GOVERNANCE & COLLABORATE FOR CYBERSECURITY

Posted on by Girish Bajaj. GB

Related Post

The CISO6 Cyber Security Summit & Awards 2025, was held on 20th June, at Hyatt Centric, Juhu. Mumbai, India’s financial hub, was a business-focused edition that delved into the crucial intersection of cybersecurity and business strategy. As cybersecurity becomes an increasingly critical aspect of modern organizations, this summit provided an invaluable opportunity for participants to engage in insightful discussions, network with peers, and explore cutting-edge solutions to address emerging threats.

The Mumbai edition of CISO6 aimed to gather thought leaders, cybersecurity experts, and influential business leaders to foster a collaborative environment for knowledge sharing. The event highlighted the significance of leadership and finance in shaping effective cybersecurity strategies, particularly within the context of India’s fast-paced corporate ecosystem.

The CISO6 Cyber Security Summit’ theme “Cyber Security Basics, Simplified” emphasized the importance of a well-rounded approach to cybersecurity that combines technology, best practices, and human intuition. This theme highlighted three key pillars: Zero Trust, AI, and Cloud Security, which, when supported by regulatory compliance and data privacy, create a robust framework for organizations to tackle today’s complex threat landscape.

At the keynote presentation, Mr. Brijesh Singh, IPS, Principal Secretary, Information and Public Relations, Government of Maharashtra delivered a keynote address at the CISO6 Cyber Security Summit and Awards in Mumbai on June 20, 2025. His speech focused on the evolving landscape of cyber threats, the critical role of technology and governance, and the need for public-private collaboration to safeguard national security.

During his keynote, Mr. Singh covered several key areas related to cybersecurity:

The rise of cyber threats: He discussed the increasingly sophisticated nature of cyberattacks and the challenges law enforcement faces in tracking culprits who erase digital trails.

Public-private partnerships: He emphasized that government-industry partnerships are essential for building a collaborative ecosystem of resilience against both physical and cyber threats.

Balancing security and convenience: Mr. Singh addressed the paradox of balancing robust security with the public’s demand for seamless digital experiences.

The role of law enforcement: He commended the police for their efforts in investigating complex cybercrime cases and highlighted initiatives like the 1930 helpline for reporting financial cyber fraud.

Data governance and compliance: He also touched upon the importance of data protection and discussed the Digital Personal Data Protection (DPDP) Act as a crucial safeguard in the digital age.

IPS Brijesh explained the mind map, which illustrates the “Geopolitical Aspects of Cybersecurity,” showing how cyber threats have evolved beyond technical issues to become central elements of international relations. The framework encompasses eight interconnected domains: offensive operations like state-sponsored cyberattacks and espionage that create diplomatic tensions; defensive strategies including strategic resilience and addressing power imbalances between nations with varying technological capabilities; economic dimensions involving intellectual property theft and supply chain compromises that affect global competitiveness; legal and regulatory challenges around establishing international cyber norms and enforcement mechanisms; and socio-political factors including cultural resistance to cybersecurity measures and the use of cyber tools in geopolitical events like election interference and territorial disputes. Together, these elements demonstrate how cybersecurity has become inseparable from national security, economic policy, and diplomatic relations in the modern interconnected world.

IPS Singh delivered comparable insights. Common points include:

Treating cybersecurity as a national imperative.

Building frameworks for unified, cross-sectoral incident response.

Talent development and skills training as a foundation for cyber resilience.

Promoting regulatory readiness and data privacy compliance.

Showcasing AI and quantum-safe technologies for next-gen security.

Cybersecurity Threat Briefing: Nation-State Actors & Critical Infrastructure

On external cybersecurity threats, Nation-state actors, particularly Chinese APT groups, have achieved deep penetration of critical infrastructure through sophisticated backdoors in power grids, water systems, and telecommunications networks around the world. These advanced precision threat groups exploit US-based servers to bypass privacy laws and MLAT frameworks, creating jurisdictional complications that hinder attribution and response. The vulnerability of legacy ICS/SCADA systems to “dark energy” attacks poses cascading failure risks to essential services. Unlike nuclear deterrence, cyber warfare lacks clear escalation thresholds, making Mutually Assured Destruction (MAD) concepts difficult to implement.

Strategic response requires strong R&D investment in AI-powered detection, quantum-resistant cryptography, and zero-trust architectures, combined with international cooperation through UN transnational cybercrime frameworks and credible deterrent capabilities that demonstrate both defensive and offensive cyber postures.

Nation-state cyber warfare has evolved into sophisticated asymmetric operations where actors like North Korea develop custom malware ecosystems while Chinese cyber espionage surged 150% in 2024, with financial and industrial attacks rising up to 300%. These well-developed actors now control entire critical hacking infrastructure including cloud services, routers, and digital supply chains, enabling multi-year infiltration campaigns where APT groups conduct 3+ year reconnaissance in nuclear plants to map complete operational blueprints. Non-traditional threats have evolved beyond malware to include AI-enhanced social engineering, malware-free techniques, and strategic positioning through education sector targeting (21% of nation-state intrusions). Effective counter-strategies require intelligence-led defense with zero-trust architecture, continuous threat hunting for dormant APT presence, supply chain security controls, and international cooperation for shared threat intelligence, recognizing that these highly focused state-sponsored organizations execute strategic long-term goals requiring equally sustained defensive responses.

IPS Singh on Countering Critical Cybersecurity Threats: Attribution-Based Defense Framework, uses Sun Tzu’s “Know Your Enemy” principle drives effective cyber defense through precise threat attribution. Collect attack data to identify adversary type – Chinese APT groups, anarchists, or cybercriminals – then calibrate responses accordingly. Map observed activity to known threat clusters to predict tactics, techniques, and procedures (TTPs). Conduct post-incident drills through tabletop exercises testing compromise extent scenarios across different adversary types. Deploy chaos engineering with deceptive honeypots and false data to trick attackers, enabling easier attribution while wasting their resources. Build cohesive threat actor mapping across multiple vectors for proactive defense tailored to specific adversary capabilities and intentions.

The Power Panel Discussion “DEFENDING DIGITAL BHARAT: Securing the Nation’s Critical Infrastructure in an Era of Asymmetric Cyber Warfare” at the CISO6 Summit in Mumbai, June 2025, brought together leading cybersecurity voices to address urgent threats against India’s most vital digital assets. Moderated by Mr. Gaurav Hirani (JIO), with prominent panellists including Mr. Brijesh Singh (Maharashtra Government), Mr. Shashank Bajpai (Yotta Data Services), Dr. Faruk Kazi (VJTI), and Rishi Motilal Trivedi (Gunfire Holding), the session tackled the complex, dynamic landscape of modern cyber defense for critical national infrastructure.

Panel Focus and Highlights

Evolving Threat Vectors:

Panelists discussed the spike in sophisticated attacks—such as ransomware and advanced persistent threats—targeting sectors like finance, energy, defense, and telecom, noting state and non-state actors’ increasing use of asymmetric cyber tactics.

The panelists emphasized that in the current era of sophisticated and asymmetric cyber threats, adopting a Zero Trust model is critical for securing critical infrastructure and defending against increasingly complex attacks.

Zero Trust and AI: Emphasis was placed on Zero Trust Architecture and leveraging AI/ML for early warning and rapid incident response, reflecting core summit themes.

Cloud, DevOps & SRE: The conversation highlighted the operational and security challenges of digital transformation, especially for cloud and critical infrastructure, drawing on Mr. Hirani’s expertise at JIO.

Public-Private Collaboration: The panellists, especially Mr. Brijesh Singh, stressed that protecting India’s digital future needs robust public-private partnerships and a shared ecosystem approach.

Regulatory and Policy Readiness: The panel analyzed frameworks like the Digital Personal Data Protection Act as pillars for compliance, resilience, and public confidence.

Incident Readiness and Response: Actionable strategies and case studies were shared covering how to design resilient, adaptive security systems with rapid detection and scalable response to minimize downtime.

Sectoral Deep Dives: Real-world challenges and best practices were shared for protecting power grids, banking platforms, real estate infrastructure, and telecom networks, with interactive insights from both government and industry perspectives.

This session exemplified CISO6’s broader focus on driving actionable collaboration among CISOs, policymakers, business, and technology leaders to create resilient digital infrastructure for a rapidly transforming India. The panel’s high-level, multidisciplinary structure provided detailed roadmaps for security leadership across public and private domains.

The CISO6 Summit Mumbai panel on “The CISO Paradox: Building Trust in a Zero-Trust World” brought together security leaders from major Indian enterprises, Moderated by: ● Mr Ashton D’Cruz, Executive Director, NatWest Markets, Panellists: ● Mr Ambarish Kumar Singh, CISO, Godrej Enterprises Group ● Mr Sudhanshu Pandey, CISO, Unison Insurance Broking Services Pvt. Ltd. ● Dr Sriranga Narasimha Gandhi, Vice President and Head of InfoSec, Jio Platforms Ltd
● Mr Abhishek Jha, Global Chief Information Security Officer (CISO), Tata Technologies, to discuss the complex challenge of building organizational trust while systematically removing implicit trust from digital infrastructure. The session highlighted practical approaches and organizational realities faced by CISOs as they implement Zero Trust frameworks while ensuring resilience and strong stakeholder relationships.

In a zero-trust model, the foundational principle is “never trust, always verify,” meaning that access to an organization’s systems is never granted by default, regardless of a user’s location or previous permissions. For CISOs, this creates a profound paradox: they must build internal trust among employees and gain buy-in from leadership to implement a security framework that is inherently based on a lack of trust.

Key Themes from the PanelThe Paradox Explained:

CISOs must drive security by assuming breach and enforcing verification at every step—even as they are tasked with building stakeholder, user, and board confidence. This calls for continuous trust calibration, clear communication, and aligning the board’s risk appetite with technical realities.

Insider Risks and Identity-First Security: The conversation emphasized identity as the new perimeter. Leaders advocated for robust identity management, continuous user behavior monitoring, and strong least-privilege controls to combat both insider and external threats—core to Zero Trust thinking.

Board and Executive Alignment: Panellists discussed translating cybersecurity metrics into clear business value, ensuring that decision-makers understand both risks and return on security investments. This requires ongoing reporting, risk quantification, and narrative building to drive security buy-in.

User Experience versus Security: Striking a balance between security rigor and smooth user access stood out as a major operational challenge. Leaders suggested adaptive security models, where identity, device risk, and behavioral context inform granular access controls without hampering workflow productivity.

Metrics and Trust Signals: The need to define, measure, and communicate trust was highlighted. This includes use of trust metrics (like mean time to detect, incident response speed, and user compliance rates) as well as visibility into organizational and ecosystem cyber hygiene.

Actionable Insights for CISOs

Zero Trust as a Living Strategy: Shifting away from a one-time project mindset, CISOs must treat Zero Trust as an ongoing cultural and technical transformation. Frequent revisiting of trust boundaries, controls, and response playbooks is essential to keeping ahead of threats.

Executive Education: Elevate board literacy on digital risk, regulatory obligations (such as India’s DPDP Act), and the business impact of breaches. This includes running tabletop exercises and simulation scenarios tailored for senior leadership.

Supply Chain Vigilance: Panelists pointed to vendor risk as a growing concern. They called for tighter third-party access governance, continuous monitoring, and clear supply chain trust frameworks to prevent breaches from external partners.

Automation and Response: With evolving threat complexity, panelists advocated for investing in automation—such as SOAR (Security Orchestration, Automation, and Response)—to improve detection and response times, and for developing robust incident recovery plans.

Leadership and Trust in a Zero Trust World

The summation was clear: while Zero Trust means never assuming trust within digital systems, building trust with humans—employees, partners, executives—remains the CISO’s most critical and paradoxical mission. Success requires CISOs to seamlessly combine robust technical controls with transparent, empathetic leadership and ongoing organizational alignment.

Effective zero-trust implementation requires CISOs to act as business enablers rather than just protectors. A well-executed zero-trust strategy provides granular control and context-aware access, which improves decision-making and reduces overall risk. By embedding security practices into the organizational culture and aligning them with strategic business goals, CISOs can show that zero trust, while conceptually rigid, can paradoxically lead to a more open, innovative, and resilient enterprise. 

WOMEN OF CYBER SECURITY PANEL

Breaking Encryption & Barriers: Women Leading India’s Cyber Future, Moderated by: ● Mr Amey Subhash Lakeshri, Associate Partner, Digital Trust, Cyber Defence and IR, KPMG INDIA, Panellists: ● Ms Priyanka Sunder, Vice President, Information Security, SMFG India Credit ● Ms Shyamlee Kumar, Senior Delivery Director – HCM Delivery Head, Infosys ● Ms Pooja V Joshi, Senior Country Director – India, EC-Council ● Ms Akancha Srivastava, Founder, Akancha Srivastava Foundation brought together expertise across corporate, education, NGO, and advisory realms to provide a holistic view of the opportunities and challenges for women in cybersecurity across India’s ecosystem. The panel aimed to inspire, educate, and build momentum for gender-diverse leadership in cyber strategy, defense, and governance.

The SHRUSHTI panel, as part of the Women of Cyber Security discussions at the CISO6 Summit Bombay 2025, celebrates and honors the pivotal role of women in India’s cybersecurity ecosystem—acknowledging that cybersecurity transcends technical tools and frameworks to encompass resilience, instinct, and leadership. This panel highlights how women CISOs, cyber strategists, defenders, and policy influencers have broken through traditional barriers to fortify India’s digital defenses at multiple levels.

Panel Focus and Themes:

Breaking Traditional Barriers: The panel highlighted the challenges women face entering and thriving in cybersecurity roles traditionally dominated by men, including workplace biases, social perceptions, and leadership access gaps.

Leadership & Innovation: Showcased how women leaders are shaping India’s cyber future by driving strategic initiatives in governance, education, incident response, and digital transformation with inclusive leadership styles.

Mentorship & Community Building: Emphasized mentorship programs, networking, and support ecosystems to enable more women to enter, stay, and grow in cybersecurity careers.

Education & Awareness: Stressed human-centric cybersecurity approaches, training programs, and frameworks to build cyber-resilient organizations with diverse teams capable of addressing evolving threats.

Policy & Compliance: Discussed issues around data privacy regulation, ethical hacking certification, and the balance between innovation and security compliance.Social Impact: The role of NGOs and foundation-led initiatives in raising awareness, empowering vulnerable groups, and building safer digital environments.

Key Themes & Discussion Points

Leading from the Front

The panelists share stories from the cybersecurity trenches, reflecting their frontline experiences leading teams in high-stakes environments marked by fast-evolving cyber threats. Their narratives demonstrate strategic decision-making, crisis response, and innovation, underscoring the critical role women leaders play in safeguarding organizations and national digital infrastructure.

Bias, Burnout & Breakthrough

There’s candid discussion on the challenges women face in male-dominated workplaces—from implicit biases and stereotyping to the pressure of balancing demanding workloads leading to burnout. The panel explores strategies for overcoming these hurdles, emphasizing the importance of organizational support, personal resilience, and fostering inclusive cultures that value diverse leadership styles.

From Tech to Policy

Women are shaping India’s cyber defense holistically—from technical architecture to national cybersecurity policies. The panel spotlights how women influence cybersecurity strategies across sectors—corporate, government, NGO—and participate actively in regulatory dialogues, policy-making, and strategic frameworks that adapt to India’s unique cyber threat landscape.

Mentoring the Next Wave

Creating robust mentorship and sponsorship avenues emerges as a priority to support, uplift, and retain women talent in the cybersecurity sector. The panel advocates programs that break isolation barriers, enable skill-building, and provide career navigation guidance, ensuring women have access to leadership pipelines and role models within the industry.

This SHRUSHTI panel symbolize9s a transformational force driving India’s cyber future, where women’s leadership catalyzes innovation, resilience, and equity. It served not only as recognition of past breakthroughs but as a call to future action ensuring India’s digital defenses benefit from the full spectrum of talent and perspective available.Their journey from cracking encryption codes to shattering glass ceilings exemplifies how women are integral agents of change, shaping a secure and inclusive digital India.These expanded thematic insights reflect the lived realities, aspirations, and strategic imperatives voiced by women cyber leaders at the summit.

TeamViewer is a global technology company providing a connectivity platform for remote access, support, and collaboration, with applications ranging from simple remote control to enterprise-level AR solutions. The company offers solutions for both business and free personal use, emphasizing security with end-to-end encryption and compliance with standards like ISO 27001. 

SynRadar is an AI-driven cybersecurity company that provides governance, risk, and compliance (GRC) solutions, alongside vulnerability and threat management services. Based in India, it offers a platform and consulting services to help organizations manage cyber risk, automate compliance, and track vulnerabilities in real-time.