting remembered for solving the problem of legacy security architecture, and, uh, helping thousands of organizations, especially during the time of pandemic to keep their users secure.