As we gear up for the American CIO & IT Summit, set to take place on June 12-13, 2024, in San Francisco, CA, we are thrilled to spotlight one of our esteemed participants, Surinder Lall.
Currently serving as the Senior Vice President of Global Security Risk Management at Paramount Pictures, Surinder brings a wealth of experience and insights into the rapidly evolving world of cybersecurity.
His journey from the front lines of tech support to the strategic echelons of global security risk management reflects a career marked by depth, diversity, and dedication to the cybersecurity domain.
Surinder’s role extends beyond corporate confines as he contributes his expertise to the UK Government Cyber Security Advisory Board, influencing national and international cybersecurity policies and practices.
His unique perspective, forged at the intersection of corporate leadership and government advisory, equips him with an unparalleled understanding of the challenges and opportunities in cybersecurity today.
At the upcoming summit, Surinder will take the stage as both an emcee and a panelist, delving into the theme Building Cybersecurity Resilience in Today’s Landscape - Utilizing IT and Data Security Measures to Meet Business Objectives.
His insights will undoubtedly shed light on how organizations can navigate the complexities of modern cybersecurity, emphasizing the critical balance between technological advancement and strategic risk management.
Drawing from his extensive experience, Surinder’s perspective on the seismic shifts in the cybersecurity landscape, particularly with the advent of AI, is both enlightening and essential for any professional in the field.
His approach to change management, advocacy for diversity and inclusion, and proactive stance on emerging threats and opportunities, as revealed in our recent interview, provide a glimpse into the strategic mindset required to thrive in today's digital ecosystem.
As we anticipate his participation at the summit, Surinder Lall stands out as a beacon of knowledge and leadership in the quest to fortify cybersecurity resilience in an era of unprecedented digital transformation.
To start, would you mind giving us a more in-depth introduction, delving deeper into your roles and responsibilities, and expanding on what inspired you to embark on a career in cybersecurity?
My journey in the technology industry spans over 25 years, and it has been an incredible ride. I began my career at the Help Desk, answering phones and troubleshooting basic technical issues. It was a time when technology was far less pervasive than it is today.
There was no AI, network connections were often unreliable, and it sometimes felt like a struggle just to get online. Witnessing the remarkable evolution of technology over the years has been fascinating.
My foray into cybersecurity was sparked by a somewhat alarming incident. I was working for the first online gambling company, and we were hit with a DDoS attack. Back then, most people hadn't heard of this type of attack. Everything ground to a halt – our website and our entire business model depended on its functionality.
It was a frightening situation, and it highlighted the critical importance of security. That experience ignited my interest in the field, and I've been fascinated by the ever-evolving challenges and constant innovation required in cybersecurity ever since.
Currently, as Senior Vice President for Global Information Security Risk Management at Paramount Pictures, my responsibilities encompass many facets. My days involve assessing vendor risk, analyzing cyber risks, and relentlessly staying ahead of emerging trends within the threat landscape.
We develop our security strategy based on a deep understanding of how these trends could impact our business, and we continually adapt our approach.
You've been at the forefront of the cybersecurity field for a significant period. Would you describe how the field has evolved during your career and elaborate on any specific changes you anticipate in the next five years?
The most profound shift has been the exponential increase in our reliance on technology. In the early days of my career, the average person's digital footprint was relatively small – perhaps a home computer and a dial-up internet connection.
Now, we are intricately connected through numerous devices. Our lives and livelihoods depend on the internet. This increased reliance has made the job of cybersecurity professionals immensely more complex.
Furthermore, the tools and techniques for hacking have become widely accessible. Previously, sophisticated hackers with specialized coding skills posed the primary threat. Now, with the abundance of online tutorials and 'how-to' resources, individuals with little technical background can launch disruptive cyberattacks.
The rapid evolution of AI presents both immense opportunities and unprecedented challenges. While AI itself isn't new, the ability to interact with AI models via natural language is a paradigm shift.
The cybersecurity industry, along with governance and legal frameworks, is racing to keep pace with this rapid change. I envision the next five years as an incredibly transformative period, akin to a new industrial revolution.
We will likely witness legal battles that establish foundational AI law, continued advancements in AI-powered cyber threats, and grapple with the ethical implications of AI such as potential biases and workforce displacement. It's a truly fascinating yet somewhat daunting time.
Given the constant state of change within cybersecurity, how do you approach the delicate task of change management when implementing new processes or technologies within your organization?
Successfully navigating the changes brought on by new technologies, especially AI, requires a multi-pronged approach. Prioritizing governance, understanding the legal ramifications, and meticulously managing privacy risks are paramount.
These areas are crucial in a corporate setting and are becoming even more critical as AI technologies mature. We must constantly ask ourselves – where is the sensitive data going? Who has access to it? Can we guarantee its protection to preserve our intellectual property?
"It's a complex landscape to navigate, and open, transparent communication across the organization is key to successful change management"
You hold a unique perspective as an advisor to the UK government. Can you describe what it's like to have such a direct impact and share what you see as the most exciting opportunities and the most significant risks on the horizon of cybersecurity today?
Being a part of the UK Cabinet Office Cybersecurity advisory board is a great privilege. I find value in translating my experiences within the corporate world to help inform government strategy. Often, challenges we tackle within corporations eventually impact the public sector.
This diverse group of experts from industry, academia, and intelligence agencies enables a holistic and robust approach to cybersecurity preparedness.
One crucial issue that keeps me up at night is the lack of foundational law around AI. Questions about the ownership of AI-generated content, usage parameters, and the potential for replicating biases found in real-world data are all pressing concerns.
Nations already known for intellectual property theft are undoubtedly heavily invested in pushing the boundaries of AI capabilities. The risk of AI-powered attacks on a global scale is a very real possibility.
Your career demonstrates the importance of continuous learning and persistence. Can you share some key takeaways from your cybersecurity journey that might help others navigate this dynamic field?
Throughout my career, I've come to rely on three guiding principles:
1. If you don't ask, you don't get: Don't be afraid to ask for what you need to succeed – whether that's access to training, additional resources, or new opportunities. You might be surprised by the outcome.
2. If you don't get it, ask again: Persistence is key. Obstacles are inevitable, but don't let them deter you. Approach the situation from a different angle, reframe your request, or find alternative solutions.
3. Listen to understand: Our default is often to listen with the intent to respond, rather than to truly comprehend. Taking the time to actively listen can lead to significant personal growth and insightful revelations. Everyone has something they can teach you.
As we wrap up, could you offer advice to those seeking to prepare for the future of cybersecurity and guidance for organizations striving to embrace diversity and inclusion as they evolve within this field?
My primary advice would be to invest time and energy into learning about AI. This will be the defining change agent within cybersecurity for the next five to ten years. Simultaneously, maintain a strong foundation in the fundamentals of security and technology - these principles remain vital.
In addition, diversity and inclusion are paramount in cybersecurity and every organization. A diverse range of perspectives, backgrounds, and experiences creates a more robust defense posture. When approaching a problem, a group comprised of individuals with varied life experiences will naturally generate more innovative solutions and uncover potential blind spots. Actively foster an environment where everyone feels valued and heard.
We thoroughly enjoyed gaining these insights from Surinder Lall, and look forward to hearing more of his experience at the upcoming American CIO & IT Summit this June 12-13, 2024 at the Hyatt Regency San Francisco Airport, CA!
Looking for more information on how to attend? Visit cioamerica.com for more information on the event!