Senthil Kumar Iyyappan

40-under-40

Transforming Security Narratives

Senthil Kumar Iyyappan

Chief Information Security Officer

Ocrolus

The traditional perception of cybersecurity as a mere cost centre is undergoing a paradigm shift. Organisations now realise that a well-aligned information security framework is not just a protective shield but a driver of profitability. This shift, from viewing cybersecurity as an expense to recognising it as an investment, is crucial in today’s tech ecosystem. Senthil Kumar Iyyappan (aka SKI), a seasoned information security expert and Certified CISO, strongly advocates this transformative perspective.
SKI stands as a transformative force, challenging the conventional perception of security as a mere defensive shield. His journey is highlighted by a groundbreaking achievement—the metamorphosis of information security from a perceived cost centre to a profit centre—resonating across the industry. Leveraging metrics and facts, SKI adeptly showcases that a well-orchestrated security strategy goes beyond risk mitigation; it catalyses revenue growth. His unique ability to align security measures with organisational objectives has elevated security from a compliance necessity to a strategic enabler.
Currently serving as the CISO at Ocrolus, SKI extends his influence beyond conventional security responsibilities. Leading the charge in developing and implementing robust security strategies, policies, and technologies, his overarching objective is clear: to safeguard digital assets, ensure regulatory compliance, and fortify defences against evolving cyber threats. SKI’s strategic vision positions Ocrolus not merely as a secure entity but as an agile and innovative force within the tech landscape.
Beyond his corporate role, SKI engages proactively as a pro bono mentor, offering guidance in cybersecurity, leadership, and career development. His advisory role in multiple SaaS startups underscores his commitment to shaping the future of information security. In an exclusive conversation with TradeFlock, SKI delves into his transformative journey and shares insights into his life and career. 

Can you briefly describe your professional journey?

My early professional years were shaped by an affinity for communication networks and cryptography, leading to formative internships at ISRO and HCL. After joining TCS post-graduation, I initially took on the role of a Mainframe developer, navigating loan processing applications and mergers and eventually discovering a keen interest in information security. A subsequent transition brought me to Freshworks where I played a substantial role as Deputy CISO, in building a go-to-market cybersecurity team and contributing to the company’s growth trajectory. From startup dynamics to being listed on NASDAQ, this experience provided valuable insights. In December 2023, I assumed the position of CISO at Ocrolus, overseeing GRC, product security, cloud security, security operations, and enterprise IT security. This chapter in my career brings a holistic view of security responsibilities, leveraging a background encompassing network security, audits, compliance, and leadership. Each step in my journey, from technical roles to leadership positions, has been instrumental in shaping my proficiency in information security. My commitment lies in adapting and contributing effectively across diverse organisational landscapes.

Share a specific instance of a major information security challenge you faced and the strategies you used to overcome it.

A significant information security challenge I faced was securing budget approvals for essential tools and hiring. To overcome this, I implemented capacity planning. This involved detailing all security team activities, tying them to tools and software dependencies, and estimating project time. I aligned these with the company’s goals, transparently quantifying the need. This structured approach successfully justified the requirements, leading to secured budgets and approvals.

Highlight some key achievements from your internships and professional career.

In my internships, I realised that college teachings represent only a fraction of practical knowledge, emphasising my focus on people management and leadership from an early career stage. As an information security professional, a significant achievement was transforming security from a perceived cost centre to a profit centre. By showcasing how security initiatives contribute to ROI and presenting metrics, I shifted the perception that security is merely an unavoidable expense. This transformation underscored the idea that security not only safeguards but actively enables revenue, bringing newfound importance and value to the organisation.

How do you lead high-performing security teams?

In leading high-performing security teams, I prioritise clear goal setting, emphasising the broader impact of our work on company goals and revenue. Fostering a culture of openness and transparency, I encourage effective communication and collaboration within the team. Removing the fear of conflict promotes constructive discussions and innovation. As a leader, I set an example by upholding professionalism, integrity, and ethical conduct. Continuous learning is paramount, ensuring the team remains adaptable in the dynamic field of information security.

How have personal experiences shaped your leadership and cybersecurity approach?

My leadership and cybersecurity philosophy are deeply rooted in the core value of trust, learned from personal experiences. The leaders I worked with in my career influenced both my professional and personal life. This made me prioritize building trust and avoiding counterproductive behaviors. These lessons inform a leadership approach that fosters collaboration and effectiveness in both personal and professional realms.

Are there specific cybersecurity domains or areas you're keen on exploring further?

My interest in cybersecurity extends to exploring and staying current with emerging trends, technologies, and best practices in this constantly evolving field. In a discipline where remaining connected to the internet is essential to avoid becoming outdated, I am committed to ongoing learning and exploration of new domains within cybersecurity.