Deepika Gajaria of Tala Security: “Build your network”

Companies really need to address the problem of third-party risk. According to recent reports, over 51% of organizations have been breached because of a third party. This has both a security and privacy angle to it. The more third parties your website is integrated with, the more it endangers your sensitive customer data. Due to […]

Thrive Global invites voices from many spheres to share their perspectives on our Community platform. Community stories are not commissioned by our editorial team, and opinions expressed by Community contributors do not reflect the opinions of Thrive Global or its employees. More information on our Community guidelines is available here.

Companies really need to address the problem of third-party risk. According to recent reports, over 51% of organizations have been breached because of a third party. This has both a security and privacy angle to it. The more third parties your website is integrated with, the more it endangers your sensitive customer data. Due to regulations like GDPR and the SolarWinds attack, organizations are now realizing that they are not only responsible for their own security posture but also the security and privacy postures of their vendors. It’s not enough to audit your third parties, organizations must actively monitor them.

The cybersecurity industry has become so essential and exciting. What is coming around the corner? What are the concerns we should keep an eye out for? How does one succeed in the cybersecurity industry? As a part of this interview series called “Wisdom From The Women Leading The Cybersecurity Industry”, we had the pleasure of interviewing Deepika Gajaria.

Deepika Gajaria is Tala’s VP of Products. An experienced product leader and technologist, Deepika is responsible for product strategy and delivery at Tala. Working closely with customers, she drives product direction and shapes the product roadmap to address their core needs.

Thank you so much for doing this with us! Before we dig in, our readers would like to get to know you a bit. Can you tell us a bit about your backstory and how you grew up?

Thanks for inviting me. I grew up in Hyderabad, a city in South India, and moved to the US when I was 10. I was very fortunate to be surrounded by family members who were scientists and doctors and was exposed to science very early on in my life. I was particularly interested in tinkering and experimenting with things, be it fixing a radio or furniture, and knew I wanted to work with my hands. My 11th grade Physics teacher was the one who planted the seed to pursue a career in the natural sciences. This led me to UT- Austin where I studied Physics and Mathematics, and to my first real job as a research engineer building high-power energy sources for cancer therapy and communications.

Is there a particular book, film, or podcast that made a significant impact on you? Can you share a story or explain why it resonated with you so much?

“Thinking Fast and Slow” by Daniel Kahneman. I read this a few years ago and it was intriguing to see how our minds work. Specifically, the notion of cognitive bias and how we are all a victim of this. The author provides great examples and allowed me to become more introspective.

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

It’s funny to look back at my career. One of my projects early on as a researcher was on a DARPA project working on security, the physical kind. The US government was keen on scanning all cargo entering US ports to ensure there was no radioactive material. Fast forward 15 years and I am working on a different kind of security, cybersecurity. Security is ever changing and the chance for innovation and impact is huge. With recent attacks like SolarWinds, where state actors were involved, cybersecurity is impacting both the private and public sectors.

Are you working on any exciting new projects now? How do you think that will help people?

We don’t have to look hard to find stories about privacy breaches, ransomware attacks and the lack of preparedness within enterprises to tackle them. If you look back 40 years to when the US Privacy Act defined guidelines and restrictions for what data the government could collect to now with CCPA, GDPR and others — this space is still evolving and more needs to be done to ensure that consumers data is protected.

Data is ever more valuable and the need to know who is accessing your data is gaining momentum with the numerous compliance regulations. At Tala we have invested heavily on ensuring privacy and security technologies are easy to use and implement for enterprises looking to be compliant. Our privacy product helps enterprises answer critical questions about how they are sharing data about their consumers with their partners, the need for access and exposure to data. It also helps put in safeguards to ensure that proper security controls are in place to stop exfiltration of sensitive data. This in turn helps not only enterprises but consumers as well feel safer when they are online.

Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry seems so exciting right now. What are the 3 things in particular that most excite you about the industry? Can you explain or give an example?

There have been wide scale attacks like the SolarWinds hack and the most recent Colonial Pipeline breach that have resulted in renewed attention on the national threat of cybercrime. With this comes a new era with the Biden administration’s appointment of the first national cyber director. What excites me personally is to see a concerted effort from both industry and government to work together on these problems.

This also bridges the gap between what consumers and enterprises have in terms of regulations like CCPA and GDPR that now cover a larger nationwide set of policies. This may be the first of many small steps that will benefit the cybersecurity community overall.

I am also very excited about the number of players in the security/privacy space. It solidifies the fact that you can’t tackle one without the other and that both are critically important as technologies align.

What are the 3 things that concern you about the Cybersecurity industry? Can you explain? What can be done to address those concerns?

From both a consumer and enterprise perspective, we should all care. Not just about the kind of personal data that’s being logged, but also about how it’s being shared and used. Here are three things that we can do better at an Industry:

  1. Regulations are a powerful way to ensure enterprises comply, but now comes the fun part: What tools are available to help enterprises on this journey? Do you have the right set of technologies and processes in place to comply? I remember when the 2018 deadline to comply with GDPR was around the corner, and enterprises were scrambling to meet it. Many enterprises weren’t equipped with the right tools then and now to ensure all aspects of data collection, access and storage are done in an automated way.
  2. Invest in a privacy first practice across your organization. For websites this starts with the right set of partners and vetting them thoroughly prior to integration.
  3. Think of privacy and security as one and the same. The silos that existed between two organizations are slowly going away. Implementing a privacy program means implementing a robust set of security controls, both teams are working more closely than ever before.

Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for? Can you explain?

Companies really need to address the problem of third-party risk. According to recent reports, over 51% of organizations have been breached because of a third party. This has both a security and privacy angle to it. The more third parties your website is integrated with, the more it endangers your sensitive customer data. Due to regulations like GDPR and the SolarWinds attack, organizations are now realizing that they are not only responsible for their own security posture but also the security and privacy postures of their vendors. It’s not enough to audit your third parties, organizations must actively monitor them.

Can you share a story from your experience about a cybersecurity breach that you helped fix or stop? What were the main takeaways from that story?

We were working with one of our Fortune 500 financial customers. We were live on their flagship website and were actively detecting and stopping a range of attacks. One particular one was interesting due to the intersection of security and privacy that the customer was not aware of. The customer had numerous third-party vendors that we were monitoring closely for any malicious activity but little did we know that the customer’s own code was collecting unauthorized data that could potentially have huge privacy implications. There was a key logger that was used on a test site that migrated over to the production site. Tala caught this problem in both environments and no data was lost! The key takeaway was that early detection and warnings are far less costly than fixing problems after the fact in a production/live environment.

What are the main cybersecurity tools that you use on a frequent basis? For the benefit of our readers can you briefly explain what they do?

There are a few simple tools like using multi-factor authentication and identity theft protection that add an additional layer of security to our day-to-day use on the internet. There are a number of websites that help you set up multi-factor authentication — this is an additional identification step to ensure you are in fact who you say you are before logging in. This is especially useful when you’re logging in from a different location. Pre-Covid when I was traveling, if I logged in from a different city or county or even a new device, I always got the prompt.

Identity theft is on the rise. Some estimates claim that identity theft costs Americans over $50 billion annually. There are simple tools consumers can use to help detect a possible leak.

As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a layperson can see or look for that might indicate that something might be amiss?

Attack techniques are getting more advanced by the day and for most of the attackers, the key focus is remaining undetected so that they can carry out data theft for prolonged periods on multiple websites (especially when a third party is involved). Automated attacks could be detected by paying attention to spikes in web traffic or web traffic from unusual geographic locations or malicious IPs. However, given the nature of client-side attacks, these methods might not be effective. I would highly recommend using security automation to limit your exposure as well as continuously monitor your website and its traffic for anomalies and indicators of compromise.

There are other simple indicators like redirection of pages — is it from the same vendor site, is it asking for information you may have already filled out previously?

Websites are more and more interactive with access to your microphone, camera and other tools.

After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?

Breaches are now commonplace and it’s not a matter of “if” but rather “when” a breach happens.

As a first step, there are obligations enterprises need to fulfill per privacy regulations and clear steps like disclosure to both the governing bodies and consumers. With customers we have worked with directly after a breach, there needs to be clear alignment between the security, privacy and compliance teams to set up a task force and get to the root of the problem. Often part of the remediation process involves gaining back customer trust. That is critical. A recent study by Gartner made a direct correlation between maintaining digital trust and an increase in digital commerce profits by as much as 30% vs the competition. Customers and vendor partners are also more and more aware of controls and technologies that enterprises can incorporate into their stack to limit future breachers. So the bottom line is that having a sound security and privacy practice involves technologies and processes that safeguard customer data.

What are the most common data security and cybersecurity mistakes you have seen companies make? What are the essential steps that companies should take to avoid or correct those errors?

Breaches like SolarWinds and Accellion have brought supply chain attacks and third-party risks to the forefront. Many application security leaders don’t seem concerned that the third-party JavaScript integrations powering the rich web experience on their web applications may be exposing them to data breaches and cyberattacks. CISOs are tasked with balancing security and business needs — their marketing teams rely heavily on engagement tools like chatbots, analytics or messaging, but this in turn makes it harder to control third-party dependencies and their access to sensitive data on web applications. CISOs are also required to align with data protection and privacy teams to drive compliance with regulatory frameworks like GDPR and CCPA. The question is — are they thinking about solving this using technology and automation rather than relying on manual processes alone?

Under existing regulations, most organizations are required to immediately report to a supervisory authority and all the data subjects (or customers) that have been impacted by the breach. This has to be done within a set timeframe (usually 72 hours) so as to avoid further penalties. To protect themselves, they should first understand the root cause of the breach, communicate the same to their customers and immediately deploy a solution that could help mitigate this vulnerability.

Let’s zoom out a bit and talk in broader terms. Are you currently satisfied with the status quo regarding women in STEM? If not, what specific changes do you think are needed to change the status quo?

We can all do better in getting kids engaged in STEM early on. I think STEM has this notion of being hard and that it’s too late to get serious about it. Rather than trying hard to dispel this in high school, we can get science education to be more hands-on and accessible early on in schools. With kids who have trouble with math early on, we provide more early education and teachers to help. Volunteer helpers make a big difference in communities. When the pandemic hit and kids didn’t have much in person education in the last few months of the school year in 2020, I saw signs outside retired teachers’ homes “I am a teacher and can help.” They were offering their support to kids.

I also believe private industry can play a bigger role in our local schools. There are pockets in the Bay area that have well-funded science programs thanks to generous donations and grants from private industry and we can all play a small part in expanding this across the community.

What are the “myths” that you would like to dispel about working in the cybersecurity industry? Can you explain what you mean?

Before I joined Tala I had limited experience in cybersecurity. I was under the impression like most others that I needed deep expertise in the field to make an impact. Fast forward 2.5 years and I have seen that like most other fields I have worked in, you need to focus on the basics- What are the key problems customers are facing? What specific problem(s) are we solving for and Is our product’s value proposition compelling enough for customers to want to try out and eventually buy the product?

Thank you for all of this. Here is the main question of our discussion. What are your “5 Leadership Lessons I Learned From My Experience as a Woman in Tech” and why? (Please share a story or example for each.)

  1. Build your network. Over the years I have worked with wonderful people who have become my mentors. I look to them when I’m in a tough situation at work and I always come away with more clarity after those conversations; it’s likely that they went through something similar. Make connections, seek out mentors and you’ll be surprised how much it will help you navigate your life.
  2. Seek out opportunities. There are many interesting opportunities that pop up over the course of your career. We have a tendency to think we may not be ready for a role, and that hiring managers will approach you if they think you are ready. Quite the contrary.
  3. Everyone wants to be appreciated. As a leader you need to be acutely aware of how your team is doing. Be more empathetic when someone is having a sub-optimal day, appreciate folks and above all give them the support they need to be successful.
  4. It’s not about balance but more about harmony. Like most parents, I struggle with spending quality time with my family and giving my best at work. Over time I have learned not to be hard on myself and ask for help. I have an incredible support system of babysitters, friends and neighbors who I rely on every day. Being busy has given me and my family a new perspective on time we spend together.
  5. Lastly and the most important is to have fun! I tell my kids every day, ”Your only job in life is to be happy.” If you aren’t happy with your current role, try to make changes, but if it still doesn’t work out, pick up the tools you learned and move to the next. I have been in situations where I wasn’t the right fit for the role and vice versa. I did struggle with moving on but eventually realized that in order for the team to be successful I needed to love what I do and when that stops, it doesn’t benefit anyone.

Thank you so much for these excellent stories and insights. We wish you continued success in your great work!

    Share your comments below. Please read our commenting guidelines before posting. If you have a concern about a comment, report it here.

    You might also like...


    David Pignolet of SecZetta: “Companies need to know that the people”

    by Jason Remillard

    Michiel de Bruin of Odesso: “Team training and education ”

    by Tyler Gallagher

    “Work from home is here to stay”, With Jason Remilard and Dr. Galina Datskovsky of Vaporstream

    by Jason Remillard
    We use cookies on our site to give you the best experience possible. By continuing to browse the site, you agree to this use. For more information on how we use cookies, see our Privacy Policy.