Narendra Sahoo (PCI QSA, PCI QPA, CISSP, CISA, and CRISC) Founder and Director of VISTA InfoSec, sat for an interview with Aviva Zacks of Safety Detective. She had the opportunity to ask why he started his company and what he does for his customers.
Safety Detective: What motivated you to start your company?
Narendra Sahoo: Prior to 2004, I was working in the line of networking and security in the industry (since 1993). Meanwhile in India, the internet came in 1995, and by 1997 people started to embrace the technology at work. With that, people started setting up networks more widely in their companies and realized that their data was visible in computers across the room. This spawned the need for information security in India.
I was working on firewalls and setting up VPNs since 1998, and setup my first system using Check Point 4.1 NG—a very, very impressive Israeli product. By 2004, my friend suggested that if I really wanted to be taken seriously in the cybersecurity industry, I had better set up my own company. And, that led to the setup of my company VISTA InfoSec from my home.
SD: What does Vista InfoSec do?
NS: VISTA InfoSec is a global Cybersecurity Consulting firm with its presence in UK, US, Singapore, India, and the Middle East. As a consulting firm, from day one, we have been working in the field of IT and Information Security. During the initial tenure, I observed how other top consulting firms were working, and it was at that point of time I noticed that a lot of these consulting firms were into promoting products, and software under the ambit of consulting services. This I think is unethical and with that, I decided to set up a vendor-neutral Information Security company. A company whose partnership and recommendations can be trusted.
VISTA InfoSec is a pure-play vendor-neutral company having no ties up with any firms selling any products, hardware, or software and so our recommendations are purely based on an organization’s current infrastructure requirement. We provide our clients with in-house solutions while we strongly believe in not outsourcing any of our work. Our team of experts provides an end-to-end solution and handholding at every stage of the services offering to our clients. We provide an array of services which include but are not limited to Compliance & Governance, Technical Assessments, Regulatory & Compliance, IT Audit & Advisory Services, Managed Services, Training & Skill Development Solutions, and Certifications in many areas.
This is the ethos of the company which we set up in 2004, and we continue on the same boundaries that we have set for ourselves since then.
SD: What types of companies does Vista InfoSec service?
NS: We are a well-known global Cybersecurity Consulting firm in the US, UK, Singapore, India, and the Middle East. We specialize in a range of services and cater to various industries including but not limited to –
|Banking, Financial Service & Insurance
||PCI DSS, PCI PIN, SOC2, GDPR
|Cloud-Based Service Industry
||SOC 2, SOC 1, SOC3 PCI DSS, GDPR, Information Security Assessment.
||HIPAA, SOC2, Information Security Assessments
|Payment Card & Processing Industry
||PCI DSS, PCI PIN, PCI SSF, PCI CP
||HIPAA, SOC2, GDPR, CCPA
|Retail & Manufacturing Industry
||PCI DSS, PCI PIN, PCI SSF, PCI CP
||SOC 2, GDPR, CCPA, NESA
||SOC 2, GDPR, CCPA, NESA
We are there for manufacturing companies and pharmaceutical companies because we do FDA CFR Part 11. Because of COVID, cybersecurity has come up very strongly because people are now working from home which is outside of the protective boundaries of an enterprise security posture. In your office, you have IDS, IPS, firewalls, DLP, and various other security measures in place, but if you’re working from home, everything is stripped out. That’s why you are hearing a lot about ransomware and security attacks. At this time, almost any company is a potential client for us.
SD: What would you say are the worst cyber threats out there today?
NS: Talking from statistics—ransomware. But, from experience what really causes and results in cyber threats is that companies are trying to tighten their budgets to save money. Since they are running on a tight budgets, the first thing that many companies are stripping out at this time in a very short-sighted manner is their cybersecurity program and this is very surprising. They are postponing certifications, assessments, audits, and hiring, which is a crazy thing to do. Now, since remote audits are happening and with the auditor not visiting the sites to be audited due to Covid, many companies are taking even the audits casually. To those companies, I really hope they realise that in the end, they are not fooling the auditor, but themselves and have themselves becoming the worst cyberthreat for their own selves.
SD: How is the pandemic changing the way companies are viewing their security?
NS: Some companies are looking at it in a very strong way because they realize that with the pandemic in progress there is a real threat. This is mainly because people are now working in a very disparate manner. We have been witnessing people working on their sons’ and daughters’ laptops, and more than often even children playing on office laptops. They do realize the importance of security and for these reasons, they are racing up for it. Thankfully companies have realized the importance of having strong cybersecurity measures in place and have now changed their perspective about Compliance Management.
Prior to the pandemic, it was just working within the productive and secure boundaries of the company. So, people just walk into the office, worked on the office laptops and networks, and left the office assets within the secure confinements of the office premises. But now with people working from home, things are a lot different. Thankfully, companies are evolving in a way that they understand they need to change the way they view how compliance has to be managed. It cannot be done in the same way as it was prior to the COVID era. So, now many companies are asking us to conduct WFH security processes, business continuity processes and disaster recovery process. This is because in this COVID scenario, the uptime of their infrastructure and servers are of paramount importance. We also now see many companies moving into rolling out GRC since now there is a need for a centralized repository and process for compliance and audit management.
I don’t see things getting back to normal for at least the next one year or a year and a half. And even after that, I think COVID has left a very indelible impact on the way that we work and the way we are doing business. Many companies have decided to work from home continually, or at least on a 50% capacity basis. Some companies have been cutting out on their cybersecurity and information security budgets which is causing a huge risk to the enterprise.
Original Interview published on:- Safetydetectives