Phanindra Jammalamadaka

CIO 2023

Safeguarding Organisations from Evolving Threats

Phanindra Jammalamadaka

Ex- Chief Information Security

Officer, Ex - Mintoak

Phanindra Jammalamadaka’s (Mintoak’s Chief Information Security Officer (CISO)) inspiring journey is fuelled by an unwavering commitment to staying ahead of evolving threats and ensuring the highest security of systems and data. His remarkable expertise, combined with exceptional leadership skills and a holistic understanding of the intricacies of information security, allows him to seamlessly align security initiatives with the broader organisational goals of Mintoak.
Phanindra stands at the forefront of executing robust security strategies, establishing governance frameworks, and effectively communicating risks to executive leadership. His strategic acumen, coupled with his technical proficiency, ensures that Mintoak’s security posture remains resilient and adaptive. Beyond technical expertise and leadership prowess, Phanindra possesses an unwavering commitment to making a difference. He understands the potential consequences of security breaches and continuously strives to protect individuals, organisations, and society as a whole from the ever-evolving landscape of cyber threats. This sense of purpose drives him to explore innovative approaches, embrace emerging technologies, and continuously learn and adapt to new trends and challenges.
With his exceptional skill set, visionary mindset, and dedication to enhancing Mintoak’s security posture, Phanindra is poised to leave an indelible mark in the field of information security. TradeFlock interviewed Phanindra to understand his strategies and vision for the future.

What are some key milestones or achievements in your career that have influenced your approach to information security and leadership?

There are significant milestones that I have achieved in my career. Leading and managing a major security incident highlighted my strong leadership skills and composure in high-pressure situations. I successfully mitigated the incident, minimised its impact, and facilitated a swift recovery.
I also achieved success in implementing comprehensive security programmes within organisations. This included developing policies, conducting risk assessments, implementing security controls, and promoting a culture of security awareness. This reflected my expertise in establishing strong security measures and fostering a proactive approach to information security.
Ensuring regulatory compliance with industryspecific regulations and frameworks, such as PCI-DSS v4, PCI-PIN, PCI-P2P2, GDPR, HIPAA, or ISO 27001, was also a significant achievement. Meeting compliance requirements demonstrated my deep knowledge of the field and ability to align organisational practises with relevant standards.
Additionally, I made impactful contributions to the field of information security through research, publishing papers, and presenting at conferences. This involvement allowed me to showcase innovative approaches, present novel security solutions, and share vulnerability discoveries. Building and leading highperforming security teams was pivotal in my leadership journey. Developing team members’ skills, fostering collaboration, and providing mentorship positively impacted the organisation’s security posture and cultivated future talent.
Moreover, receiving industry recognition and awards for outstanding contributions to information security validated my expertise, leadership, and positive impact within the field. This acknowledgement from peers and industry organisations inspired me to continue making a difference in information security.

What are your long-term goals as a CISO, and how do you plan to achieve them?

My long-term goals encompass enhancing cybersecurity posture, fostering relationships and collaboration, developing security talent and leadership, influencing industry and regulatory developments, and pursuing continual learning. Implementing frameworks, conducting risk assessments, and establishing a roadmap contribute to this goal.
Building relationships involves effective communication, aligning goals, and fostering collaboration. Regular meetings and shared understanding facilitate collaboration with stakeholders. Developing talent is achieved through mentoring, training, and career development. Collaboration with HR, training programmes, and promoting awareness nurture a security-focused culture.
Active participation, knowledge sharing through associations, research, and policymaking, along with continual learning through certifications, conferences, and peer-to-peer learning, enable me to influence industry and regulations effectively.

How do you assess, and address security risks associated with external vendors or partners in thirdparty risk management?

Effectively managing third-party risk requires assessing and addressing security risks associated with external vendors or partners. My approach involves several key steps. First, I conduct a comprehensive evaluation of the vendor’s security posture, considering their security documentation, track record, reputation, and client references. This ensures that I work with security-focused vendors.
Performing a risk assessment to identify potential security risks is the next step, considering data sensitivity, service criticality, system access, and dependencies on other third parties. To mitigate these risks, I establish clear security requirements in contractual agreements, specifying controls, data protection measures, incident response protocols, and compliance with regulations.
During due diligence, I verify the vendor’s security controls through on-site visits, audits, or penetration testing, involving internal teams or third-party assessors for an objective evaluation. Contractual protections are vital, so I collaborate with legal teams to include clauses like confidentiality, data protection, indemnification, breach notification, and incident response.
To ensure ongoing security, I establish a robust monitoring programme, conducting regular assessments, reviewing audit reports, and analysing security incident metrics. Collaboration extends to incident response and business continuity planning, defining roles, responsibilities, and communication channels to ensure a swift response and service recovery.
Lastly, I establish termination strategies in contracts, defining processes for data return or destruction, system access removal, and transitioning services smoothly to alternative vendors or in-house capabilities.

What emerging trends or technologies in the business industry do you believe will impact Information Security, and how do you stay updated and prepared for them?

The field of information security is shaped by emerging trends and technologies in the business industry. Notable trends include the widespread adoption of cloud computing, the proliferation of IoT devices, the use of AI and ML in security, and the shift towards zero-trust architecture.
To stay prepared, I engage in continuous learning through conferences, seminars, and training programmes. I actively participate in professional networks, follow reputable sources, collaborate with industry peers, and pursue relevant certifications. These strategies enable me to stay updated and effectively address the impact of emerging trends on information security.

What advice do you have for aspiring professionals pursuing a career in information security and aiming for leadership roles?

If you’re interested in a career in information security and aiming for leadership positions, here’s my advice for you.
Build a solid foundation through education and certifications. Gain practical experience and stay updated on the latest threats and best practises. Develop a diverse skill set, seek guidance from experienced professionals, and expand your network. Take on challenging assignments to showcase your skills and leadership abilities. Cultivate strong communication and leadership skills. Embrace a growth mindset and stay proactive.