Sujeet Bambawale, Chief Information Security Officer, 7-Eleven
I help organizations grow trust with its customers, partners, employees & stakeholders
Trust empowers and influences everything. Add equal parts data, experience and expertise; and we have informed risk decisions.
Information security is the foundation for trust today. As the world attempts to find balance between being smaller and being decentralized at the same time through rapid evolution in communications and cloud technology, between being social yet insulated behind smart personal technology; and between recognizing the core value of the human element versus the obvious value of intelligent automation – the ability to secure that which is not intended for public consumption will be the bedrock for gaining and maintaining trust.
We have successfully monetized private data, and the adage of information being the new currency is tangible enough to touch now. Information security is now, more than ever, critical at every step of the process – be it personal or in business; to make timely and informed decisions around identifying and managing risk down to acceptable levels and commensurate with the value of the data, and resources, involved.
Recent news and press
- September 2014: In this age of “a new security event in the news every day”, it is very easy to lose sight of responsible disclosure and giving the vulnerable party an opportunity to get ahead of the problem rather than reporting it to the media for a few minutes of fame. I recently found some user data leaking from a service in the space of creating a trusted community of security professionals; and one that specifically claimed to never release user data without consent. I was very happy to see that they reacted swiftly and then published a thorough disclosure. Kudos to Peerlyst!
- October 2014: I’m extremely proud to announce that NetApp is now certified to the ISO27001:2013 standard for information security management. The ISO27001 standard was revised late last year to the 2013 version, which was the first update to the ISO27001 standard since its initial publication in 2005. NetApp was one of the first few companies in the Bay Area to achieve ISO27001:2005 certification in 2007; and I’m glad that we have continued that theme by achieving certification to the new ISO27001:2013 standard far ahead of the required compliance date of October 2015. A great attestation to the concerted efforts around information security at NetApp!
- October 2014: I was honored to participate in a fireside chat presentation on SaaS Governance and SaaS security at the Gartner Symposium in Orlando on October 8. The theme of this chat will be on a holistic view of SaaS risk for the organization, empowering the workforce with a quantified view of SaaS risk as well as alternatives to risky SaaS; and thus gaining the trust of the business units and functional groups in terms of information security supporting agility and innovation by creating an adaptive perimeter around intellectual property.
Long form bio
At NetApp, I was responsible for information security and compliance as a part of the Enterprise Architecture organization. My team defines and operationalizes the enterprise strategy for NetApp; and I am responsible for engaging with our customers about our internal security posture. I have driven NetApp’s continued certification to the ISO27001 standard for information security management.
Prior to joining NetApp, I spent over 10 years with the Corporate Information Security team at Intuit; and was responsible for delivering several key security initiatives that helped integrate security into the culture of the company. At Intuit, my focus was on building the security brand to reflect the deep subject matter expertise and the pragmatic approach to risk management that my team delivered to empower the business and accelerate success in markets across the globe. Intuit has recognized my support for their global business division with the Intuit Innovation Award.
Before joining Intuit, I was with the Information Risk Management teams at Ernst & Young and KPMG; responsible for developing risk mitigation strategies primarily for Fortune 500 clients in the financial and technology sector.
I have almost two decades of experience in the information security and compliance domain; coupled with a broad set of market expertise that allows me to comfortably engage at various levels of the organization to deliver tangible value through an information security strategy based on the product and market landscape. I have a B.S degree in Electronics Engineering, a Masters degree in Electronics and Telecommunications Engineering with a focus on information security; and am a Member of the Board of the Information Systems Security Association’s Silicon Valley Chapter. I am also a Certified Information Security Manager (CISM) as well as Certified in the Governance of Enterprise Information Technology (CGEIT) by the ISACA, and have the GSEC Gold certification by the SANS Institute.
Publications and Press
- A Fragmentation Model for Secure Enterprise Connectivity; available via Google Books from the library of the University of Louisiana at Lafayette
- Secure Data Networking for Enterprises; available via the ACM Digital Library and the IEEE Xplore Digital Library; and in Volume 1 of the ACM Journal
Presentations
- Secure Data Networking for Enterprises – Presented at the Ninth International Conference on Computer Communications and Networks in Las Vegas, Nevada
- How The Cloud Was Won – Stories from a Cloud Trailblazer: The Gartner ITXpo and Symposium
Always reachable securely via Keybase, of course.