Become a Creator today!Start creating today - Share your story with the world!
Start for free
00:00:00
00:00:01
Episode 5: The Changing Face of Cybersecurity in India with Vinayak Godse
49 Plays4 months ago
In this episode of Observability Talk, we dive into the evolving cybersecurity landscape in India, with a focus on how organizations can stay ahead of emerging threats. We’ll explore the critical role observability plays in enhancing security practices, especially in an era of rapid digitization and complex infrastructure.
Joining us is Vinayak Godse, CEO of the Data Security Council of India (DSCI), an organization at the forefront of cybersecurity policy and innovation in the country. Vinayak shares his deep expertise on the transformation of cybersecurity over the past two decades, the top challenges keeping CISOs and CIOs up at night, and the potential for convergence between network operations and security operations.
In this episode, Vinayak offers valuable insights into how enterprises can balance the need for speed and innovation with robust security measures, the role of GenAI in cybersecurity, and the future of observability in protecting against advanced threats.
Also, Check out
- Data Security Council of India
- Vinayak Godse on LinkedIn
- Vinayak Godse on X(Twitter)
Recommended
Transcript
Introduction to Observability Talk Podcast
00:00:11
Speaker
My new show of observability talk. We thank you for listening to this podcast during your peace time.
Founding of ViewNet and Network Security Challenges
00:00:18
Speaker
When we started ViewNet, we wanted to solve one of the very critical challenges of network security. Though we pivoted to observability, I have always been fascinated by the intersection of cybersecurity and observability. I believe um our guest today will help us unravel it.
Vinayak Gautse's Background and Role at DSCI
00:00:37
Speaker
We are glad to have Mr. Vinayak Gautse, CEO of Data Security Council of India. But before I tell you about Vinayak, let me tell you about DSCI. DSCI is a nonprofit body by NASCAR. They promote data protection in India by establishing best practices and standards in cybersecurity and privacy.
00:01:00
Speaker
It engages with various stakeholders for policy advocacy, thought leadership, capacity building, and outreach activities to enhance the cybersecurity and privacy landscape. DSCI has also been instrumental in creating a very good ah startup ecosystem for cybersecurity startups. Miraic has been associated with DSCI since its inception in 2008.
00:01:27
Speaker
He also leads the National Center of Excellence for Cybersecurity Technology and Entrepreneurship, a joint initiative of DSCI and BT. It suffices to say that Vinayak is a diligent voice in the cybersecurity space in India.
DSCI's Mission and Cybersecurity Ecosystem in India
00:01:44
Speaker
Hi, Vinayak. A warm welcome to you to Observability Talk podcast. My first question to you, Vinayak, is you have been quite active in cybersecurity for more than two decades.
00:01:56
Speaker
How do you see the cybersecurity landscape transforming in India? And what are the primary drivers behind this transformation? yeah Thank you Bharat for having me here. um Last two decades, cybersecurity was a kind of a greenfield when I started my career in cybersecurity.
Impact of Industrial Digitization on Cybersecurity
00:02:16
Speaker
But now it's like more like a brownfield. But while we say that brownfield, so if you look at overall digitization that is happened in content happening are probably accelerating in the country. So largely we talk about as a fourth thing in DSCI, right? So when it comes to digitization, one is every industrial sector is now digitizing. There's a push internal plus external government push for them to digitize it. Second, the ah ah kind of ah ah
00:02:48
Speaker
intervention that we brought, and that's why we call it the digital public infrastructure, right? Starting with ADAR and the new PI. So, there's a tremendous amount of revolutions happening um in the case of at least the two types of organizations we always talk about. One is the transitioning industry and the other is the value creating industry, like an energy company. ma company So the UPI ecosystem or the other ecosystem are largely the real public in production. It has transformed the entire financial transaction processing industry quite intensely. And now we see that it will happen for the other sectors of industry as well. That's the second thing.
Opportunities and Threats in Rapid Digitization
00:03:24
Speaker
you Third is the emerging technology we are adopting. And fourth is the very sensitive sector like defense and other critical sectors also going for technology advancement and digitization quite in place. And the last one is the individual's transaction, be it personal transaction, social transaction, social exchanges that they have and their financial transition as well is also getting digitized quite in place.
00:03:49
Speaker
In the process, we, ah the development of each of these entity plus individuals are getting quite expanded and those can be picked up to buy an attacker or by a professional basically to, to see a possibility, right? For example, even there is a one weakness, one level of tea is, is exposed for even for short moment. There's a possibility somebody pick up and explain that. We we are into that ah paradigm now.
00:04:19
Speaker
that a small weakness exposed for a movement can create a lot of but a big ramifications for you. Very true, very true. I mean the kind of fast pace of innovation and this spike in digital adoption which you are talking about has also increased fraud, suspicious transactions and so on. i'd We have been hearing ah from general public right that they basically ah are getting ah into frauds and whenever they are making transactions
00:04:51
Speaker
um different type of QR codes and so on. At financial institution and other large enterprises right are also grappling with ah this security challenges because of this digital revolution and transformation. yeah What has been happening in India?
Challenges in Real-Time Security Management
00:05:06
Speaker
right up What are the top three challenges do you see? ah Some of these large enterprise companies CISOs or CIOs are are always awake in night. What are these top three challenges which are keeping them awake in night? yeah so so um we We are the significant advancement of a threat landscape right and as I talked about, for a short moment, even the weakness of vulnerability get exposed, there is a possibility that it will get exp exploited basically. The small exposure would create a larger exposure and larger exposures probably will create larger ramifications. This is happening at one hand.
00:05:45
Speaker
Right. On the other hand, the value and velocity at which they are putting digitization, developing application and then deploying them is also significantly rising. rate And underlying infrastructure is also significantly becoming became more and more ah complex in nature. And there are a lot of interdependencies that that worked on it. And the entire supply chain of transaction processing industry is getting so unbundled. So ah one party is managing their infrastructure, managing the applications and against this kind of promising tech landscape. But other parties
00:06:16
Speaker
How do we make sure that this entire ah it external ecosystem, because of bundling happening ah in possession processing industry, how do we make sure that all of them are billing government days, but at the same time, there's a security and privacy nowadays, assurance is also ensured in that process. This is ah one of the key things that we believe, um which is big challenges in his social CIOs are grappling with the challenges. How do you make sure that organization is growing fast? Organization is adopting technology better and they are digitizing and creating those possibilities including the productivity and also providing better experience to customer while taking care of the
00:06:54
Speaker
ah the the the the scale at which the attack landscape and advancement at which there they are trying to bring to the table, addressing them. So how do we balance these two is a big challenge for the sector that we talk.
00:07:09
Speaker
ah Very true sir, one of the thing what we have, we'd say two things which you talked about right that almost every enterprise are using interconnected are getting interconnected with other enterprises right because they are using APIs more now. ah The second thing is almost anything and everything is looking at citizen scale.
00:07:29
Speaker
right ah in In such an environment, ah how do you see these enterprises and institutions ah adopting any new security practices to ah address these challenges? Are there any any framework which has come up? ah do you want me so We nowadays look at ah there were days of security and we all come from security cooperation. I can admit here we all came from security means assessment, means assurance.
00:07:56
Speaker
But that is like, we used to do that once in a year, once in a six months, nowadays, that don't go once in a quarter, right? But within within a quarter, every day, almost 50 to 60, one level to get exposed, right? Disclosures, right? And you don't know whether you are exposed or you are unable to those disclosures that happen. So, so what that tells us is like, this assurance on assessment day one security is not going to work now. It was until now, right?
00:08:21
Speaker
But now ah the focus is more like how do you manage that real-time? How do you manage security problem on a real-time basis basically? So ah how do you get hold of the things that could create ramification for you in the shortest possible time? And do you know ah what what are your behaviors basically? ah And out of that, is there ah any abnormal behavior? and Can you get hold of that basically?
00:08:46
Speaker
And once you, one, one problem is solving that, right? One problem is to make sure that you get hold of that. And other is, once you know that, do you have those tools and handles with you and instruments with you basically? So take care of that. So we do have the reinforcement mechanisms with you and that could be anything. So the security has come to this level where, uh, uh,
00:09:08
Speaker
getting hold of the issues that could create ramification as early early as possible but in this complex environment. And at the same time orchestrating action in a way that you are imposing so that it is not creating ramification for you. And henceforth, this is still now and henceforth, we are looking at ah no matter how much you have prepared, there is still some issue will happen, right? There's still some breaches that you'll be exposed to, right? How do you make sure that your residency preparation is more systematic in nature, right? How do you make sure that you are, you are ready to address those eventualities with all those instruments available with you?
00:09:45
Speaker
Right. Right. See, this is something which I have been telling a lot of our customers that ah observability is always an afterthought. A lot of times early on we have seen security also is an afterthought. Have you seen any, are you seeing any changes in the industry today?
Integrating Security Operations with Observability
00:10:03
Speaker
Are people? No, certainly not. But ah one part which carefully only we look at ah security was largely some years back was a point solution, a problem and we are finding solution for that. right And ah gradually, like we had this network operation center, ah we started putting security operation center basically, which is at least trying to create a single plane, view power organization, what is happening in the organization by looking at all those like log information, unit information, try to bring it together and trying to make sense of it. basic It has approach to that level basically.
00:10:40
Speaker
And now ah now because of the security operation center and there are different models to set that up basically at least oh one first level of observing what is happening has achieved right but now observability you know as we talked about ah this interdependency, we talked about this complexity, we talked about this scale and value matrix things are going basically the transition the way they are getting process. So now this needs to be going and that there's a lot of this international interdependencies as well. So now we need to make sure that we have to go the next level in terms of knowing things from the larger, bigger context prospect perspective and also knowing things from what you are in the organization.
00:11:25
Speaker
So quite a good internal intelligence in conjunction with the what you learn and this this learning is on the longer duration of time because we are seeing security especially the APD attack that we talk about, advanced person institute that we talk about. Sometimes that is there in the organization for 200 days plus and then only they will be there for a long. So there is still here in nature basically and then ah then you take time to know their activity, right? And they will be there in their system. That's why longer duration observation is very important. And that's why I believe the observatory science of it is well-being could play a very critically important role in cybersecurity.
00:12:04
Speaker
Very true, sir. You talked about NOC, you talked about SOC, and mostly in most of the enterprises, we have seen that these two work in silos. ah nowre ah People generally keep both of them to make sure that they have good view in the overall infrastructure and application operations, and then what is happening from the security perspective.
00:12:25
Speaker
ah ah In certain customer discussions we have been asked or we have been told multiple times that should these two somewhere in some point converge and maybe provide a single unified view because finally up it's an application which is being monitored or observed right and I would want to have a view which provides me both ah operation perspective as well as security perspective.
00:12:52
Speaker
So do you see in your conversation to CIO, CISOs, if they are looking at somewhere, converging these two? Yeah. So silos had already discussed in the circle that we engaged, CIO, CDO nowadays.
00:13:13
Speaker
ah um and and And the silos, because why these silos are critical in the discussion because The attack,
Complexity of Multistage Attacks
00:13:23
Speaker
security attack of fraud personality side are largely multistage in nature. ah ah They also involve multi-vectors as well and that vector could be at a network, could be at a data, could be at application. And sometimes by knowing only network,
00:13:44
Speaker
you will not able to understand how things are going wrong basically. That can converge or that can be understood from what is happening in data, what is happening in application, what is happening at a particular security solution that you are looking at. We put all that together, then only you will able to make sense of things, right?
00:13:59
Speaker
And this this is a felt need basically. eight mean We set up security operation center, but the coverage nowadays we can talk largely. Is it covering the entire infrastructure for me? But regulators are also trying to seek it. Sometimes application logs are not really integrated ah with the SOC. Is there a way for us to bring that together? Because at the end of the day, applications are your external interface.
00:14:26
Speaker
something happening at application level, if that can be correlated to what is happening at network level, what is happening at, for example, we have quite a good solutions at the data level as well. People are now looking at database activity monitoring. Some, we picked up from that basically. So all of these solutions, they do one important thing. So they take enforcement action, every enforcement action creates a new intelligence as well. If all of this intelligence can be converged together, that could that would probably build quite a good possibility of identifying that ah that one unknown thing which could create a big problem.
00:15:02
Speaker
No, sir, very true. ah In fact, ah we were analyzing the which basically came in light right few months back um and we realized that ah if there could have been an anomaly detection right on failures or these transaction failures, ah most probably some indication would have come ah which would have told that ah there are failures happening ah which was not there earlier right or the ah the amount of failures happening in shorter period.
00:15:31
Speaker
now Some of those anomalies could have been picked up, and maybe somebody would have looked at it, ah saying that yes, that there is some issue um with respect to the application there. Very true, sir. Sir, you talked about the regulatory part of it. Sometime back, DSCI has mapped various companies into different categories. And thanks to you and DSCI, a unit was mapped under supervisory technologies. Can you explain a bit about overall what your thought process are or the supervisory technology and how important it is for regulatory bodies um and so on right and what what do you see coming out in future.
00:16:14
Speaker
yeah so I think ah if you talk in the context of the enterprises, we always talk about ah something which is helping them to compromise Regtech regulatory technology. But Regtech is more enterprise centric in nature, where you are helping to comply better through automated capabilities that you build together basically.
00:16:40
Speaker
ah But Data Security Council of India works at aggregate level. So we have members on across the industry vertical. We work with national security, machinery of the country. We engage on um a lot of those aggregate level work that happen in the country, especially in the context of security and privacy. right um What we see that ah most of the risks, be it cyber security or systematic financial risk as well, most of the risks require you to take this to aggregate level. Means it's not only what is happening in one bank or one organization, it's happening all across the bank. One part is that basically. And there could be some signals in one bank.
00:17:28
Speaker
which could be correlated with other bank. right And that will make sense for us to understand how systematically things could go wrong and what exactly is happening. So learning about those possible future problems could require you to think about ah correcting or probably not bringing these two contexts together and try to make sense out of it. So that's the aggregate level. Second part is like, if you have to observe, yeah it so there are ways, right so but until now regulators have been largely there are standards and expectations and requirements and they would probably ask, there are two ways for achieving those compliance. One is they will seek the information.
00:18:12
Speaker
Some nowadays in security, they are also asking them to report any breach or any weaknesses that all the nation are facing, especially the breaches incident basically. That's another thing. And third is so they would go audit. But audit would happen was in a year or once in a six months basically. But in between that period, in between the six months or one year, lot of things would happen in the average.
00:18:35
Speaker
So then regulators' ability to know how a particular regulated entity is performing with a standard objective. And that could be cyber security, but it could be financial, systematic responsibility for that matter. Many other social, mean nowadays we talk about ESG as well, environmental, social and governance perspective as well.
00:18:57
Speaker
ah All of these dimensions, so these are dimensions of observing or dimension of knowing the performance of the ah individual entities, maybe regular entities or supervised entities basically.
00:19:12
Speaker
and knowing their performance and then because all of them are contributing to a larger digital economy goal, larger goal of the country. And we have seen like in interconnected world, some risk it us some at some company, ah especially even it is in your country or other parts of the globe, because the entire ecosystem, and i especially in internet ecosystem, technology ecosystem is so interconnected.
00:19:40
Speaker
One thing, one problem could create larger global catastrophe as well. right It could be very specific to the sector, could be national economy and could be international economy as well. The financial crisis is of 2008 tells us how that has brought the recession to the world.
Risks of Interconnected Global Systems
00:19:56
Speaker
And that's why I think if you are able to take this same observability or such kind of capability at aggregate level and try to make sense of the sector, make sense of the BFSI sector, one is the bank and then another black man sector, make sense of the overall sectors together, make sense of the economy together.
00:20:16
Speaker
and even make sense of the global interconnect system together. Then probably ability of a supervisor will quite significantly improve in the downside, taking those early stages. Because in financial crisis of 2008, there are some people who are talking about this could happen.
00:20:33
Speaker
But there are a lot of evidences that you could see those evidences in different spread on across the other nations. So now things are going in a way that cash supervisor leverage this capability and create those kind of a competition capability to know things which could create a systematic risk to a sector, to economy or to international economy.
00:21:00
Speaker
there is very drastic sad This is very very interesting ah because that would be the right use of technology, ah what has been built right from both security and observability perspective. This is very interesting. ah Just moving towards the security side of thing, right that when we talk about security,
00:21:19
Speaker
It has so many different parts or use cases. It starts from endpoint security, server security, application security, ah vulnerability, ah security in terms of transactions and digital transactions and so on. ah um We see that some of the OEMs are trying to break in observability with application vulnerability.
00:21:43
Speaker
together to give a sort of unified view. ah We are also working with some of the customers where we are bringing in security from digital transaction perspective, right? We are also working with certain customers who have been asking us to do sort of ah integration with C.
00:22:02
Speaker
SIEM solution because we also receive logs ah which has lot of business context data ah from the transactions right and they are always looking for this information in more real time basis right. Similarly, there are FRM systems ah which we discussed right that fraud and risk management which are in line of the of the transaction, but they still need some more business context, ah even if the transaction has been ah successful, but you still want to flag that okay this transaction might have a been a fraud. hey ah With all this in mind, ah ah what type of use cases do you see ah from security perspective, ah which will benefit the enterprises when we are trying to combine these two technologies, observability and cybersecurity?
00:22:55
Speaker
So I think the these are important. So in our total encapsulate of security technology thinking that we have in the ACI. So we believe that you need enforcement site. You need enforcement at application level, data level, network level, cloud. Then you need messaging level like email for that matter.
00:23:23
Speaker
So there are, there are points where you need to take those security decisions and you need to take those in enforcement action basically. But, but in the, in the context of this multi-stage multi-vector, um, and, uh, the value Matt, which the scale and our last minute, we still sit back actor that we see, right? So you can't take decision at the data in a side.
00:23:50
Speaker
So you need to have those kind of intelligence available to you. And and that's what I i talk in my security and technology thinking encapsulate that the language of control is not changing that. Other thing we used to talk about control when we talk about security, so there are controls available. So that is changing largely from control to intelligence in action.
00:24:17
Speaker
Each of of the security decisions now needs to factor those intelligence needs to process those intelligence basically. And when it say when I say that means there are lot of history and there is a lot of current thing which is happening. So you need to understand historical ah behavior and that needs to be compared with what is happening now.
00:24:39
Speaker
So until now, each of the solution has now over the period of time they started, um and there are 600 different types of technologies when it comes to security. Each of them, each type of technology, I'm not talking about product, I'm talking about type of technology. Each type of technology is now improved in terms of consuming that intelligence and enriching their decision making.
00:25:01
Speaker
So, in the security technology discussion, we always talk about if the decisions are not enriched, there is no ah logical understanding behind the decision. There is no oh proper reasoning that you have given.
00:25:20
Speaker
ah to take that decision, and then that decision would like you to create a problem and the decision doesn't have the downstream and upstream context basically. You would find lot of challenges in the decision, whether it will lead to false negative, false positive rate. And then it will create some other, while solving more problems, it will create another problem. In fact, now generally everyone tells us that, right?
00:25:45
Speaker
There are so much of those token needs to be processed now ah to so to give answer to a particular small or single um English line that you're putting to 10BI capabilities. Same thing is in security. So now I'm saying that ah it has reached to some level, but observatory would bring larger, bigger context.
Intelligence in Security Decisions
00:26:08
Speaker
taking actions at network, you need a context of application, you need a context of network, you need a context of the messaging. So all of those contexts can be can be brought and ah can be looked at in terms of taking the decisions of, for example, at at data level ah data security itself. I'm just telling one example. We have almost six, seven different types of technology.
00:26:31
Speaker
data discovery, data intervention, digital dismanagement, data access, data access governance, data activity monitoring. Then um there are solutions which talks about ah data da c security platforms. All of these six, seven solutions are taking those enforcement actions, right? They need to end this. That's one part of it. Second part is once they take an enforcement action, they provide some ah data out of it a date once somebodyly out of it. So other side of solution can consume that data. And then the infrastructure perspective, you then overall farming perspective, they all that come to together. And this is a very big kind of a data science, machine learning, yeah operations are now generating is enriching that quite intensely.
00:27:17
Speaker
Yeah, so thank you so much, sir. This makes very, very lot of sense, right, in terms of where we can see some sort of convergence happening with observability and the context which it breaks in and the cybersecurity side of things. ah You just touched upon the AI, ML and GenAI.
00:27:38
Speaker
See Gerei has been around for over a year or two. i ah You are already working with so many cybersecurity startups as part of DSCI product outreach. ah Do you see any very eddy specific ah use cases somebody is working on?
00:27:56
Speaker
with JIRAI or the cyber security or observability or on the convergence of the two, which you can just talk about. Yeah, so in fact, we have set up a JIRAI use case stand-up on laboratory for various different, larger purposes that we support and also look at cyber security, what is happening. And we are seeing quite interesting oh There are a lot of startups that we as you know that we nurture. in server database and We are seeing how how those startups are ah basically now leveraging.
00:28:34
Speaker
Most of our AI projects until now, even in the cybersecurity side, had always been with a limited context. with organization data and they will process it and they will try to find it basically. But security as we have seen in interconnected ecosystem,
00:28:51
Speaker
other business and interconnection opinion at system level as well, a lot of interconnections are happening. So without um ah global understanding and proper reasoning, ah it will be difficult for you to take a very, ah the decision that you are confident of.
00:29:10
Speaker
So Genia is adding a lot of those things and more important contribution of Genia is, it is helping ah one important part is it is is bringing those in information should access it. It is bringing those information which matters for security access. It is also bringing interactivity as well. As for example, decision needs to be explained and decision needs to be ah So, you can ask question it you will you answer, why about your decision has been taken. So, the experiment brings to the table basically. It can, one of the important thing is ah it can
00:29:45
Speaker
um help you summarizing better. So we always have to struggle to summarize the thing and tell the board or a CEO cu what exactly we are talking about. So then they ah especially is helping you to summarize it better. And the moment there's a question to why you are saying this, it can immediately go down to that small nuances. So one is summarization and other is it can also help you to go to decompose level and tell you why you are saying this and that's why this summarize to this.
00:30:16
Speaker
But now we are also seeing that from now, this is what we we are achieving to Genia and this is how Genia is contributing to security technology thinking. But ah many things which which would probably require for security and Genia probably oppose this capability and observability Genia could really play a very important role.
00:30:37
Speaker
is the hence for the Henceforth, things would be a complex goal that needs to be achieved. and security is maybe We talk about orchestration as one of the important things. So many small, small nuances that need to be taken care of in a way that they are all synthesized.
00:30:57
Speaker
to take that particular action. like And this is the orchestration of so many different things. This is a complex goal that you need to achieve. And that complex goal, if you have to automate it, then for each of that small task that you are proposing to work, executing basically, right and all that together provides you a benefit at a larger level. you need to you You need to have this entire context of the organization available for each of the small nuances.
00:31:26
Speaker
Also at an aggregate level, all those models will get processed and then you are orchestrated. So at an orchestrated level as well, you know how to introduce and then it will help you to expand better. what did it So this is this has a very important critical play in terms of how security will behave from now. And increasingly because of this capability of observability and Genya now increasing, increasingly there will be more trust on this way of doing security rather than an individual making judgment about security.
00:31:58
Speaker
very true sir that trust is something which we were calling it as a new digital currency for enterprises who are ah basically servicing their customer through digital channels and the trust which is a reason trust status can be explained first that can be summarized better can be decomposed better so first if you it can do that then then I believe people would start believing ah this way. So one of the key parts we talk about in security is quantification of risk and that computational element would be very important from the taking decisions of lower investment or higher investment.
00:32:48
Speaker
Very true sir. Two points which basically you talked about which we are also doing certain beta trials now on Gen AI is explainability. Like how do I explain this so much of complex interconnected health and performance data
Role of Gen AI in Cybersecurity
00:33:05
Speaker
which we are receiving? How do we explain this to our end customer? It is recommendability.
00:33:10
Speaker
So, there is a problem which has happened, right? Now, what sort of recommendations we can provide to our user ah where they can go ahead and find the resolution, go ahead and find ways and means or steps to resolve a given problem. So, these are the two weird use cases we are also looking at ah from ZAI perspective.
00:33:33
Speaker
Yeah, and then ah mean that is any and one of the important ah a thing nowadays will be maturing is, so there's something called as a automated reasoning. like and And the reasoning at but reasoning requires at a various different level.
00:33:53
Speaker
Uh, uh, at the board, for example, if you look at the regulators requirement, by it means I ah sometimes, uh, to be really empathize with the board members nowadays, because one and they are required to have a new understanding of our threats that are impacting the organization. Other hand, they have to also approve the strategy, I.T. security, I.T. strategy of the organization.
00:34:17
Speaker
more attention rate ah is expanding and also getting more deeper in the nature. yeah How do you achieve that? way You are talking about depth, you are talking about breadth and you are also talking about overall strategic kind of thing. So, you need to explain it at a different level and that explanation um can't be a judgmental. delayed It has to be a reasoned explanation. And I think an observatory is very interesting in this because um Gen AI is generating those results, basically, those explanations, basically, those descriptions, basically. And and when Gen AI is largely global, planet-level processing of data is happening, basically.
00:35:10
Speaker
And if there are ways for you to augment that generation with what you have in the organization. Then that augmented generation from the context that you bring from the other nature would create a good sense. At any point in time, you can defend. One part is defend. Defend the machine that you have taken. Defend the particular operates that you followed. Another part is also demonstrate the compliance is better. So there is a demo stability in comes to the compliance.
00:35:46
Speaker
Very true. Very true. See, one of the other thing, what we have also realized, interestingly, as you said, right, that explainability could be at different levels, yeah could start from the board to the CIO, to the ID head, to the L1, L2, L3 folks, to the SRE. So different ways, what what how much of technical do how you need to bring in in that, how much of business part you need to bring in that exp explainability. And then we, in the,
00:36:15
Speaker
In the language skill, we talk about two types of the skill. One is the complexity browsing and which is very important to have critical thinking. So critical thinking is a very different nuances, attributes, attentions, dimensions, interdependencies that you need to understand that and you need to process that. And i'm for that, you need to have complexity browsing. If you are able to browse the complexity better.
00:36:45
Speaker
And then, when you how those capabilities, then ah whatever you decide, whatever operations that you follow, will be more reasoned, basically. So, in if I really talk, it comes up as fundamentals of how things as you are. There is a very interesting book of thinking, Pashtran's law of David Kahneman. So, the what what he talks about, there is a system 2 thinking, a system 1 thinking.
00:37:14
Speaker
System one thing is very intuitive in nature. maybe We per say we decide on something like more intuitive and may not be very reason. System two thinking is more delicate deliberate, more computational, more is done basically. It processes a lot of interest. So it can be fair as well. It can be ah it can be ah very empathetic as well basically. But for that in a time, right ah you you need time to process all of these things and compute all of these things. they And then then If you empower your system one thinking, intuitive thinking with this, and but there was always this two different thinking. A particular moment you have to respond now and you respond with whatever intuition that comes to your mind basically. yeah But same same response if you compete well, analyze well, browse it well basically.
00:38:04
Speaker
Then the intuitive decisions could be very well, but now with observability, you give all of those perspective context and with Geniad, you can process that as short as possible time. So your system one thinking, intuitive thinking can be significantly enhanced with these kind of abilities.
00:38:22
Speaker
This is very, very well put, sir. ah Thank you so much. ah I wanted to ask you something about DSCI. As part of DSCI, you run a lot of initiatives, right?
DSCI's Initiatives for Cybersecurity Innovation and Research
00:38:33
Speaker
And I was really very impressed when I visited you ah your office last year. And Teja also showed me Hardware Security Lab, and Gen AI Lab, and other labs which you basically are building up internally.
00:38:47
Speaker
Can you share some of the exciting initiatives which you are running currently? Apart from our contribution to national cybersecurity policy strategy, we also work with the user industry of the country, most of the banks, most of the energy company, most of the power sector of the national health sector manufacturing company now is written.
00:39:08
Speaker
and so many such kind of industry. eight And that helps us to understand how things are working in the user industry. ah We understand public policy and strategy better because we work with government. And thirdly, we also engage with the provider until now services. But last 10 years of time, we have been also focusing our attention to the product companies.
00:39:30
Speaker
And when we started looking at these 10-12 years back, there were only a handful of companies, but we are seeing now almost 350 plus product companies in India in cybersecurity space. they are solving problems at various levels. Somebody is building dams, somebody is building At once, one way detection somebody is trying to solve a hardware security level problem, somebody is building application security, kind of a capability, somebody is setting up the security operations capability, right? At a very different level, the companies are working basically, right? And then since 2019, well, government of India, I mean, it's one of my team had supported us to set up this national effort for security, software research and entrepreneurship basically.
00:40:14
Speaker
Because we also believe that a lot of interesting research work happening in the academic world and research institutions level. So we try to clearly look at that and try to see whether some of that can be productized. Some of the industry's cases can be going to the researcher because security is such a deep technology ah domain. Deep tech is complex and security is more complex so part of our deep tech basically. It requires research intervention. So we try to bring the researcher community closer to security innovators basically.
00:40:42
Speaker
and then aired this all to help some of the work that we do with the user industry. They try to look at future of security. What is going happen to happen in 3D? We also try to focus our attention to the future, what how things will be one in future.
00:40:57
Speaker
We also work with the ah security multi defense agencies on a strategic critical technology. So we have a specific initiative again supported by government. and that and We have set up a own portal to have a new understanding other of countries capability in different technology areas. It's not only cyber security.
00:41:16
Speaker
We look at AI, we look at IoT, we look at expertise, we look at AI, we look at Quantum, we look at all of these things. So all of these things together that we try to and not to bottom up understanding. We understand accurately, we try to understand in a way that we have bottom up and top down understanding to the table.
00:41:36
Speaker
No, this is fantastic, sir. I mean, I have seen the impact of the work DSCI and you and team has been doing on ground. Right. Thank you so much for your time. but like Really appreciate it. Any engaging conversation. Thank you so much. Thank you. Thank you, Bharat. I hope you enjoyed my conversation with Mr. Vinayak today. You can learn more about him and DSCI at www.dsci.in.
00:42:05
Speaker
If you like today's episode, please share it with others who would like to listen to observability talk. For more information about unit systems, please log into www.unitsystems.com.