"The most difficult part of the job is to stay on top of advanced threats, remediation and persuade other teams to remediate"

CISO Interview Series: Manoj Tewari, Sr. Manager, Group Information Security, International SOS

International SOS has a unique position of being a provider of services for organisations that are trying to assess Security & Operational, Cyber risks etc. You also have to secure your own organisation. What’s the most difficult part of your job at International SOS ?

The most difficult part of the job of my team is to stay on top of advanced threats, associated remediation of vulnerabilities and persuade other teams to remediate the vulnerabilities prior someone else (hackers, enemies, or competitors) exploiting these potential vulnerabilities.

Could you describe your average day as CISO at International SOS ? Do you have a particular routine for the start and end of day?

Manoj Tewari: Every day is unique and full of opportunities to learn, share and lead. On a daily basis with a few exceptional days, I get involved in:

  • Negotiating in matrix structure on financial approvals closely coupled with organisation change management related to implementation of new security technologies.
  • Describing and advocating the security posture of organisation to clients and help sales & marketing to achieve their objectives by building trust with clients.
  • Risk based discussions with general managers and technical discussions with security analysts and engineers.

On a scale 1-5 do you expect that your investment on Cyber & Information Security will be increased over the next 3-5 years? What’s going to drive that??

Manoj Tewari: I’m very confident that our budget will increase over next 3 to 5 years as we have been able to plan and deliver upon the security strategy that we decided 2 years ago.

In last three years Global IT Security has built the trust with several stakeholders by delivering on plans that helped the organisation to achieve a much better security posture. Over the next few years, we will focus on implementation of advance solutions, operational aspects of fundamental security services and certifications. Surely, this journey towards excellence will continue.

How do you balance your own bandwidth between attention on you longer term security agenda and today's issue that has just arisen?

Manoj Tewari: Today’s agenda always get the first priority however strategic actions are always considered. We have a security operations team that works 24x7x365 to take care of operational issues and a dedicated team of experts and project managers working on new security solutions.

There are many new cyber security startups that are appearing. Are there any that have caught your eye recently and you are tracking their progress?

Manoj Tewari: We are highly focussed on top security service providers with credibility and capability to execute. For almost all decisions on new service providers, two key parameters that we don’t compromise are ‘excellence in execution’ and ‘excellent support structure’.

We treat our service providers as our key partners because they bring capabilities that are necessary for the organisation to concur the cyber game. It works best when we partner with the best in the industry.

What do you regard as the crown jewels within International SOS that has the highest level of security? How well do you conduct ‘mock’ incidents so that the team is prepared for data breaches??

Manoj Tewari: For all companies and so for the International SOS , there are critical IT systems that are considered as crown jewels. Due to confidentiality reasons, I cannot document those systems here however I can assure you that we integrate security in business requirements, application build and infrastructure layer for the keys systems. We implement administrative, technical and physical security controls to build the layered security around these key solutions.

We test our incident management and data breach notification procedure by mock test every six months so that our team is prepared and aware of their role and responsibility on security incident and data breach notification procedure.

For your clients I assume that there are specific guidelines that you provide for securing their travel to certain countries and locations. Does this specifically cover IT and Information Security – could you provide a flavour of the value of this?

Manoj Tewari: Yes, it covers specific requirements of our clients related to information security. While we provide emergency medical and travel information services to our clients, we also provide an assurance on information security of the data that we collect from our clients. The information assurance is an integral part of our services.

Within the International SOS environment are you more concerned about the internal technology vulnerabilities or of rogue insiders?

Manoj Tewari: Most of the time we are busy with internal technology vulnerabilities. The technical vulnerabilities get the priorities however also have documented procedures to respond to rogue employee. Thankfully, we haven’t faced rogue employee issues in our organisation leading to information security incidents or data privacy breach so far.

When you are recruiting new talent into your team, what key attributes do you look for when selecting a new staff member? I’m aware that there is a shortage of capability in the industry - how long does it take on average to find new talent??

Manoj Tewari: There is surely a shortage of right talent pool in security industry. It is very difficult to get people with right mix of technical and soft skills. It generally takes 3 months to find people with right skill set. Key technical skills such as security analysis, penetration testing, and security architecture are rare skills.

Finally what keeps you awake at night?

The idea of hackers have to be successful only once, while we have a challenge to remediate every single vulnerability keeps me awake at night.

Join the CSO newsletter!

Error: Please check your email address.

Tags Group Information SecuritySr. Manageranoj TewariInternational SOS

More about Global ITIT Security

Show Comments

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Media Release

More media release

Market Place