#420 From Government CTO to Cyber Defense Pioneer: How Kiran Chinnagangannagari is Democratizing Security

[00:00:00]

Mehmet: Hello and welcome back to a new episode of the CTO show with Mehmet. Today I'm very pleased joining me from the west coast in the US, Kiran, co founder, CTO and CPO of Securin. I hope I pronounced that right Kiran. [00:01:00] So the way I love to do it is I keep it to my guests to introduce themselves, tell us a little bit more about their background, their journey, and then we can start to take it from there.

Mehmet: Talk about, you know, Securin, the reason you started, but let's start from your journey first. And what what brought you to, to this world of cyber security, I would say.

Kiran: Absolutely. Hello, listeners, and thank you, Mehmet, for having me on the show. My name is Kiran with a long last name, Chinna Ganganagari.

Kiran: There will be no quiz on that one. You can just call me Kiran. Like Mehmet said, I'm one of the co founders, also the chief technology product officer at Securin. Here at Securian, we are on a mission to make the digital universe a safer place. You know, just in a very brief nutshell, my background, especially into tech and cybersecurity, just to say that, you know, it wasn't like a aha Eureka moment or anything like that.

Kiran: It's just more about, you know, using the technology over a period of time [00:02:00] and slowly realizing that it's the glue, right? You know, it's a backbone of everything we do today, right? And and. I felt that, you know, that is the area I want to be part of. And, you know, so I started my journey long, long time ago and, you know, eventually got to the point of, you know, taking large complex projects and leading large teams and organizations.

Kiran: And I always like to be. You know focused on problem solving. I love problems and I always look at problems and see how I can solve problems, especially You know if that makes the life easy for everybody and cyber is one of those areas where I feel like there is a lot Of challenges there's a lot of problems to solve I got attracted to it And that's what brought him to secure and the evolution of the foundation of security

Mehmet: great great We have a lot to discuss With you kiran today um By curiosity always, you know Of course, especially in cybersecurity, we have plenty of problems, right?

Mehmet: So, [00:03:00] but you are into an area which is coming more and more important in cybersecurity. So tell me, you know, of course like I'm not putting myself in into the space of a Of an investor or like something like this, but you know Like the first question when a new company start like why are you starting this company?

Mehmet: Like what what kind of problems actually we are trying to solve here and when it comes to to? I'm going to leave it for you, managing the security postures that and the threats that we have. Tell me a little bit more about the story behind Securin.

Kiran: Yeah, a hundred percent, you know, so the kind of foundation of crux of how we started Securin is, you know, Securin was, I would say, you know, it was born out of frustration, right?

Kiran: And a frustration that, you know, and if I kind of give an analogy of, if I have a time mission and go back and fix things, I would do right. The reason for that is, you know, There is a lot of, there are a lot of companies in cyber, you know, that provide a lot of different tools and products and services, but they're [00:04:00] super expensive and businesses were trying to use it, but they were super expensive.

Kiran: Again, one more analogy is almost like, you know, it's not that, you know, businesses don't know how to swim. But the life jackets are very expensive, right? Or too complicated to use, right? So we thought, you know, why don't we create like a life jacket that's very accessible, right? It's easy to use and it's just more importantly proactive and actually keeps you on your right.

Kiran: That was the crux of how securing came into existence. Our goal is to. Democratize security with innovative cyber security products, all a SAS based products and very easy to use. And more importantly, it's proactive so that customers can get advanced notification about some threat or any bad actors and opposing a risk to the organization.

Kiran: And that's what it is, right? So we imagine a universe where any business, no matter what the size of it is, is able to afford a cyber security solution, right? and can have an active shield against [00:05:00] these bad actors. That's what we are about. That's what is security. That's the first one. The second one that we saw in the industry is there are a lot of, you know, tools that are in isolation.

Kiran: So if you look at security posture, you have to look at application, you have to look at, you know, when you're actually writing the code, when you actually also have to look at, you know, as you're deploying it, right, you know, in the CICB. And then once you've deployed it, So there are at least like, you know, half a dozen, two dozen number of tools in an organization that are all screaming, saying that pay attention to me, pay attention to me.

Kiran: I have some warnings, right? And there is not, you know, a good tool or a vendor out there that brings everything together and shows them a unique view or a unified view of all the different tools. and exposures and threats the organization is having and more importantly, validate them, right? And show them that, hey, I'm able to discover these threats in your organization.

Kiran: Oh, by the way, I can help you prioritize it. Oh, by the way, I can validate, right? And then once you fix it, being able to [00:06:00] validate it and then provide that overall feedback. So that's what, you know, we are trying to do. One is, you know, provide a easy mechanism for any customer, any business, any size to be able to afford a solution.

Kiran: It's easy to use, it's proactive, and also it unifies all of these different toolings into one.

Mehmet: That's great. Of course I'm expert, but of course I'm, I'm asking this question for the people who might be interested in cybersecurity, but they don't have that much experience. I would say deep knowledge.

Mehmet: You know, we know like cyber security comes in different levels, right? So you have, you have the identifications and then you have, you know, the actual actions and then you have the incident response. So where, in, in, in which, you know, position or where in the stack does she couldn't fit here?

Kiran: No, that's a really good question, Mehmet.

Kiran: So we, I would say that in a little bit more on the proactive side, not the reactive like, you know, so you, in your example, like, you know, when you look at semen, all of it after the logs are done, right? After the incident is done, they look at the logs and analyze them. [00:07:00] So we're looking at proactively, we're looking proactively and say, if a vulnerability is going to get exploited in a while, the way we do it is, you know, we get the data from multiple different sources, like 1500 sources from deep and dark web, um, you know, surface web and a whole bunch of sources.

Kiran: We actually take all of that, this unstructured data. Sanitize that process it through 30 different machine learning algorithms, and then we make sense out of the noise to come up with some signals for the customer to you. So in that regards, we have what's called as attacks of this management. It's an external, view.

Kiran: For a customer, like, you know, what's a hacker able to see, like, you know, a hacker's view for a customer. The second one is our vulnerability intelligence. You know, it gives that intelligence, you know, which you normally don't get, right. You know, so being able to proactively look and say, I am going to get it, you know, I have a signal here saying that this vulnerability is going to get exploited in the next, you know, X number of days, I need to proactively do something, whether it patch it, take down, put [00:08:00] some compensating controls or anything like that.

Kiran: And you, you know. Think about an application side of it, right? As developers are writing code, you know, how do we ensure that, you know, these are the issues they are having when you use open source packages or supply chain risk and everything. So again, how do we prevent, you know, any bugs or vulnerabilities getting into the system before we, so everything is about proactive, you know, so being able to shift left and make sure that developers are writing the code, you know, proper way, or, you know, making sure that they are using security.

Kiran: code and secure practices, secure by design and all of it. And then once it goes to production, like being able to monitor proactively before it happens.

Mehmet: Right. Um, this brings, you know, the question here. And so traditionally, you know, the posture of an organization were very limited, right? So back in the days, probably it's just their domain, maybe a couple of their, you know certificates that they might have you know, put there and people try to, [00:09:00] you know impersonate these certificates.

Mehmet: But now, You know, I know this for a fact. There's a lot of things going on there. If you want to at least, you know, tell us because, you know, domain certificates, everyone knows about that now. But of course, there are kind of of emerging, um, Emerging like new threats, I would say. So what are like the current ones and the emerging ones that you are seeing them a lot nowadays?

Kiran: I'm going to age myself when I say it, Mehmet, but you brought memories of Raptor Fireball back in the day. That's right. That was the only thing, you know, you put a firewall in front of a server and you call it good, right? And you say that, you know, I have the best security. Now you have like, you know, 20 different tools and still, you know, you're not sure, you know, if you're secure because you don't know where a bad actor is going to come in, right?

Kiran: You know, and it could be some insider threat too. So, um, it's interesting, you know, you, you brought up that question, you know, so going back to your question, right? What are some of the current [00:10:00] and emerging threats? They would say that, you know, It's almost like a Pandora box of cyber threat. Where do we even start?

Kiran: Right? You know, especially, you know, if you look at, you know, some of the recent attacks and everything, right? You know, SolarWinds is a good example. I don't want to make them as a bad posture child or anything, right? Supply chain attacks, right? This is happening quite a bit. And it's almost like, you know, Not only you want to rob a bank, but you also want to steal the keys from the locksmith.

Kiran: So what do you do with it? Right? That's kind of a detail. So again, you know, so supply chain is one we are seeing quite a bit. The second one is, you know, with AI now, right? You know, it's almost like, you know, you're giving this. You know, villains in the comic book, you know, supercomputers and they're getting bad or faster, right?

Kiran: Um, so not only, you know, we are looking at, you know, how do we use AI, you know, for proactively defending, but the bad actors also using it, right? You know, for, for offensive site, right? You know, so this is like a, you know, two way, you know, so how do we make sure that, you know, we are [00:11:00] understanding the You know the goodness of AI and also understand like how we use it, you know, for defending our networks and organizations, but also how do we know how bad actors are using it for bad purposes and understand that.

Kiran: So that's the second one. And the other one I would say is, you know, the ransomware like, you know, this is something you probably see, you know, you type in ransomware. You probably see like three or four different breaches or attacks, you know, every single week or so, you know, again, like, you know, how do we protect ourselves, right?

Kiran: You know, a little bit of proactiveness need to be there, you know, organizations have to be aware of, you know, the cyber threats and cyber hygiene, all of it. So, you know, There are a lot, but I would say these are the three, I would say, you know, the primary ones that, you know, we are seeing are emerging, the supply chain, the AI related one, and then the ransomware associated breaches, you know, especially in some specific verticals like healthcare and, you know telecom, you know, we're seeing increasingly, you know, more and more attacks, you know, [00:12:00] from ransomware or, you know, in advanced persistent threat groups.

Mehmet: Yeah. Kiran, how much is the maturity of people when it comes to the supply chain, surface attacks? Because, you know, I think we, we've seen a lot, but it seems like we are not learning and it seems like still. Customers are underestimating. Correct me if I'm wrong.

Kiran: Um, you know, I think it is getting better.

Kiran: I would say, you know, it's not completely the fault of the, you know, you know, I don't want to put a blame game here, Mehmet, right? You know, if you look at, you know, what is happening is like, you know, the, the attack surface has changed, you know, like you said, like in back in the day, it was just a certificates and, you know, three computers, you know, with the firewall, right?

Kiran: Now you have, you know, exclusive, you know, Smart devices, you know, I T O T, you know, that have exploded. Right. And we only have smart devices with AI, like Apple intelligence or AI intelligence built it, you know, my home at least have like 40 or 50 devices connected at any given point in time, right. From a thermostat to water sprinklers, you know, [00:13:00] to lights and, you know, whole bunch of stuff, right.

Kiran: You know, I don't know. We know where, you know, These devices have been manufactured from, you know, the phone varies up to date, and I try to do a good job at it, you know, because I have a little bit of, you know, more, you know, experience in the cyber sector because I deal with it every single day. But, you know, most of the businesses, that's not the primary focus.

Kiran: You know, they are looking at, you know, running the business, like it is a retail, you know, it's clothing, right? I want to sell clothes, right? Cyber is important. But, you know, how much of. You know, um, is that a priority for them? Right? So it's not that, you know, organizations are not, you know, spending time and focusing on it, but it's a constant struggle, right?

Kiran: You know, it's always about, you know, how, you know, how do you make sure that, you know, you have a good, you know, security program, right? You know, within the organization training and all of it. How do you make sure that, you know, you are secured by design, right? If your product is secure. Company and making sure that you know, your products are built with security by design, whether it is you developing or, you know, you're buying a product.

Kiran: So, no, I think Caesar has done an amazing job [00:14:00] within us to push that. And then organizations are slowly embracing that saying that, you know, I have a lot to do as a vendor, right? So same is from a. You know, the consumer to I think in organizations are realizing that, you know, I can't 100 percent rely on a vendor.

Kiran: I need to do my part and I need to make sure that you know, I do training. I need to increase my cyber hygiene or better my cyber hygiene. So I think it goes both ways,

Mehmet: right? Now you mentioned the I was very interesting topic, I believe. Um, so when it comes to how, let's say the bad actors are currently using the I and because, you know, I know You get access to a lot, and you mentioned like from dark web, from different places, you know, to get the intelligence.

Mehmet: How are you seeing, you know, the threat actors are leveraging or like misutilizing, let's say, the AI when it comes to the new wave or the emerging threats? [00:15:00] Any use cases you can share?

Kiran: Yeah, I would say that, you know, there are a couple of them. Um, so I mean the phishing emails, right? That's the number one attack vector like, you know, when you look at all the different attack vectors like, you know Phishing is the number one.

Kiran: It's the easiest one and it's most effective one that you send an email To, you know, a user in organization that is completely unaware of, you know, what that is, they click on a link and then malware get deployed, right? So the phishing emails have got a lot better, you know, in the past, you used to be able to at least look at it and say, Hey, this is a bad email.

Kiran: And I know that it's the phishing with AI now, right? They are using chat GPT or some of the tools and AI tool, you know, to actually write. A email that looks very, very, you know, trustworthy, right? It's almost like it coming from a CEO or a leader in an organization or your vendor, right? You know, so that's one.

Kiran: The other one we are seeing is Um, organizations are using AI. A lot of organizations are [00:16:00] experimenting because the boards are asking, Hey, you know, what do you do? What are you doing about AI in your organization? So they are experimenting. They are trying to, you know, play with it, right? But, you know, they are not realizing that, you know, within, you know, the AI when they're deploying like a, you know, LLM, you know within the organization like open source or anything like that, you know, they don't know what is behind the scenes, right?

Kiran: That's a supply chain, right? You know, imagine like, you know, you are sending adding a malicious package inside a You know package, you know, which is used in your you know, llm like, you know, it's not the directly used like a You know, directly, um, again, one that you can understand, like, it's like a second or third layer, you know, down, right?

Kiran: And no, and that has a malicious, you know, um, you know, package inside it, right? You know, malicious, you know, payload inside it, right? Now organization is having it, right? You know, so those are some of the ones, you know, we are seeing, you know, quite a bit. The other one I would say is, You know, it makes it, you know, faster for a bad actor to come up with payloads, like, you know, [00:17:00] POCs or exploit code in the past, you know, you have to spend time understanding, you know, how does this software weakness or vulnerability can be exploited?

Kiran: Right? I was just telling, you know, my team yesterday or, you know, last week, right? And I see how easy it is, you know, with some of the I tools, you know, to be able to, you know, You know, take a vulnerability and write a proof of concept or exploit code, right? Usually it would have taken a lot of time, right?

Kiran: Now you're able to do it, you know, within a fraction of a minute. So bad actors are using it efficiently. And we are seeing some of that, you know, in the industry, like, you know, where these POCs and exploit codes are being written by bad actors. And, you know, um, and we are seeing some of those threats on that side.

Kiran: So again, you know, so. AI is useful. I'm not saying that, you know, don't use it at all. I think it's a double edged sword as much as, you know, we won't embrace it. Bad actors are also embracing it for nefarious purposes.

Mehmet: Absolutely. Like I was to your point, Kiran, um, I was here, you know, like in the morning when I dropped in.

Mehmet: My daughter to school. So I was hearing on the [00:18:00] radio a guy from the ifc which is dubai international financial center And he's saying that these bad actors are becoming so sophisticated in writing the emails Um the phishing emails or the scam emails in a way that you can't you can't even think This is a scam.

Mehmet: It's like so well crafted as they are using ai, of course, right? Um, you know like one of the things because usually like these people, you know You Probably english is not their first language. So usually they do some they used to do some spelling errors or mistakes So now they are using, you know, ai I use it by the way, so I say Proofread this for me and then it gives me the right spelling.

Mehmet: So so they're becoming so sophisticated Yeah, and

Kiran: not just not just the emails may not write, you know Now you think about you know being able to take you know Glue a couple of pictures on internet of you. Oh, yeah And then come up with the video and send it to somebody saying that hey, you know You I need you to do something right, or maybe able to do a call on a [00:19:00] WhatsApp or video call, you know, with your friends, you know, implanted on it, right?

Kiran: The other person, I mean, and AI has become so really good at, you know, coming up with images and videos, right? It's very hard to distinguish, you know, it's whether really, you know, you or somebody else, you know, that is behind the scenes. So not just a phishing emails from emails, but also video and images.

Kiran: And also all of them have. You know, increasingly become, you know, very, very sophisticated and really good at it and which is good for Good uses but also for bad bad purposes,

Mehmet: of course, of course 100 and I want to you know, focus on something because I think Although, like, I had a lot of episodes with cybersecurity leaders and, you know, co founders like yourself Kiran.

Mehmet: The Zero Day, you know, and AI made the Zero Day much easier, and you just give, gave an example. So, for some of the folks who, who listen to the show, you know, why Zero Day is something like you [00:20:00] should, as even business, I mean, not technical guy, as, as a business guy, you should also, Understand what's a zero day.

Mehmet: And, you know, you need to ask your team, what are we doing about, you know, the zero day? So if you can just a little bit explain zero day on a very high level, of course, and, and, you know, how it relates to what you do at Sikrin also.

Kiran: Yeah, a hundred percent. So zero day is again from a layman's term, right?

Kiran: You know, you have a software vulnerability, but there is no patch. Basically you have a disease, but there is no cure. And bad actors are using that, you know, this is like a virus, right? To infect people and there is no cure for it, right? So your goal essentially is to how do I make sure that I don't get this virus, right?

Kiran: So how do I contain my organization and shield it and protect it, right? You know, before it spreads. So that's the whole idea of, you know, zero day in zero days. Again, right, you know, with AI, we haven't seen a [00:21:00] lot of those, you know, that are being actually used, you know, for zero day, but that don't only mean that, you know, it's not there, right.

Kiran: You know, they're slowly seeing an increase in uptick in the number of, you know, these AI related, you know, exploit codes and all of it. And so zero days are also there like very few though, but I feel like, you know, they're going to increase over a period of time. So again, why is it important? Because, because there is no patch for it, right.

Kiran: You know, it's almost like, you know, Hey, You know, you're leaving the door of your organization open or your house open, right? And there is no way to close it and bad actors can easily come in, right? So, because there is no patch, you know, this is an entryway for a bad actor to come into the organization and pose a risk.

Kiran: You know, from one server they can do a lateral movement and escalate, you know, their privileges and get to the domain controllers or, you know, keys to the castle or whatever, you know, bad stuff, right? Worst case is, you know, a ransomware group coming in, And taking over your entire organization, laptops, desktop server, infrastructure, lock it, and then, you know, you know, [00:22:00] ask you for, you know, bitcoins and, you know, a whole bunch of stuff, right?

Kiran: So that's the risk with zero days. So whenever there is a zero day, and if it is impacting the organization products that you're using, you want to pay attention to it, right? And see if there is a risk. Way to control it, right? Sometimes because there is no patch, right? Either you put some kind of compensating controls or if you can, right, you know, take it down until you have a mechanism, which is hard to do.

Kiran: Like, you know, if you have to completely take down a production system, which is critical to organization. So in that case, you know, keep a close eye on it and monitor it and all of it. So that's what, you know, you do in terms of what Securin is doing is, you know, we are looking for those type of things, right?

Kiran: We are trying to figure out, you know. Before something happens, like how can we identify which or which vulnerabilities are likely going to get exploited? Right? And if we are able to find that and proactively tell a customer that, you know, this is what is going to happen, then organizations have a better chance of protecting, you know, themselves from it.

Kiran: You know, so [00:23:00] it's not It's like, you know, we're not, we're not just telling you that it is, it might going, it might rain, but we are telling you that, Hey, you need to bring an umbrella because, you know, there is a hurricane coming in. Right. And so security is actually there to help prioritize, you know, what needs to be fixed and what are the things you need to focus on proactively before it becomes.

Mehmet: I love this you know, similarity Kieran, very, very, very, it's, it's like make Cleave to everyone. I believe. Um, Now, I gotta ask you this question and allow me to put myself maybe into a CISO person here. Now, because Of course, I know how important, you know, having a solution like your skill is important for environment.

Mehmet: But let's say, you know, and we talk about technology, we talked about, you know, how you're helping them in understanding. So today, if I implement the solution, you know, in, in, in my environment, [00:24:00] I mean, your solution, I love always to, to, to tie it up with like the benefits, the direct benefits or the direct outcomes, I would say that I would have when I, so tell me how you're going to help.

Mehmet: organizations when you start to implement the solution for them. This is what I'm trying to understand.

Kiran: Yeah, sure. So again, you know, going back to knowledge, right? And also think about securing as your weather service, right? We can forecast and predict, you know, when it is going to rain and we can forecast and predict, you know, when hurricanes are going to come, right?

Kiran: So again, you know, rains are, you know, In hurricanes, you know, if you bring it back to the cybersecurity side, right, you know, when a vulnerability is something that you have to pay attention, right, you know, it is going to have a bad impact, right? And more importantly, when you bring it, you know, like a hurricane, something, when a bad actor like ransomware group or, you know, threat actor is going to be leveraging that one.

Kiran: So. So that's a, you know, that's a first and foremost is what securing can do, right? You know, being able to proactively look for, you [00:25:00] know, threads before it actually has a bad impact, you know, on your organization. The second one is, you know, being able to look end to end, right? You know, we talked about multiple different tools, but these tools don't talk to each other, right?

Kiran: So if I'm a see, so I have, you know, 15, 000 vulnerabilities and, you know, maybe, you know, a half a million findings, right? Associated with it, right? How do I actually understand where to do prioritization, right? You know, because not every vulnerability and a finding is equally important, so you need to be able to do it.

Kiran: But more importantly, how do I understand where these are coming from, right? Being able to walk back and understand that, hey, this application is sitting on a container. And this container is running on, you know, Azure or AWS infrastructure. And this was, you know, both the application and the deployment was done using this particular CICD process.

Kiran: And he is the one that actually wrote the code. And this is the repo in Git, right? GitHub, GitLab, whatever it [00:26:00] is, where the code is, right? So, if you can work backwards as a CISO, And actually go back and say, Hey, these are where my issues are, right? The root cause of it, right? You know, don't just try to be a bandage because it's like a whack a mole game.

Kiran: If you fix, you know, 100 vulnerabilities tomorrow, I bet you you'll have 100 more new vulnerabilities that you have to deal with, right? So the best way is, you know, move back and see where those are, like, you know, shift left, understand that, hey, let me work closely with the developers to understand, you know, how they're writing the code, what packages are using, right?

Kiran: You know, what type of, you know, code is being written out, you know, are they effectively writing it or not, right? And then as we're doing it, deploying, making sure that, hey, we're not putting any secrets, we're not putting any access keys, you know, we're not actually. Writing, you know, code, which will create, you know, bad infrastructure, you know, when it is deployed, right?

Kiran: And as we bring these buildings, these containers and all of it, right? So that's what, you know, a CISO is going to be looking for end to end. And, you know, as, you know, a effective CISO, I would say, right? And not just [00:27:00] looking at in a point in time, hey, I have these, you know, 100, I also understand the root cause of it.

Kiran: That's where security can come in and help. Bringing all these different tools into one place, have a unified view and able to tell the story of, you know, hey, these are where, you know, your root causes and issues are and how do you, you know, actually start proactively focusing on those ones.

Mehmet: Absolutely.

Mehmet: Now we talked about multiple emerging trends and we talked about you know, some of the existing threats also as well. If we want to look into the future a little bit, Kiran. Like, let me ask you this question first, um, when are, do, do we expect, let me ask it this way, do we expect like ransomware after a while, for example, to become something from the past?

Mehmet: Or is it like, is it, is it like the epidemic, let's call it, that it's going to stay with us forever? We don't know for an unforeseen future.

Kiran: Oh, [00:28:00] gosh, I wish I have a crystal ball of cyber security. None of us know where we are going, especially like, you know, with AI, it's like a black box in AI. So we don't know what is going to happen, right?

Kiran: I'm learning and evolving every day, right? You know, my knowledge around cyber security. So I wish I have the answer to that question of, you know, is Ransomware eventually going to disappear? If I have to guess, I think, It's going to get a lot more sophisticated, right? A lot more complex and easy for a bad actor to use and very hard for defenders, you know, to to protect their organization assets.

Kiran: I don't say I don't know, we're living in a hyper connector world. We talked about, you know, increasing the, The overall attack surface have changed, right? And just, you know, before COVID and after COVID, right, you see a lot more organizations leveraging, you know, SAS tools or, you know, um, you know, other tools, right?

Kiran: You know, so with increasing of IT, OT, smart devices, AI, you name it, right? You know, you know, we are in increasingly hyper [00:29:00] connected world, you know, and so the threats are also increasing. And so, you know, The type of threats, you know, we are going to be dealing with is also going to be increasing with every new device that is plugged into organization.

Kiran: It opens up a new attack vector. And so that is going to be the nature of it. One thing I would say is, I would say that, you know, the physical warfare, I think, is going to change quite a bit into more of a digital warfare. Nation states are going to be leveraging cyber, you know, to do warfare, right? You know, it's very easy to click on a button and then launch a campaign that, you know, attacks a nation, right?

Kiran: You know, whether it is utilities, whether it is, you know, telecom, whether it is, you know, energy sector and we are seeing threats, right? You know, colonial pipeline, whether it is T Mobile, you know, you know, telcos like T Mobile, right, you know, whether it is, you know, um, attacks on water utilities in multiple different states.

Kiran: And we're seeing that, you know, increasingly, I would say that, you know. [00:30:00] One of the things that actually is going to probably happen, which I feel that with a very good confidence level, I can say, is regulations are going to tighten, right? Because now, you know, especially after SolarWinds and other incidents, what we're seeing is that it's not just a cyber security issue.

Kiran: Or a tech issue, but it will become a legal issue to write and also it's, it's like, you know, seatbelts soon. If you don't have a site, right. Cybersecurity, you probably will be against like, just like if you don't wear a seatbelt, it's against a law. If you don't have the right cybersecurity, it's going to be against a lot.

Kiran: So you will see increasingly the government regulations are going to change where the board is going to be responsible. Like, you know, is he, so is now at the risk of, you know, You know, you know, you know have a huge issue like if he doesn't sure she doesn't make you know Pay attention to the cyber security cyber hygiene, I would say

Mehmet: Absolutely.

Mehmet: Yeah, and you know, by the way No [00:31:00] one has a crystal ball, especially in in in cyber security. I know the skill and because um, I think, you know, what I tell people from my point of view, because, you know, I work on both sides, you know, and I've seen it from technical perspective. I see it from business perspective.

Mehmet: For bad actors, it's a lucrative business actually, right? So it's an easy way to generate money. And, you know, as you said, they're leveraging AI and people are Paying majority of the time the ransom because they want to get back to business as fast as possible So, you know, they're saying why not like, okay, so so if you can get this money very easily why not do it right and they can hide and I think you know, the Um emergence also of the the cryptocurrencies and you know You cannot track them back and and so on so forth.

Mehmet: It's making that's easy for them. So absolutely um Shifting a little bit gear again Kiran with you. So You You come, you [00:32:00] know, from a CTO position before, but, you know, you were working I believe in state of Arizona, if I'm not mistaken. Right. And then you shifted to be a co founder. So this is, this is a huge move.

Mehmet: And, you know, it's like, it's like a, You know, it's a giant leap, you know, frogging from from from from something to something different So walk me through like what what also attracted you to be a co founder? You know moving from I would say more or less stable job. And, you know, so, so tell me, and walk me through the experience that, that you had.

Kiran: Entrepreneurship is not for the faint of the heart. You know, it's not a bed of roses. I can tell you that. Um, you know, it's, you know, it's, it's never was an intent, right? It's not like a straight path of, Hey, I want to be a co founder or, you know, I want to start my own company or anything like that. Right.

Kiran: I wasn't even thinking about becoming a CTO of any organization. It just, you know, It [00:33:00] was just, you know, happened, you know, over a period of time, right? You know, um, and I was the CTO for state of Arizona for almost seven years. I call it as I did my tour of duty. It's amazing place to learn intricacies of working in the public sector.

Kiran: It's a very stable job. But every single day, one thing I would tell you, I noticed, you know, we would get into the office and say, don't tell me that there is a breach, right? You know, don't tell me that there's a breach, you know, at one point, you know, my colleague and also a business partner, like, you know, he was the CIO for state of Arizona.

Kiran: He was doing a search for a cyber security breach and the Cso photo forms state of Utah popped up, right? And so then the conversation turned to be when do we quit our job beca before we become a Google search, you know, image for a cybersecurity? Because, you know, I don't want my face to be the one cybersecurity breaches happen, right?

Kiran: And unless that position, right? [00:34:00] So, so we actually were talking about cybersecurity before cyber became such a. You know, bad, you know, like, you know, you know, I would say that, you know, so, you know, so the, the risk from cybersecurity became, you know, so complicated and so bad, right? You know, the risks were there, but I could say that, you know, sophistication, the complexity, the number of attacks actually have increased in the last 10 years since I left the state.

Kiran: You know, I always had this mind of, you know, I want to focus and I want to learn more about it, right? And then suddenly we, you know, came to this opportunity of starting organization, you know, with cyber focus, right? And also that's how I, you know, started the company, you know, with other co founders and, you know, rest is history.

Kiran: But, you know, it's again, right, you know, understanding, right, you know, just like the state of Arizona. When I was there, like, you know, I felt like an organization's every size, every. Scale every type of vertical arc facing these issues. So, you know, I felt that there [00:35:00] is a good opportunity and I would say that with the.

Kiran: You know, with with the intersection of a I with the intersection of cloud and intersection of cyber security, right? There are some interesting problems to solve, right? Because each one like an organizations can easily come up with solutions without a huge investments into cloud, right? Cloud actually changed how you actually deploy products and how organizations come up with ideas and see them to fruition.

Kiran: I would say that, you know, it's impacting every single organization. You know, individual, I would say, you know, if they are not seeing it right now, they're still using it behind the scenes. They probably just don't know about it, right? And cyber is impacting every single day. So I would say it's a really interesting, you know, intersection with these three.

Kiran: And I'm just fortunate to have experience with all of those. And, you know, being here at organization to leverage my skills and background and provide that, you know, insights, you know, into the products and services we're building.

Mehmet: Amazing. You know, like what a journey. And as you said, it's [00:36:00] not like for everyone.

Mehmet: Absolutely. Kiran. Um, As we're wrapping things up, like, if I want to ask you, Kiran, like, what would be your advice? I gotta ask you for two, for two people, right? So first, for people who want to be in the cyber security space. So, you know, what, what one final piece of advice you can give them and one final piece of advice for People who have this itch to, to start something and become entrepreneurs.

Mehmet: So, so, so it's gotta be like two, two, two branches.

Kiran: Yep. So I'll start with the cybersecurity first, right? Sure. You know, I would say that cybersecurity, just like any other tech field, it's not a solo sport and you know, and, and, and what I mean by that is, you know, It's for everybody, right? You know, as organizations are thinking about, you know, Hey, how do I secure as individual?

Kiran: You also have to be worried about how do I secure my in my digital presence, [00:37:00] right? As individually, you're using lots of different social media, right? Or, you know, you're using a lot of increasing number of, you know, tools like fast rules and everything, right? So it's both, you know, for everyone. You know, individuals and organizations and the steam support, I would say, right, you know, your digital life, you know, as a personal, you know, individually is as precious, you know, as you know, as a company, I would say, um, and, and everybody is a potential target, right?

Kiran: You know, today, ransomware groups are attacking companies, you know, so that because they know that there is money to be made, right? Pretty soon, I would say that, you know, it's going to evolve where they're going to evolve. Probably start targeting individuals to maybe start with high net, you know, what individuals and go after them before they come to other other individuals.

Kiran: I would say I would say that that is probably going to happen because if there is money to be made, why would a ransomware group or somebody, you know, would not take advantage of it? Um, so I would say that, you know, again, stay secure. But also like, you know, let's just make sure that [00:38:00] you're together, right?

Kiran: You know, we make this as a safer place. You know, there's like secured by design, you know, secure security awareness, a whole bunch of it. And all of those applied aren't just for organizations, but also individuals. Like, you know, think twice before you actually post anything, right. You know in terms of, you know, you know, folks that want to get into a, um, you know, starting a business or anything like that, right.

Kiran: I, like I said, you know, it's not for the faint of heart, but You love it, right? Every single day is amazing. You know, you, there are ups and downs, you know, with, you know, with co founding a company or starting a company, but you know, would I do it? 100%. Like, you know, there is ton of fun. And also the every single day you have a challenge and you know, you're trying to figure out, you know, how do I solve it, right?

Kiran: If you have that built in, right, you know, I would say that, you know, go for it right now. And I would say what I would say is that, you know, especially if you're looking and, you know, doing something in technology, [00:39:00] right, you know, technology evolves, but the core of what we do is always about solving human problems right at the end of the day.

Kiran: So just curious, be stay curious, stay learning and never underestimate, you know, like, make sure that you have a team around you, right? Because there are times where you feel like maybe this is not for me, right? You know, you need that. Yeah. Shoulder, maybe it's a business partner. You know, maybe a colleague maybe maybe there's a team that helps you and say no You're going the right direction.

Kiran: Let's keep pushing through it. Let's plow through it, right? So yeah, I would say that you know, there's exciting times There's a lot of exciting interesting ideas i'm saying especially with ai Um, so I would say this is a really good time for anybody to start a company But just be aware that it's not going to be easy journey.

Mehmet: Absolutely. It's not an easy journey hundred percent kieran Um You know, your, your experience, you know, your way of, you know, what I like really to take care of is the way you explain things. I think everyone, you know, easily can [00:40:00] understand what you're talking about, because I love this approach when, especially cyber security is a complex, um, it's a complex field by itself, but you, of course, maybe because I come from technical background, but really, you know, it made it much easier.

Mehmet: And of course I believe you will. Also, like contributed in raising the awareness about, you know, the current cyber threats, because it's important for business leaders as well. Of course, like, as you said, like, there is no season who would like to have his or her photo to be appearing on the first search on Google 100%.

Mehmet: But yeah, like, like, I think, you know, this kind of awareness and the empathy I saw you know, in the way you are, you are telling us about. The threats Kieran is like really you know, it affected me honestly. So thank you for sharing that with us Um, tell me how people can get in touch and how they can get to know more about you and about Sikorin

Kiran: Yep, you know, [00:41:00] again, I appreciate you know, the the the feedback, you know, and what I totally enjoyed, you know, talking to you and be on the call with your listeners.

Kiran: So now easy way to get in touch is, you know, LinkedIn. LinkedIn is where, you know, we actually constantly post updates about any emerging threats, any new vulnerabilities, anything in the cyber security. If you want to learn anything about security. Again, go to LinkedIn. That's, I would say, you know, subscribe to you know, our organization, follow and, you know, and all of it.

Kiran: I would say that's the number one place, you know, to go. S E C U R I N dot IO. Securing dot IO. That's the URL for the company website. If you're interested in cruising and understanding, you know, what type of articles, resources that we may have, products and services that we may have to offer.

Mehmet: I would make sure they don't have to go and replay what you just mentioned.

Mehmet: So I will make the audience life easy. Again, I put it in the show notes. So if you're listening on your [00:42:00] favorite podcasting app, you're going to find it in the show notes. If you're watching this on YouTube, you're going to find in the description. Um, Kiran, again, thank you very much for joining me today.

Mehmet: I really appreciate it. And thank you for also the feedback. And this is how usually I end every episode. This is for the audience. If you just discovered this podcast by luck, thank you for passing by. I hope you enjoyed. If you did so give us a thumb up, subscribe and share it with your friends and colleagues.

Mehmet: And if you are one of the people who keeps coming back, send me their feedback, their questions. Thank you for doing so. I really appreciate that. And. Also, I appreciate any suggestion, you know, that you have, you want me to do something different. You want me to get a special guest on the show, please feel free to do so.

Mehmet: Thank you very much for tuning in and we'll be again in a new episode very soon. Thank you. Bye. Bye. Thank

Kiran: you

[00:43:00]