Tech Talent Spotlight Series: Praj Payag- Deb

Praj is a distinguished Security Risk strategist with nearly twenty years of experience in Technology Risk and Security Governance. 

Her expertise lies in helping organizations build robust security programs that optimize control frameworks, meet regulatory objectives, and mitigate risks. Praj is widely recognized as a subject matter expert and an innovative leader in Cybersecurity risk management.

Throughout her career, Praj has demonstrated a strong track record in operationalizing CISO strategies, developing scalable programs that continuously evolve to add value to businesses. She is known for her ability to positively influence and bring about organizational transformation through her extensive knowledge of personal development, industry processes, and technological solutions. 

Starting her career in Technology Audit, including roles at Ernst & Young, LLP, Praj later transitioned into leadership positions within top-tier fortune 50 and financial organizations such as Comcast, Bank of America, and Morgan Stanley. In these roles, she led Security risk and governance processes across diverse cultures and time zones, effectively communicating critical risk and compliance matters.

As the Director of Information Risk & Internal Controls for Horizon Media from 2018-2023, Praj played a pivotal role in establishing governance, risk, and compliance teams from scratch, contributing significantly to the organization's growth. She has a strong focus on developing and implementing cybersecurity standards, leveraging automation to enhance efficiency, and ensuring organizations achieve various certifications such as HITRUST, HIPPA, SOX, PCI-DSS, ISO-27001, and SOC2.

In July 2023, Praj founded Cyberpink Advisors with a mission to enable businesses by safeguarding their data and fostering client trust. Cyberpink Advisors offers a range of services including fractional CISO support and independent Cybersecurity and risk management solutions such as third-party risk management and policy governance.

Praj holds a CRISC certification, a C-CISO certification, along with a Master's and Bachelor's degree in computer engineering. She is also a sought-after speaker at industry events, sharing her insights and expertise on topics related to Governance, Risk, and Cybersecurity at prestigious forums including GRC Agility, RSA, and various podcasts.

What led you to pursue a career in the technology industry and how did you enter the field?

I was always interested in technology and pursued a bachelor’s degree in computer science, so it was an obvious choice for me, however I did pursue Cybersecurity, risk and compliance right after my master’s degree. It wasn’t a formal field yet, and most people with technical backgrounds wanted to code. I just felt that it allowed me to use me people skills and analytical skills a lot more and found it very exciting to grow with the field.

Can you tell us about a moment in your career that made you proud?

I always find moments of innovation or building something from scratch or re-engineering very fulfilling. I’ve had a few of those, and I’m proud of each of them. When I was in a junior role, I went above and beyond by doing a whole process re-engineering effort at Comcast that saved us over a million dollars and won be a star leadership award. That started my passion for building and re-engineering Cybersecurity and risk processes, and as a leader that has led to me combining my strategic and technical skills to add business value and build effective CISO and Cybersecurity risk governance programs.

In your opinion, what are the key attributes of successful leaders today, and how do you perceive the value of diversity in leadership?

The key attributes of successful leaders and perceived value of diversity is tied into each other. A successful leader must encourage diversity of thought. We focus on the traditional diversity definitions which are of course important for equal opportunity, but diversity of thought encourages learning, growth and creates an empowered team. A successful leader must provide their team the ability to feel safe to take decisions and celebrate their wins and take ownership. Other than that, I believe that a supportive and respectful culture, where leaders understand that work is just one aspect of life encourages fulfilment and productivity.

The current state of the cybersecurity industry is incredibly dynamic and exciting. How have public attitudes toward cybersecurity transformed, and what specific aspects of the industry excite you the most and what are your predictions for the future?

I have been advocating for Cybersecurity strategy to be aligned with business in every organization that I have worked. I think the biggest shift has been that we are now thinking about Cybersecurity as a part of our proactive business strategy rather than a cost centre that we “have” to implement after a data breach. This can be a very powerful driver, and more and more businesses are realizing this. I currently provide fractional CISO services, and I can see more and more businesses going towards this. I predict that we will continue this path of alignment and utilize AI and effective tooling to help us get there faster.

It's noteworthy that only 17% of Fortune 500 CISO positions were held by women in 2021. What setbacks do you believe women face when striving for senior management roles in the field?

Technology has traditionally been a male dominated world and so has leadership. Combine the two and the statistics are even dimmer. I think the biggest setback is mindset. As women leaders, we need to believe we can do it as well as the male leaders (or better) and existing leaders in companies need to recognize the advantages of gender diversity rather than someone they can feel “familiar with”. I do see this changing though and I think its an exciting time for women leaders and entrepreneurs.

Recognizing the significant value of networking, especially for entry-level female cybersecurity professionals, how do you actively encourage them to build strong networks with peers and within the industry?

Tools like LinkedIn help tremendously in being able to do this without physically going to events. I do believe in person networking brings added value, so I recommend that when possible. But connecting with other professionals and staying abreast of what’s going on in the cybersecurity community is much easier with groups and forums. I encourage entry level female professionals to follow leaders that they find inspiring and ask for informal mentorship. I am always open to provide guidance, look me up on LinkedIn!

Throughout your distinguished career at major global corporations, have you ever encountered situations where you felt the need to exert more effort than your male colleagues to advance and how did you deal with this?

I have been fortunate enough to not go through gender discrimination at work as such, so I don’t think I can give you a direct example. But there are several areas we can do better. Maternity leave for example, and ensuring that when women give birth, they are not forced to sacrifice their career goals. If women find themselves in such situations, I advise them to be objective, firm and stand up for themselves. That isn’t always easy, and the solution may not be at your existing workplace, but we should always be evaluated based on merit, not gender. That is a basic right that we should not hesitate to exert.

Data shows that women leave cybersecurity careers at around double the rate of men, which suggests there remains significant cultural barriers. What are the types of cultural problems women regularly encounter in the industry?

A lot of this is largely due to the lack of compassion and providing the ability for individuals to balance their personal goals with work. The maternity leave example above is applicable here as well. In addition to that Cybersecurity is a relatively new field, and unless you come from a technical background, many women are unable to balance the learning mid-career. Finding an organization that will provide you training and learning opportunities while being able to balance your current position and personal life can help tremendously on this goal.

The number of jobs available in cybersecurity has risen by 350% since 2013. The jobs are there, and women should not be intimidated by a lack of industry-specific experience. What changes do you think the industry needs, and what steps can companies take to attract more women to the cybersecurity sector?

Companies need to be realistic about their job descriptions, and hiring managers need to understand what a “trainable” attribute is and what is something that is a must have through education and experience. If companies are struggling to attract entry level candidates, they should look into training and rotation programs that encourage individuals to try cybersecurity. Cybersecurity is also very broad, and companies need to prioritize their needs and narrow them down while tying them into a long-term strategy.

For someone contemplating a career in the cybersecurity industry, what advice would you offer?

Do a lot of research – Cybersecurity is a very broad term with a diverse range of skills needed. You can’t work in it all. Pick a skillset and a job that works with your goals and uses your strengths, and then go deep into learning that skillset. Some of it maybe self-learning and some maybe at a job but focus on continuously improving the skillset. Once you land a job in Cybersecurity and get a few years’ experience, I encourage certifications. Network for mentorship.

A huge thank you to Praj for dedicating your time to this interview, your insights and experiences are remarkable and we are grateful you allowed us to give you this platform. If you would like to find out more information about Praj then head to her LinkedIn profile here.

If you, like Praj, have an inspiring story to tell within Technology or IT Infrastructure then please get in contact today for us to share your story.