RSM is leading global network of assurance, tax and consulting firms focused on the middle-market. Cyber Security and Risk Partner, Ashwin Pal, has worked in information security for 25 years, after starting as a graduate at PWC.
“That’s where I cut my teeth on cybersecurity consulting. I then moved onto the largest systems integrator in NZ to build up security business and then got pulled across to Australia to do the same here for the same company” he says.
He then joined Dimension Data to help grow the managed security business before moving on to Unisys to head up its Asia-Pacific security business. He is currently at RSM in a partner role to lead its cyber security business in Sydney.
One of Pal’s biggest responsibilities is to present to executives and boards about the importance of cyber security.
“I don’t subscribe to using fear to do this,” he says. “My method is pretty simple, which is why I think my message gets through. I simply explain to them what the current threats landscape looks like and how it could affect their business if that risk wasn’t managed.”
Pal believes the key to get the board to understand the importance of cybersecurity is focusing the conversation on risk management, as this is what businesses recognise.
“Then it’s a matter of helping them come up with a program of works to reduce that risk and bring it back to within their risk appetite” he says.
In addition to working smart when it comes to influencing the board, Pal also has good ideas on encouraging organisations to be more collaborative in cybersecurity projects.
As cybersecurity affects all parts of an organisation, Pal thinks it’s paramount to make sure that he and his teams understand who the key stakeholders are and make sure they’re involved with any and all cybersecurity projects.
“This generally will be all parts of the organisation. All the way from executives to technical staff, to HR and to end users. It is critical that all parties are involved so they can do their part and we get buy in from them” he says.
Staying informed and in touch with a technology environment that is rapidly changing and developing takes work. To keep on top of this, Pal says he does lots of reading and research and makes sure he spends about half an hour every day catching up on the latest in the cyber world.
“I also attend conferences whenever I can and interact with vendors as that helps with my research. I do write and present a bit as well and this helps round out my knowledge as well as share it” he says.
In a world with so many cybersecurity solutions, Pal thinks if you are having a cybersecurity conversation with the business that is largely driven by vendors, then you are having the wrong conversation.
“At the end of the day, it doesn’t matter how many vendors you actually have. It’s about what the business needs to reduce their risk and then aligning whichever vendor is necessary to be able to achieve that along with other aspects involving people and process” Pal says.
There are a lot of cybersecurity vendors out there, from the very large to the niche. Pal believes this is necessary and will continue given the fast-evolving nature of cyber security. However, he stresses that the focus must remain around what the business needs before ensuring the solution aligns to that.
While a dedicated and hard-working cyber security leader, Pal is a very much a family-focused person. Following Covid, he says one of his major successes has been reconnecting with family overseas.
At a professional level, his focus has been about growing his business at RSM close to 100% and being able to help clients transform their service security posture in light of the current threat landscape.
Ashwin Pal will be delivering a presentation at DevSecOps Melbourne 2023, taking place on the 19th July at Crown Promenade as part of CISO Melbourne 2023. His talk will focus on “Can we trust developers to handle security?”. See the full agenda and register to attend by clicking this link