Getting the Next Generation Industry Ready for a Future in Cybersecurity | EP 104

Show Notes

Students chasing certifications. AI is advancing at a faster rate than the curriculum. Entry-level roles demanding 5 years of experience. Organizations are unsure how to onboard junior talent. And a cybersecurity landscape expanding into psychology, forensics, OT, IAM, and beyond.

This conversation with Tejas Shroff, Senior Director of Managed Security Services at NTT DATA and Adjunct Professor at UT Dallas, digs into what the next generation truly needs to thrive in cybersecurity—and what leaders must rethink to prepare them.

We talk about AI as a double-edged sword, the real meaning of “innovation” for early-career professionals, why mentorship still matters, why students shouldn’t chase a rainbow of certifications, and how companies can safely bring in junior talent without putting production at risk.

Key Discussion Points

00:00 – Setting the stage: who Tejas is and why the next-gen conversation matters

03:08 – How AI is reshaping cybersecurity careers

06:25 – Students relying too heavily on AI for learning

09:10 – Will AI replace Tier 1 SOC analysts?

12:45 – How early-career professionals can “innovate” themselves

15:28 – Cybersecurity as the broadest career spectrum in IT

17:45 – Where psychology, philosophy & forensics fit into cyber

20:40 – The fastest-growing areas in cybersecurity

23:20 – Why depth is greater than breadth early in your career

25:15 – Mentorship: the missing link for young professionals

28:05 – How early exposure (CyberPatriot, Scouts, etc.) shapes careers

32:20 – The certification overload problem

36:10 – AI + immigration limits: can AI fill the skills gap?

40:15 – Why junior talent struggles to get hired

44:00 – Using Zero Trust + automation to safely onboard beginners

46:10 – “AI bot mentors” for junior analysts

47:50 – What teaching real-world cyber consulting looks like

50:40 – Academia vs reality — are universities keeping up?

54:20 – Where IAM is heading next

58:00 – How fresh perspectives strengthen veteran teams

1:00:45 – Switching gears: Tejas’ childhood & moving from Mumbai to Dallas

1:05:10 – Life in Dallas then vs now

1:08:15 – Advice for anyone entering cybersecurity today

1:11:40 – Where to find Tejas

1:13:30 – Closing thoughts

If you care about workforce development, future-proofing careers, or creating more intentional pathways into cyber, this one will hit home.

Don’t forget to:

👍 Like if you want to empower the next generation of cyber professionals

🔔 Subscribe for more human-first cybersecurity conversations

💬 Share your biggest insight from this episode

🔗 Pass it along to someone exploring a path in cybersecurity

#CybersecurityCareers #FutureOfCyber #AICybersecurity #NextGenTalent #CyberEducation #IdentityAccessManagement #PublicSectorCyber #CyberWorkforce #MentorshipMatters #TechLeadership #CybersecurityPodcast #MusingsFromTheCyberTrench

Responsible for ICAM, Zero Trust, or identity security in a federal agency, prime, or large regulated enterprise?

If you’re trying to move from strategy to execution, start with Zephon’s Zero Trust Readiness Assessment: zephon.tech/zt

Questions or guest ideas? Email defend@zephon.tech

Transcript

SPEAKER_01 0:42

Hello, everybody. Welcome to another episode of Usings from the Cyber Trans. My guest today is a senior director of managed security services and practice at NTT data. He is also an agent professor at the University of Texas at Dallas, where he teaches various cybersecurity courses at the School of Management. He's also a board member of the North Texas Infragon chapter. He serves on the advisory board of the Columbia College and is a faculty sponsor for the UTT Cyber Security Club. Whether everybody please lead my guest, Ajax Shiroff. Welcome to the musings from the Cyber Trans Agency.

SPEAKER_02 1:30

Thank you very much, Vishang.

SPEAKER_01 1:32

Yes, it's absolutely my pleasure, Tejas. So today we are going to talk about getting the next generation ready for a future in cybersecurity. And that's a topic very near and dear to you. Almost every day, the whole day, you hear about uh AI, AI, and more AI. How is AI shaping the career path for those seeking to venture into cybersecurity?

SPEAKER_02 2:15

So as compared to other things, AI is kind of a double-edged sword, right? For cybersecurity. And what I mean by that is AI can be very helpful. AI is supposed to make your life easier, they can take over a lot of routine tasks and everything. But in case of cybersecurity, AI can also be hurtful because AI, if it is used by the bad actors, then they can develop things much faster, much more sophisticated manner. They can do things like deep fakes. So wherever AI can be, a lot of good use cases that we can use as AI for the rest of the IT world or rest of the uh world where we can use. In case of cyber, it's like if you take AI and train it to be the wrong thing, you show that this is the right thing, then AI will go and it can cause a lot of havoc. So that's why it is important that people understand when you talk about AI, you're just not jumping on and saying, let's do AI, but you have to be careful about what AI can do to cybersecurity.

SPEAKER_01 3:40

I'm sure so for uh for uh young students who want to venture into cybersecurity, you would say that they should absolutely make sure that uh AI is part of the learning.

SPEAKER_02 4:00

AI should definitely be part of the learning, but um AI should not be the primary uh primary way of learning, and what I mean by that is um you should use AI, and and this not just applies purely to cyber, but I would say in general to young students, a lot of times they start resorting to the chat GPTs or the other tools to try and find the answer. I would say use that, but that should be more of a validation approach as compared to the primary approach. Because since AI makes the life easier, sometimes students, when they are in a rush, they try to resort to that option, and you do not validate the thing that was produced by AI, right? Because AI ended up creating things for you, but that may be something which was not validated, so you go ahead and submit your work as your original work without seeing that what AI has done for you.

SPEAKER_01 5:05

Understood. So that is in terms of make uh them going through school, but in terms of like preparing for a career, you know, there is a lot of uh uh noise in our industry that AI is gonna take take away the uh the tier one SOC uh SOC uh analyst job. You know, do you do you see that happening?

SPEAKER_02 5:36

I I do see that happening to an extent, but um see, which is means AI has it means all these people are right now jumping that AI AI, right? But AI has been around for the last 40-50 years. It's not like AI has just come, people have just started recognizing the power of AI right now, right? So who has been training the AI models all these years? It's the humans. So tier one job would be going to AI, but that means people have to innovate themselves so that they stay ahead of AI to an extent. At the end of the day, AI can help you augment. Now, what does AI specialize in? AI specializes in repetitive jobs, right? Something which you can take over, standardize and templatize and say, okay, this is what you want to do. That's what happened in manufacturing years back, right? The automated bots and all took over in a factory which was human-based, where people could go in and bots would take care of assembly line. What was that? I mean, we use the word bots and all, but that was technically what that's what AI is doing. They are doing in the IT world, they're going in and taking over some of the routine tasks. Now, in the world of cybersecurity, we all know, right? For a shock, not all the errors are going to be the same. So AI will take over some of the tasks, but at the end of the day, you're still going to need humans. So I would say AI, instead of looking at AI is going to take over your jobs, you look at that AI is going to augment your job, you're going to possibly do more value-added stuff. And for that reason, people need to innovate themselves. If they don't innovate, then yes, chances are their jobs will get marginalized because they are not staying up. But that happened with everything, right? When the internet came in, uh, a lot of people who are doing manual work, their job was taken away. If people were before the spreadsheets came on, people who are writing down things, their jobs. So it's not different in any other way. AI will definitely take over some jobs, but at the same time, that will help you create more jobs because more AI, more humans are going to be needed. Now, will they be doing the same thing? I don't think we are living in a world where you continue to do the same thing for more than two years or three years, right? The the repetitive aspect of the minute the task becomes repetitive, it needs to be automated.

SPEAKER_01 8:19

That's a good point. That's a good point. So, like, how would you uh envision students and people generally in our industry innovate themselves?

SPEAKER_02 8:33

So I would go with say cybersecurity. In case of cybersecurity, cybersecurity technically paints the broadest brush when it comes to the career-wise. Means show me one other industry where a highly technical guy can be doing the hacking, penetration, testing, writing software. And on the other side of the spectrum, you could have a person who's basically doing like an English major, but that English major guy might be writing policies which are understood by the technical guys, because uh you don't want a technical guy writing policies, right? Otherwise, that will come out. We all know what technical guys' yeah capabilities are. So you want the policy guys talking to, you want somebody writing GRC, somebody writing controls. Those so no other IT uh stream allows the not so technical guys to work on so much of the technical stuff by doing policy writing, by doing GRC controls, by doing compliance activities. So that's why I say that cybersecurity allows you to have a full platter. You could actually have a highly good technical guy, or you could even have on the other side, you could have a very uh process-oriented person, and both of them will work together. And and that's the reason cyber is a unique field.

SPEAKER_01 10:05

I like how you mentioned that cybersecurity pains pains uh uh uh broad brush. So you mentioned uh uh English majors writing policies, uh technical people doing their technical job. Do you see uh more uh more uh involvement from people who are doing like philosophy or psychology? Do you see a future where we can fit?

SPEAKER_02 10:36

So so within forensics, we have the forensic psychology, we have uh uh there are lots of forensic aspects, like there are forensic accounting. So if you look at the field of forensics, right? What does when you talk about the forensics, what does it come to your mind? The those yellow tapes with the word caution written over it and the CSI and all that. But uh I'm teaching uh digital forensics class, so I know that when you talk about forensics, to me, what comes to my mind is how do I get in, how do I look at the malware, how do I look at the analyze, but the same way there's forensic accounting, there's forensic psychology, these these are the various fields, and I know of a lot of people who are spending and making their careers in the fields of forensic psychology, and so FBI has been big into promoting all of those things too, because FBI has set up the modern 25 regional uh forensics labs where they do hire some of these skills, so so absolutely those fields, psychology, um, philosophy again, philosophy is needed, but the philosophy is more there is no direct job which we truly translate into philosophy. It's more like you could be a philosopher, but your your day job could be different, right? So, but psychology, I can definitely see more. I can see the uh mapping for the accounting guys, audit is another area where all these skills are going to see a lot of cybersecurity activity. IT audit, cyber audit, means we all know the need for audit is increasing by the day. Need for compliance is increasing by the day.

SPEAKER_01 12:28

Okay. So um where do you see in the next say five years, which area within cyber security do you see having the most growth?

SPEAKER_02 12:42

I would say I would say it's a moving target. It also comes down to the skills, but at the same time, what I would say is a lot of times, say within the world of CISSP, right? We have eight different domains, but which which go from various ends of the spectrum. What I would suggest to the the next generation is they need to identify, means if you don't like software programming, then don't try and become one if that's not your area, because somebody else is doing it. Try and stay close to what you're yes, sometimes for the young generation, it also depends on the first job which they get, right? A lot of times the first job which they get, and if they are in that job for a couple of years, that will determine what their next career is going to be, right? So then you'll continue working on that. But what I would suggest is if you are given a choice, then try to pick the area which you like, and don't try and go to cover all the different areas. Try and pick one or two areas and try and build your career there. So, especially when you're starting new, you should always hope to try to achieve depth in one area, and as you start building years of experience, you can start compromising some of the depth for breadth. That's when you start becoming more of a journalist, but you start your career as a specialist going into one area that if you're a GRC guy, go and do GRC. If you're an application security person, do that. Just stay on that one area instead of going all over the place.

SPEAKER_01 14:24

Then how would they know which area they would like if they haven't tried it yet?

SPEAKER_02 14:32

So that that is where I strongly suggest the young generation they need to reach out and seek mentors. I mean, when when I see the young generation jumping on LinkedIn, connecting to people, and the next thing you know is, do you have a job for me? And if the answer you get is maybe maybe not, then they don't indulge you and have a further discussion. Yeah, so instead, what they should be focusing on is uh try to get some mentors, right? When you have the mentors, you're basically trying to understand, they can help. Um, and you can't expect that mentors are going to have time for you immediately, right? So you have to try and seek out the mentors, and that will help you understand the landscape better. Somebody has spent 25 years in an industry. If you are coming in new, then you're you have to be a seeker, right? When you're a seeker, you have to ask questions, be prepared to you'll always not get the answer which you're looking for. Like, if that is the thing which I'm seeing sometimes, some students who are on such a fast track, like I want this and I want this now. You need to slow down, seek if you want to build a career. Now, if your goal is to work for a few years, make some money, get out, obviously, you can be driving in the fast lane, right? We like like it's a simple thing as driving a car when you start learning, and on the first day you want to go in the leftmost lane to drive, and then if you get hit because the leftmost lane, people are going fast. So you you have to be confident, then you move from the rightmost to the middle lane to the leftmost, and that's how you learn. So when you start your journey, you start in the rightmost lane. Make sure the guy who's teaching you is feeling comfortable for you to move to the next lane, right? That's that's how you need to approach it. Yes, the times have changed, but some of the things still remain old school. So I would suggest the young generation needs. When now the advantages, there's so many programs, right? There's a program like Cyberpatriot, which is Air Force funded, US Air Force funded, and middle school have the competitions in all. Like my son himself went to the Cyberpatriot, he learned some of the things which I had not even knew they existed. And they went at the national level, likewise, the high school programs, uh, something like Boy Scouts, and my daughter was a World Scout, so I've seen both. They both Boy Scouts is just starting uh merit badges on artificial intelligence and cybersecurity. So everyone is recognizing that cybersecurity and AI are here to stay. They are going to be the careers of tomorrow, right? So at the grassroot level, there are lots of programs which are coming out. Even veterans who spent 20 years in the military, in the air force, in the Navy. There are advertisements that they are getting jobs in the command centers, etc. So they have an opportunity to re reinvigorate their careers. So there are the good thing is there are lots of lots of options available. So sometimes it's like killing a candy shop, right? When you see too many options, cybersecurity possibly has the highest number of certifications. Now, every time my students come to me saying, What do I do the certification? and I tell them, stop, because sometimes some of them are rushing to do security plus certifications. And I tell them, guys, you're working on your master's in cybersecurity. If security plus is your destination that you're targeting, then you are competing with the wrong set of people. With masters in cybersecurity, you have already crossed those things, right? So I'm not saying don't do certifications, I'm not gonna say that, but at the same time, be selective, don't jump and take any certifications, and then it looks like you have a you have a rainbow on your plate that different colors looking different certification, one cloud certification, one application certification. Uh, because students are very good when it comes to uh memorizing things and clearing the test, right? So passing the certification is not difficult, but each of your certifications costs $500, $600, $700. So is it really worth it? Or should you spend your time, maybe get access to some labs, probably learn those skills because certification doesn't guarantee that you know your stuff, right? Yes, you know you can pass the stuff, but I'd rather have you learn more, spend some time, and actually that can help you more in your career. Again, that's my advice.

SPEAKER_01 19:48

So for everyone listening to this at home, especially kids in school, if you can check out Cyber Patriot program, please do so. And if your boy scout programs have any programs on uh AI or cybersecurity, it's worth checking them out. And like I was uh and like my guest is mentioned, patience is still a virtue if you are playing uh if you are playing the long term long-term game, you have a long-term mindset. So uh you mentioned there may be some impact on the job market, people might move to a certain area based on on the uh uh the growth of uh so in the current climate that we have right now, you know uh with AI rising up and uh in terms of what it can do, and the government trying to put a tap on the flow of people on uh S on D. You see uh uh is AI kind of compensating for the supposed shortage of people we have in the c in the cybersecurity space, or you don't see uh shortage of people or they both run hand in hand.

SPEAKER_02 21:24

You know, I would say AI will help to an extent, but if the work that these people, um the temporary workers or H1Bs as we call them, doing the work, if that can be completely offset by AI, people would have done that long long back. Right? Because automation has been on everyone's mind for some time. Now it's the other way around, their hands are tied and they will have to do that. AI can do a lot of Things, but AI can do a lot of things as long as they are well defined and well repetitive. Once you train a machine to do something, you need to have enough data to say that there is a pattern that you can go after. Sometimes like I just laugh. I sometimes tell people training an AI model is like training a dog. If you're training a dog and you give them the wrong person and say this is the right person, and vice versa, then dogs is not going to make that determination that what I've been trained on is not the right thing. It is going to go and go after the person who you said is the wrong person. So it means it's oversimplification, but what I'm trying to that we we sometimes uh start thinking, but who's training AI? At the end of the day, AI is still trained by humans, right? So uh that's why it is critical. We are away from the time when AI will self-learn and self-automate, right? Now it is more into the calibration, it automates based on the data it receives. But for instance, a SOC, if somebody enters, um goes and enters that wrong thing saying this was a particular type of error instead of the other type of error, then it's going to go into the um the wrong data. AI will definitely help in the world of cybersecurity because it has to parse through a lot of different uh data files. So, what we all know, right, finding the right thing in a SOC logs is like finding a needle in a haystack. We need to know where the problem lies so that we can go after a particular narrowed-down area to go ahead and say that okay, this is what we need to do. So AI will definitely help, but both AI and cybersecurity are moving targets. So you need to make sure where cyber is moving and where AI is moving, you're kind of continuously staying on top of each other to make the most of it. Otherwise, one or two mistakes, and then, like we all know, like when Chat GPT, the earlier version came out, right? A lot of the data was uh frozen in time, so there were there were issues, right? We've all seen sometimes even things what happened with the automated driving cars with Tesla or even the Waymo where it had to fall through the curve, etc. means I'm not saying these are still the new days of doing things with, but we are one mistake away from people going and taking three steps back. So, and now the biggest problem which is coming into the world of cybersecurity is no longer your data and all that is there, but the most important part where the impacts are coming is going to be in the world of OT, right? The operational technology, where the critical infrastructure, right? So if something goes wrong in a critical infrastructure, we know the kind of um problems it can cause, right? Yeah, not bigger than you losing your credit card information, right? Somebody swinging you for a credit card versus somebody getting some weapons deployed on its own. So the impact is humongous. So that's the reason we need to know the ransomware attacks, which happened, the the crippling thing which happened with the colonial pipeline, right? Or you've seen a lot of states, a lot of uh public agencies also have been subject to these things. So uh it is critical AI can help, AI is helping in the world of ransomware, but again, it is still uh peripheral, it is still superficial to an extent, it's not there in the mainstream, at least not everyone has taken it to the mainstream. These days, every everyone has a new AI startup, right? But but if you come back after two years, some of those startups are instead of building a product, they are window dressing, so they can be uh absorbed by one of the big companies, right? And it's a part of business decision, I'm not denying that, but at the same time, that's where people are not going to the end-to-end life cycle, no one's going and building the product, they go up to step four or five, they expect to be bought, right? So basically, their exit strategy is very clear, and and that is also happening. Some of the things with the the current generation as well. They're looking at okay, the saturation point is coming a lot faster, and and that's what needs to stop. If something like this, something like cybersecurity, which is very integral, which is very core part of your day-to-day lives, then you need to continue into that journey.

SPEAKER_01 27:36

So, like uh you have your eye uh you have your ear to the ground in this field, right? So, do you think there's a there is a shortage of people in our field?

SPEAKER_02 27:52

There is there is a lot of shortage of people in our field, but again, what I'm seeing is and I've seen some of the jobs, or some of my students have come and see uh asked me for uh recommendations on particular jobs and all, and I see that uh the entry-level jobs people advertise as five years experience, eight years experience, and I'm like, how is this entry level? But then if you look at it from the company's point of view, they are also apprehensive that somebody has only done academic projects, and if you have them work on straight onto a production environment, we all know the problems they can cause, right? One mistake, and and if they go and just say expose a server or something, or if they expose a pro uh share a credential, I mean we all know there's enough data available on uh dark web, right? So all these exchanges, people have a tendency of sharing data and all that gets replicated onto dark web, which can be very, very dangerous. So I think I strongly feel that if somebody is doing that, they need to be taught the basic etiquettes of what to share, what not to share.

SPEAKER_01 29:11

So you think uh companies being apprehensive of uh people dealing with low or no actual experience is causing us to not hire us.

SPEAKER_02 29:28

I I would say companies also are in a set of dilemma or quandary, right? Because when you look at it, they also have uh to lower their costs sometimes. So they get the the freshers, but the freshers sometimes are not ready for prime time, they have not been uh exposed and they are straight away thrust into the mainstream, like kind of the example I gave you for the driving thing, right? If you're learning and on the second day, if you are asked to drive in the first lane, then obviously you're gonna be reluctant. You might make mistakes, and we all know that the mistakes they'll make in the first lane versus the mistakes they'll make in the last lane, which one can be more fatal, which can be more dangerous, right? So so when the the younger kids who've not had enough exposure, they are to say work on a particular shift, like a night shift, or if they are working suddenly in a production environment and doing the changes, we all know that make a change management is a process which needs to be learned, and somebody uh goes through the hurdles to learn that process, but you suddenly on the first weekend you're asked to make a change, you probably are not exposed to that. So it's a it's a catch-22 situation that businesses they need to get younger people obviously to stay profitable, but on the other side, there's also the flip side where they are possibly brought in way too early. So it's good it's the changing times, it's the shortage of resources, and sometimes you just bring in people who said, Okay, I've done this stuff now. Actually, have they done this stuff or have they seen this stuff? When they've seen this stuff, it's different than doing the stuff. It's right, you you go to a swimming pool and you see somebody is running, is swimming the laps, versus you sit outside the pool and you say, Okay, this is easy, I can also do that. Yeah, but once you get into the water, you know how difficult it can get. You need stamina, you need uh technique, everything. Likewise, once you are seen it, once you've been shadowing somebody, it's easy. But once you're in the driver's seat, it's difficult. So there is a shortage, but it needs to be addressed in the right way.

SPEAKER_01 32:04

From uh my personal my personal uh experience, what I've seen, you know, if you if you have the right uh uh the right uh uh preventative controls, you have AI, uh you have uh you have uh automation, you can bring in junior people or two or new people into the field and uh give them a slight free hand as long as we follow the whole principle uh of zero trust. We can contain what they are doing and we can also monitor and proactively prevent any mishaps. You think that would be a possibility uh or like a scenario where we can bring in more people into the job uh into the field and also have them train?

SPEAKER_02 33:01

That's what I mean. Absolutely. I think what you brought up is a great point. You can do that. I think what they probably need to do is maybe the companies need to start putting in more uh segregation of duties, right? You bring in junior people, you give them some tasks, but don't give them full autonomy till they are ready, right? Give them some tasks, bring two people in, they can do some tasks, and then you can be the with the experience, you can be the one who can be validating okay, this is good, this is good, let's move forward, right? You have to get junior people in, that's the only way to go, right? But yes, bring them in, but bring them in in a way that they are not suddenly in the middle of full action, right?

SPEAKER_01 33:44

So uh while we were discussing this, you know, and you were mentioning about uh mentorship, a crazy idea came to your mind, you know, like uh companies could have their own uh like AI port mentors for junior people. So as they're doing their job, they can ask questions, they can get uh guidance and the advice on what to do, how to do things in like a QA, like a friend that's like a bot friend it can happen.

SPEAKER_02 34:20

Yeah, that's it that's a very good idea, and yeah, that can definitely help.

SPEAKER_01 34:25

So uh Tesla, like you are also leading the IM practice at uh at uh entity data. How is that experience from the real world helping you teach students better?

SPEAKER_02 34:41

It is very relevant because um sometimes what gives me a differentiator, I won't say an edge, but I'll say what gives me a differentiator when I teach is I know what actually the things are needed in the industry. Uh, with due regards to the pure academics, sometimes you teach expecting industry will follow this. I teach what industry wants and I try to take it because I'm teaching a class right now on digital consulting practices, right? So when I'm teaching that class, what I look at it is what I've been a consultant before myself, I've been in front of the clients, right? I know what a consulting typically expects, right? So it means a lot of people start thinking okay, consulting is all about traveling, consulting is all about getting the points and having that thing, but at the same time, how you blend it into your day-to-day life and with your weekly uh travel to the client side when you are by yourself or when you are actually getting in, you are expected to be somebody who can be the advisor, right? So so so those are the things I would say that with industry experience, it only helps because you're no longer now taking just the consulting practices and you're talking about it. You actually can adapt and see how those practices are made into a reality when you are actually doing the consulting. So it definitely helps, same thing with IAM stuff, right? I also teach a course on IAM, so where I know uh and I'm able to bring in some good industry experts to talk to my class because of the network that I've probably built when I'm in the industry, right? So I students actually get to hear from the people who are working from the whose who of the IAM space, or at least the whose who company of the IAM space, they get to hear from them, they know how how things are headed. Um they they feel confident because now they are no longer seeing that what they are learning in a course, but now they are seeing it, it gets the fruition outside of the college.

SPEAKER_01 37:07

Have you seen scenarios where uh what students are being taught doesn't really match with what is being followed by the uh the industry?

SPEAKER_02 37:25

I won't say that is changing quite quickly because even a lot of the the pure academia professors as well are adapting themselves very well and they are working actively with industry. Everyone's realizing the fact that what needs to be taught because, for instance, I'll always use the word, right? I mean, earlier back in the days, you would build your uh mathematical models by saying that uh one thing is a variable and everything else is a constant. Once you go into the industry, you realize nothing is a constant, it's all variables, and those variables change very quickly. So when you're dealing with that kind of uncertainties, right, you have to be agile, one, you have to be adaptive, and more so in the world of security, right? Means all these days you are you're fine, but one breach, and all of a sudden you are vulnerable, right? These days everything gets published out into the social media and other places, so automatically now people know about it that you've been breached. So you have to make those adjustments, and if you got breached, doesn't mean it's the end of the world for you, right? Sometimes it happens, so you have to just make sure you've taken corrective actions, and that's why when you mentioned also about the preventive controls, right? That is very critical because when you do preventive stuff, you are no longer doing on the reactive stuff or connective stuff.

SPEAKER_01 39:07

Absolutely. From the IM uh point of view, where do you see the uh industry as a whole is uh uh is heading?

SPEAKER_02 39:23

Even if you just look at the last few years, right? There's been a lot of focus on the non-human identities, for instance. Because uh earlier a company like CyberApp, which is uh one of the industry leaders in the IAM space, um they were the ones who had given a number of 45 to 1 when it comes to 45 non-human identities to one. Right now, they themselves are quoting a number of 80 to 90 non-human identities to a single human identity. So the magnitude is huge. Um, another thing, the whole concept of identity fabric is coming out of right. So, identity and access management I've seen has changed quite a bit, it's evolved quite a bit. A lot of companies are now entering each other's space. We are almost seeing the 90s world of ERP where every company had their one special sweet spot, and then they started like SAP was the master of manufacturing, PeopleSoft was HR, Oracle was financials, and then they all started developing other models, modules. So, same way we are seeing CyberAc was a privileged access management company, and Sale Mont and Savior were the IGA companies, and Okta was more into access management. Now each one is entering the other person's space, and there are unified solutions which are offered, there are light solutions which are coming out. Everyone is realizing that identity and access management could be that beast. Not everyone has the scales or the skills to support that. So people are going for the lightweight version, kind of land and expand model, the pay as you vote model. So all those models are now coming in. So obviously, these are the signs of even uh times that we are in, right? Because right now everyone's looking at the dollars to make sure do I really need to spend this? And if you do, then yes, you take a look and say, okay, what do I need to do so that I won't be flagged by audit. First, let me protect my house, right? Protect the house is in terms of where will I not be assessed any uh penalties, where can I lower my risk. So there are uh companies which are actually helping you cut down that, and that's where I absolutely see the younger generation can come in, they can bring their fresh ideas, fresh mindset, and do this activity.

SPEAKER_01 42:08

Yep. Yeah, I think once like I think if you are in the industry for 20 years, you know, unless you uh like to actively spend time to read, we get set in our uh in our ways. Yeah, and it's always good to be to get a fresh fresh uh perspective. Personally for me, uh in that area, uh uh AI has been a big help actually. Because it it comes with some ideas that I didn't think that uh it could be done that way.

SPEAKER_02 42:48

Absolutely. So yeah, like like I said, right? AI is a great tool. It's up to us how we use it. Sometimes we are not fulfilling the full promise, sometimes we're just keeping it so that it can do the jobs, but yeah, AI needs to be brought in to do more strategic things.

SPEAKER_01 43:12

So let's change gears a bit, like uh let's get to know you better. So uh share some share a share something about your childhood, uh, where did you grow up and so on?

SPEAKER_02 43:25

I grew up in Mumbai, India. Yeah, I've been in Dallas for 30 years now. So yeah, it means uh actually I'm one of those few who actually saw Dallas Cowboys win a championship, so they're they're not so so if you look at it, it's it's it's not a myth. They have really won something in the past. And they used to be the team of Americas, and they're still the team of Americas, if uh you believe some of the richest team in the world. So absolutely. Absolutely. So yes, it has been a journey coming in from Mumbai to Texas. But yeah, one still call both of them home.

SPEAKER_01 44:10

And so would you say you that you are a Dallas Cowboys fan?

SPEAKER_02 44:17

I still am. I'm I'm still a Dallas Cowboys fan. Am I that much of a fan what I used to be? Maybe not. But yeah.

SPEAKER_01 44:29

I would say you are very uh you are very persistent in your hope.

SPEAKER_02 44:37

I think what I've learned is now it's too late to switch loyalties. So I'll just stay and maybe hope for a miracle here.

SPEAKER_01 44:44

Okay. Okay. So uh uh uh do you have any siblings?

SPEAKER_02 44:50

I do. I have a sister who lives in the New York area.

SPEAKER_01 44:56

Yeah. How was it growing up in Mumbai and coming over here?

SPEAKER_02 45:02

I think it's it's compared to a lot of other Indian cities, I would say transitioning from Mumbai is always going to be easier. One, you're you're anyways, you're living in a lot of cosmopolitan type of setup. So you transition from Mumbai to here, it's always easy. My problem was I'd never lived outside of home. So it's like even your college and everything, you know, still from home, so that that sheltered, pampered um lifestyle to suddenly on your own is always going to be difficult. Fortunately, I had one year I had a lot of friends from my college who were here. So obviously that transition became easier. But yeah, it it was still a challenge initially.

SPEAKER_01 45:55

So you move here for uh for college or for a job? Okay. You have been in Dallas for 30 years, you must have seen a lot change.

SPEAKER_02 46:07

A lot of these highways need to have a stone or a brick in mining because uh they were not existing when I show.

SPEAKER_01 46:17

So uh if I if I recall correctly, that Dallas at that time was very different than what it is right now.

SPEAKER_02 46:25

It was not as uh it was not as uh I I would say I would say the pre-COVID Dallas was still different than what it is now. Dallas has seen a lot of activity post-COVID when there was a lot of influx of people coming in from East Coast and West Coast. Austin, Houston, San Antonio, everyone kind of gained because then all of a sudden you have um a state which gives you good um good um primary education, college education, K through 12, good colleges, and then you also have your own space. So a lot of people decided to leave their East Coast and West Coast Comfort to move to Texas.

SPEAKER_01 47:37

I've seen a lot of people are also now actually moving back to California, at least strong cities, uh like Austin. You know, because Austin kind of grew too fast.

SPEAKER_02 47:49

Indeed. Austin reminds me technically of Bangladesh, right? Meaning meaning this city means city like Mumbai where I grew up is a city if you continue to grow, you can just it's a linear city, so you can actually expand a couple of uh more suburbs out and you can continue to grow. Well, Austin was a lot more centered around um some core areas, so that's why yeah, the other areas still continue be to be the suburb. Like if you look at Dallas, the whole action is not centered around one particular like the downtown is not where whole action is. You have the plain of Frisco as its own thing, Irving Coppel has its own thing, Arlington, Fort Worth, each are their own hubs. While Austin, a lot of it was centered around the Austin downtown area. Nowhere else did you see that kind of um buzzing activity, right? So that's why okay.

SPEAKER_01 49:03

So uh this is uh I really enjoyed our uh our uh conversation uh uh today pages. So tell us how people can reach you and please share your contact information.

SPEAKER_02 49:19

Yeah, they can look me up on LinkedIn, I mean it's the easiest way. Um my contact information, uh obviously if they connect with me on LinkedIn, they can. If they intend to be in UTD and they intend to take the classes, then I'll be glad to have them as my students. But if some of the people who are even not wanting to spend that too much money into UTD or so, and they just want to pursue their bachelor's, Colin College offers a bachelor's degree in cybersecurity. So there are lots of ways to skill yourselves, and I would say uh if you're looking at cyber, it's important to understand that you're picking the right thing and running with it.

SPEAKER_03 50:06

Right?

SPEAKER_02 50:06

There are places like Udemy and all, which are also offering some good classes, but it's important to know which one to take, don't go on a buying spree, right? This is because retail-wise, everyone's trying to put their thing out there, but at the end of the day, you want to know which option to pick, which will help you. And there are certain things like there's a basic program offered by ISC Square called Certified in Cybersecurity. Yeah, it's a free certification which people need to get. First, get that to see if it's this is even for you, right? Because there is a job, doesn't mean you go and say that okay, I'll do this. If there is an incident or this is a breach or something which happens, you are in for long nights. So if you're looking for that comfort things, but again, if you are a developer, your jobs are also been re-thought of, right? Because a lot of the work can be done by AI. Right? If you are in a Google QA or someday, it'll help you fix your code, how to uh address those things. So it's not that AI is just taking over cyber or AI is just taking over certain areas, AI is stepping into every single thing. So if you are looking at it, please analyze your options correctly. And when you analyze, doesn't mean that you went to some person, that person knows it all. You might have to have multiple winters too, right? Depending on what you're looking for. What I would say is uh not to use the cliche, but I'll still use it. Be like if you're a student, if you're a newbie starting in this space, be like the smoke sponge, work, soak, whatever you can. Try to understand from people who've seen it. Like attend basis. If you are students, I would highly encourage you to volunteer at there are lots of conferences which are happening. I talk about the Dallas area. There are lots of conferences where are happening where lots of students go and attend. Right? Go there, attend, listen to the keynote, make some connections, right? If given an opportunity, ask to work, even if it doesn't pay you, do the next best thing. Ask to uh shadow somebody. Writing on LinkedIn or writing on other sites is free. Try to hone that skill, right? Just go ahead and write so that you are able to express yourselves. Right, those are the big things I would strongly suggest. I think there's lots of opportunities, but you need to do it right. Not everything needs to be, not everybody can afford to go through the college, not everybody can have the patience of going to the college and doing the master's or uh PhDs or whatever. But if you have something, you identify where you need to go. And now map your journey from point A to point B in the best way you can.

SPEAKER_01 53:46

External parts, Sejas. Will I be seeing you at the secure Dallas uh conference on the 15th? Not sure yet. Okay, okay. Well, uh, thank you again, Sejas. I'm sure our listeners will love and learn from uh from uh from our uh our conversation today. Thank you for being here.

SPEAKER_02 54:11

Thank you very much, Rishal, for the opportunity.

SPEAKER_01 54:14

This brings us to an end of another episode. I'll see you on the next one.