Ranbir Bhutani has over eighteen years of progressively responsible work experience in the Information Technology/Cyber Security field for several organizations. He has demonstrated a thorough knowledge of Information Technology/Cyber Security systems that are developed or supported by multiple government agencies and financial institutions. Ranbir has a strong understanding of every component within the cybersecurity field which ranges from Governance Risk Compliance, Security Operations, Threat Intelligence, and Insider Threats.

1. Firstly, thank you for taking part in this campaign, Ranbir. How did you first get involved with information security? Could you share a project or inspiration with us that prompted your involvement? 

I was presented the opportunity to work as a contractor for one of the US Federal Government agencies well over 18 years ago. At the beginning of my career, I was responsible for the oversight of patching for well over 25 systems that were part of the program office I was involved in during this contract.

It was an interesting experience when you were beginning the workforce and thrown into presenting to high-level Federal Officials on a weekly basis. This has helped me build strong confidence and passion for cyber security from the beginning of my career until the current moment. 

2. Based on your experience, what do you think are the three most essential soft skills that information security leaders should possess?

Confidence, open-mindedness, optimism, and effective communication (added one more as this is quite important.)

3. What advice would you share with information security leaders and CISOs when it comes to communicating an ROI for security investments to other stakeholders?

Understanding a company’s/organization’s financials is an effective way for information security leaders and CISOs when it comes to communicating an ROI for a security investment to other stakeholders.

4. What are the best practices for calculating the ROI of cyber security training for the workforce?

Educating staff and employees of an organization provides security awareness and training that will help them understand the importance and risks involved. Allowing them to stay safe and secure against phishing, cyber-attacks, ransomware, malware, spammers, and an over the understanding of the cause and impact to an organization.

The ROI would be calculated based on a quantitative analysis that involved the number of assets owned by the organization calculated by the percentage of risk if an employee were to be attacked or potentially infected their companies networks.

5. How many times per year do you believe the cyber security training for the workforce should occur?

As a good rule of thumb to keep information fresh within the workforce, I would highly recommend cyber security training once every month. 

6. What do future information security careers look like? As technology advances, the future information careers will transition to protection of data within the  A.I/Robotics and quantum computing level space.  Any strategies you would like to tell us about future-proofing a career in this industry?

There is no need to future-proof cyber security as attacks continue to grow daily and the dark forces (i.e. hackers, cyber criminals, spammers, phishers, etc.) continue to pursue attacks against companies/organizations. There will be a need for a cyber security force to help organizations in keeping their safe/secure against the latest cyber-attacks. 

7. What significant changes do you see occurring within the information security market over the next 3 to 5 years?

A significant number of cyber security institutes will be available to train the next generation of cyber security professionals due to the significant shortage of resources that is happening now (~500,000 unfilled cyber jobs within the United States and does not include global numbers).

---

Click here to learn more about the Swiss Cyber Institute’s approach towards improving the digital safety and security of society and economy through education and weekly blog posts. Do you think you are a good fit to participate in our Security Expert Interview Series? Reach out to us for more information.