Championing Privacy, Inspiring Change, and Nurturing the Future!
In a world dominated by Gen Z, where our lives are increasingly lived online, from social media interactions to online purchases, each digital engagement contributes to what has come to be known as our “digital footprint.” This footprint is essentially a trail of personal data points that collectively paint a vivid picture of who we are, what we like, and how we navigate the digital landscape. While this information can be harnessed for targeted advertising or improved user experiences, it also raises concerns about the extent to which individuals have control over their own data.
Sawan Joshi emerges as a stalwart defender, donning the mantle of Chief Information Security Officer at Mitiga Solutions & The Privacy Business Group Ltd.
Sawan’s journey into information security was not just a career choice; it was a calling fueled by a profound sense of responsibility. Inspired by the digitization of data, he recognized the transformative power of technology in shaping our lives. Simultaneously, he was drawn into the industry by the alarming surge in cybercrimes, each one a stark reminder of the vulnerabilities of our interconnected world.
Given a stage to speak about protecting people, Sawan’s message is clear and concise. In a world where data is both the lifeblood of progress and the target of malicious intent, he advocates for a collective responsibility to safeguard privacy. As the CISO, his mission extends beyond securing data; it’s about empowering individuals to take well-informed actions in their roles as guardians of digital sanctuaries.
Behind the title of Chief Information Security Officer lies the role that truly defines Sawan—being a father. As a parent to quadruplet children, he draws inspiration from their innocence and envisions a future where digital landscapes are resilient and secure. For him, the responsibility of protecting not just his own family but the global digital community adds depth and urgency to his mission.
Sawan Joshi is not just safeguarding the present; he’s architecting a resilient future. His role extends beyond the corporate corridors to the heart of family life. By instilling the importance of privacy and security in his children, he’s shaping a generation that understands the value of digital trust and the significance of safeguarding data.
In an age where information is power, Sawan’s advocacy for privacy and security becomes not just a professional responsibility but a profound commitment to the well-being of individuals and generations to come.
Below are the interview highlights:
Could you please brief us about Mitiga Solutions and its inception story?
Founded in 2018, Mitiga Solutions is a science-based climate risk intelligence company that helps organizations understand their exposure to climate risk to make well-informed decisions and protect their assets.
Can you share your journey in the fields of information security, IT operations, and data protection, highlighting key milestones in your 15-year career?
Over the past 15 years, we have seen many acquisitions, mergers, and even divestitures, and my career has been loaded with this topic. With over 10 acquisitions under my belt, I supported my employers with complex scenarios where global offices are in scope and provided solutions from technological capabilities that have come from highly available private and public clouds and the way replication solutions can allow for data integrity and collaboration. It was important to provide agile and adaptive solutions during these initiatives.
Some key highlights during my career were building information security and operations for London Luton Airport, a highly regulated essential services provider that needed a balanced blend of internal and external security that not only protected digital systems but also provided monetization opportunities through physical security technologies inside the airport facilities.
Over the years, I leveraged the opportunity to network at the board level. This level of communication was a very exciting area for me, as it built my own career confidence through the validation it received. I would always bring well-prepared information to a meeting to validate having a place at such meetings, and it was important that I knew it so well that I could articulate it in that meeting to keep stakeholder interest. This always meant keeping the focus on why my points mattered in the first place.
During my role at First Port Ltd., which is the UK’s largest property management company and now a global organization that has set out to grow by acquisition at a rapid pace, protecting the executive leadership team’s interests was vital, as was ensuring impartial facts reached the board. To do that, strategic alignment was key, and to ensure that as we completed these acquisitions, the risks that were taken on by the acquired company were going to be managed with trusted eyes and that clear sight of what they were was shared before closing the investment.
To do that, I created a repeatable acquisition capability that could be applied each time, which led to success in my role, and new risks were processed into the security roadmap.
To do that, ensuring technologies that can scale with simplicity was vital, as was having the internal and external people on board to make it happen. I have often found that it is not the size of the team but the capability of the team that counts most.
To sum up, some highlights of my data protection experience are not sector-specific. As I grew my experience and continued to top up my knowledge, which is constantly part of the territory, I was able to tailor and adapt it to any organization type once I understood the business and what applied to them first.
This has become my personal repeatable strategy, which has now been applied to an airport, a global sports retail company, the UK’s number one charity for dogs, multiple financial services companies, and now 2 climate tech companies. These have become adventures I love to tell my network and specifically my children as they grow up and begin to understand that working for who you want is going to have a better chance of happening if you empower yourself with a career strengthened by knowledge, and if you know it well, you can explain it well.
In your current role as the Chief Information Security Officer at Mitiga Solutions, what strategic initiatives have you implemented to enhance information security within the organization?
The time to act against the risks our world faces from climate change is now; it cannot be an afterthought, and within the public and private sectors, we have an opportunity to take steps that make an impact now. It all starts with taking a 360-degree look at all prospects and what matters to them. This means customers, partners, and investors now and in the future. Building a strategic roadmap along with laws and regulations that are within scope and will build trust in the supply chain is essential.
I articulate a roadmap like this as protection around people, platforms, and processes that can provide balanced protection of assets and support revenue generation through independent validations. These are how we make sure we can be relied on to score highly in trust scores with our privacy-by-default design business architecture.
In these pillars, what that would look like is to ensure we put a layered defense around people to ensure we protect their identity with multiple factors, plus the additional layers that include anomaly detection for those sign-ins, such as impossible travel metrics and user behavior analytics to detect deviations from normal interactions and data manipulations.
Additionally, on platforms, it is vital to implement a clear, transparent view of all these activities once an identity has been validated to ensure trust, but verification is constant and any adverse interactions and activities across platforms are quickly identified so we can take response actions.
The third pillar is to build robust capabilities around processes through top-down governance and ensure we have data protection compliance and business continuity, with disaster recovery baked right in. That is how you become breach-ready so that an adverse incident becomes an operational metric to track and continuously improve on and not a business-hindering aftermath.
This does not mean going out and purchasing all the latest security technologies that cover the acronyms that are constantly evolving as buzzwords in the broad offerings of many solution providers, but this means ensuring financial stewardship is at the heart of a roadmap like this and that investments are of low complexity and cost, thus achieving understandable security by design. As a business leader, that is important.
At The Privacy Business Group Ltd., how did you contribute to the development of privacy strategies? What were the key challenges you faced in this role, and what is TriStep.io?
As I found my approach to applying privacy and security strategies to any sector successful, I realized I wanted to apply this to more companies and reflected on my experience with large enterprises vs. the challenges startups face as they try to do business with large enterprises. I wanted to take my experience from both sides into making those public and private business partnerships simpler to put together, trustable by validation, and successful in their ability to last.
That is when I decided to form The Privacy Business Group Ltd., but my goal was not to focus on traditional advisory services. Today, not many organizations want a 5-year plan sold to them in an interview; they want objectives and key results measured quarterly, and I want to bring the capability to help organizations have a low-level touch from an advisory and to easily gain access to software that is not only low-cost but will give a 3-step plan to risk and sustainability frameworks that will help them mind their own posture. That is why I founded TriStep.io, which is a risk and sustainability framework platform that will be available for everyone in January 2024.
Could you share insights into the significance of the certifications you obtained?
These qualifications offer very relevant future-proof value and offer a complex path to obtain them, which is part of the achievement after all, the easy options are never of the most value.
The qualifications from IAPP, ISC2, and ISACA offer continuous professional development systems to keep the certification valid for a fee, and participation keeps continuous learning on track and your initial investment in place.
It is important to know the operating cost of achieving and maintaining certifications when deciding how much to work for in salary or self-employment and to take that into account when running your own career. My view is that no employer should run your career; it is important to drive that yourself.