In the dynamic field of Information Security (InfoSec) and Privacy, innovative approaches and strategic thinking are essential to stay ahead of evolving threats and regulatory demands. Vivek Shitole, with his extensive professional experience, stands out as a thought leader in this arena. With nearly two decades of expertise across various facets of InfoSec and Privacy, Vivek has made significant contributions to risk management, operational assessments, and performance improvement.
His career spans significant roles at Oracle and KPMG Advisory, where he has championed data-driven techniques and methodologies like Six Sigma to proactively manage security incidents and improve operational efficiency.
Notably, his published knowledge articles and blogs offer insights into innovative approaches to InfoSec and Privacy, highlighting his proactive stance in mitigating risks. Vivek also plays a critical role in strategic discussions with Oracle’s executive leadership, helping to shape the company’s multi-year risk identification and mitigation programmes.
Apart from his work for his employers, he also has noted contributions to the overall Information Security and Data Privacy industry. Many of his technical articles are published in widely recognised technical forums and organisations globally.
His work on innovative uses of process improvement techniques to reduce InfoSec incidents have been used/deployed by thousands of professionals and teams. Around 500 industry professionals have been trained by Vivek so far on various Information Technology Security and Data Privacy tools and techniques, which is significant in this industry.
Six Sigma Methodologies and Innovations
In addressing InfoSec and Privacy challenges, Vivek has employed a remarkably innovative approach using the DMAIC (Design, Measure, Analyse, Improve, Control) methodology from Six Sigma.
He explains, “Using a real-time case study, I have tried to explain how to use DMAIC to proactively reduce the Information Security tickets/incidents.” The situation he faced involved a high number of information security tickets, with the project constantly in a reactive mode. This spurred him to think of a proactive solution. “That is when I thought of this innovative approach to have proactive measures (and not reactive) to control this situation,” he recalls.
By applying Six Sigma methodologies, including the 80-20 rule and Fishbone analysis, Vivek and his team were able to achieve significant results. “We achieved a defects (information security tickets) reduction of 60%!” he proudly shares.
This substantial improvement not only satisfied the client but also led to the continuation and extension of their contract. “The client was satisfied with the results and decided to continue with our services. Thus, the contract was not only saved but also extended by two more years,” Vivek explains.
This successful implementation highlights his ability to transform reactive processes into proactive strategies, leading to enhanced efficiency and client satisfaction.
Unconventional Success Stories
One notable example of Vivek’s use of unconventional methods to improve InfoSec and Privacy involved a critical situation that required innovative problem-solving. “The director of my project management team chose me to handle this situation,” Vivek recalls. He and his team began by carefully studying the client’s escalation report to define the problem’s scope and measure the required performance indicators. This meticulous analysis laid the foundation for their next steps.
Vivek’s team then moved into the brainstorming phase, identifying a possible set of solutions and selecting the best optimal one. “We analysed the data, through brainstorming, found a possible set of solutions, and then selected the best optimal solution,” he explains.
With the chosen solution in hand, they collaborated with project personnel to implement it and closely tracked the resulting improvements. This methodical and data-driven approach led to significant advancements in the client’s InfoSec and Privacy practices, demonstrating Vivek’s ability to lead teams in devising and executing effective, unconventional strategies.
More from Tech
- What is Fair Source? Fair Source Vs. Open Source
- Tech and Startups To Help Explore Islands
- Why Do Some Businesses Use Render Farms For Digital Transformation?
- The Best SaaS Platforms for Collaboration
- Tech To Help You Stay Warm This Winter
- Why Should Small Businesses Invest In Antivirus Protection?
- Apps Helping You Track The Moon
- Meet The Startups Changing The Football Industry
Overcoming Challenges in Innovation
When proposing innovative solutions in InfoSec and Privacy, Vivek typically encounters several challenges that require strategic navigation. One primary issue is the sensitivity of topics associated with Information Security and Privacy, highlighting the importance of building confidence among all involved parties. “Gaining the trust of stakeholders can be used to overcome this challenge,” he explains.
Another significant hurdle is securing project sponsorship, particularly in terms of the resources required. Vivek notes that a formal project charter and effective communication can be helpful to deal with this.
Additionally, deploying innovations in a production environment poses risks due to potential application downtimes, emphasising the necessity of thorough risk analysis and mitigation measures to manage these challenges effectively.
The innovative nature of proposed solutions can also lead to the emergence of new risks and uncertainties. Vivek again relies on thorough risk analysis and mitigation strategies to handle these situations. His approach underscores the importance of preparation and proactive measures in successfully implementing innovative InfoSec and Privacy solutions.
Risk Management and Initiatives at Oracle
In his role at Oracle, Vivek has played a crucial part in strategic risk management and the development of multi-year risk identification and mitigation programmes. While specific details of the risks identified during strategic discussions with Oracle’s executive leadership are confidential, they generally revolve around key areas such as access controls, data retention, InfoSec incident management, organisation-level privacy programmes, and data centre decommissioning.
“My biggest contribution was to suggest actionable, specific, time-bound remediation actions, with precise ownership allocation and remediation dates,” Vivek explains. He also emphasised the importance of following through on these actions, helping to deploy related projects and programmes. Many of these initiatives turned into multilevel projects, bringing immense value and strategic risk mitigation to the organisation.
One particularly impactful strategic initiative that Vivek led at Oracle was centred around data centre decommissioning. Collaborating with the data privacy teams, Vivek worked on deploying organisational-level privacy programmes, third-party assessment strategies, and a centre of excellence for IT processes, primarily focusing on incident management and various asset management initiatives.
This initiative not only addressed immediate risks but also set a precedent for handling similar challenges in the future, significantly enhancing Oracle’s overall risk posture.
Balancing Immediate and Long-Term Risks
Balancing the need for immediate risk mitigation with the development of long-term strategic plans requires a nuanced approach. Vivek explains that immediate risk mitigations are short term and focused on tactical solutions, addressing urgent issues swiftly. “While working on immediate risk mitigations, I work with operational and tactical teams who are working directly on the tasks,” he notes, highlighting his hands-on involvement in managing pressing concerns.
For long-term strategic plans, Vivek aligns these initiatives with the company’s overarching strategic vision. He employs techniques such as Global Risk Assessment to gather insights from various global leaders. “I request inputs from various global leaders to understand the strategic risk areas and concerns,” he shares.
These executive inputs are crucial in designing and deploying comprehensive long-term strategic plans. By integrating immediate tactical responses with well-informed strategic planning, Vivek ensures that both short-term risks are mitigated and long-term resilience is built within the organisation.
Ensuring Accessibility For All Users
In addition to his contributions to InfoSec and Privacy, Vivek has also played a significant role in Oracle’s Accessibility Programme. As part of Oracle’s Business Assessment group, one of Vivek’s key responsibilities is to assess and ensure that Oracle’s products, tools, and service offerings are accessible to the disabled community.
Given that Oracle has around 70 million users, with over 25% (around 18 million) estimated to be from disabled communities, this work is crucial.
Vivek has been an integral member of the team, regularly assessing and ensuring Oracle applications comply with industry and government accessibility guidelines, such as the Web Content Accessibility Guidelines and US Section 508.
His work involves collaborating with Oracle’s product leadership teams and industry experts to make these applications easily accessible and usable for disabled users, ensuring that accessibility aspects are fully integrated with information security and data privacy requirements. This effort not only aligns Oracle’s offerings with global accessibility laws and regulations but also reinforces Vivek’s dedication to creating inclusive, secure, and user-friendly technology solutions.
Effective Risk Frameworks and Tools
When developing risk identification and mitigation programmes, Vivek relies on a variety of strategic frameworks and tools to ensure comprehensive and effective solutions. He employs established standards such as NIST guidelines, ISO standards, ITIL framework, Six Sigma tools, Cloud Security Alliance resources, and ISACA guidance to create robust risk management strategies.
To ensure effective implementation, Vivek emphasises the importance of direct applicability. “I first do a comprehensive analysis on common factors between these standards and processes to be analysed or improved,” he explains. After determining the relevant standards, he proceeds with creating an implementation plan, training stakeholders, and closely monitoring the implementation process.
This meticulous approach ensures that the risk management programmes are not only theoretically sound but also practically effective in addressing the specific needs and challenges of the organisation.
Vivek’s career exemplifies the critical role of innovation and strategic thinking in the fields of information security and privacy. His work serves as a valuable blueprint for organisations aiming to maintain a robust security posture in an increasingly complex and evolving digital landscape.
