#RSAC: Q&A: Rohit Ghai, President, RSA

Written by

In stark contrast to many of the industry’s spokespeople, Rohit Ghai, President of RSA, is surprisingly optimistic about the state of the cybersecurity landscape. After his keynote presentation which opened the RSA Conference in San Francisco, he spoke to Eleanor Dallaway about his regrets, his hopes and his thoughts on the industry

When did you first become interested in computers?

I was analytical from the get go. I always loved solving problems and puzzles and I relished the possibilities of computing. My first job, however, was as a librarian. I just loved books.

Tell me in one sentence what your job is about

Connecting people and ideas.

What’s the best thing about your job?

Working with incredibly smart people and solving hard problems.

What’s the worst?

Limitations. In cybersecurity, the narrative of the industry is a little pessimistic, and there is a negative undertone. I’m a natural optimist so I struggle with that so I try to sprinkle a dose of optimism as much as I can.

You’re an excellent public speaker. Do you enjoy it?

I’ve come to as I have progressed through my career, but that wasn’t always the case.

The narrative of the industry is a little pessimistic...I’m a natural optimist so I struggle with that

What’s your dream job?

A teacher. I’d love to teach people without ready access to education.

What’s your proudest achievement?

I like comeback victories – I am most proud of turning businesses around and helping people see the potential of what they can accomplish. I see a change when people start believing they can accomplish what they originally thought was unattainable.

What’s your biggest professional regret?

How long do you have? I have many, but they’ve all been phenomenal learning opportunities.

Who do you really admire in the industry?

I like people that have made quanta change. I really admire Satya Nadella for the work he is doing at Microsoft. Disruptive innovation also gets me fired up, so the likes of Elon Musk or Steve Jobs, a disruptive force. I’d take a lesser role to have the opportunity to work with smart people like them.

Presumably you’ll be delivering the opening keynote again at RSA one year from now. What message do you hope to be able to deliver this time next year?

Currently, digital risk not very well understood. We’ve not fully fathomed complexity – we need a better understanding of digital risk and a realization in the industry that you need a pervasive, holistic view of risk, otherwise you are only protecting one part of your infrastructure.

Your messaging is always very positive and you argue that cybersecurity is getting better, not worse. Is there anything we are doing worse?

The part that worries me is progress as it pertains to integration. We’re still very fragmented and we still put too much burden on the customer. So the architecture of the industry concerns me.  

Our mission is to manage digital risk but it will be mission accomplished when people recognize that

If you could work with any client on any project, who and what would it be?

NASA or something where the complexity of the project is extreme. I’d love a deeper opportunity to work on projects like that.

If you could change one thing about the information security sector, what would it be?

The negativity. It’s important that fear should never be the primary motivator. It’s an effective motivator, but we need to learn how to motivate ourselves in other ways. Our job is to help organizations manage risk, not avoid it.

What’s the most misunderstood thing about information security?

There is a misconception that unless you fix the hyped aspects of the threats you can’t move the needle on security. Cyber hygiene is important – we need to do a better job of hygiene to move the needle.

What one piece of advice would you give to someone starting out in the information security industry in 2018?

Come in with eyes wide open, it will be a bumpy road. You can’t celebrate your successes – you have to be mission-driven and derive satisfaction in many ways through what you are enabling behind the scenes. If you’re looking for explicit acknowledgement of work, this is not the industry for you

Do you have any unfulfilled ambitions at RSA?

We are still pigeonholed and known for what we used to be. We need to earn being known for our new identity. Our mission is to manage digital risk but it will be mission accomplished when people recognize that. I want RSA to be known as the company that merged cybersecurity and risk management.

What’s hot on Infosecurity Magazine?