In our most recent Cyber Leaders on the Move series, I had the pleasure to sit down with OWASP Global Chair, Cybersecurity Women of the Year winner, CLP scholarship recipient, and distinguished alumni Vandana Verma.
As always, I like to take it to the very beginning, to understand how those formative years shaped this global change-maker. So, I open with a question about her childhood.
“I was born and raised in Delhi, India. I’m still in India. I travel a lot, but India is home,” Vandana warmly opens the conversation. “My family are all in Delhi, including my two siblings, a brother and a sister, each going well in their careers.”
Vandana was educated in a common primary school. Upon moving to a government school, (also known as an SKV school), she learnt to connect with teachers. One of her teachers left a lasting impression, as the best teachers do, and instilled in Vandana the virtue to only compete against herself. “My teacher told me to always compete with myself; that will take you a long way,” Vandana recalls, “That has stuck with me. The field I am in needs a lot of enthusiasm and competition, but a healthy one.”
In high school, Vandana had a choice between medical or engineering courses. Not one to follow the grain, Vandana decided to pursue both mathematics and biology. Recalling that time fondly, Vandana describes, “It’s like being in two boats at the same time, and you don’t know which one is going to sail and even if it does sail, whether it will fall down.”
Whilst in college, Vandana dabbled in networking computers and routers. On top of her scientific pursuits, Vandana also earned an MBA, solidifying her understanding of the business world, leadership and management. She is never one to shy away from stepping out of her comfort zone and trying new things.
As a fellow lifelong student, Vandana conveys the riches garnered from education, “You grow from the things around you. Even if you don’t have anything if you have things to learn, it will take you places,” she remarks.
Entering the workforce in technology at Wipro Limited, Vandana conveys the often-overwhelming feeling that comes with a new job, “You realize it’s an ocean, and there’s so much to do!” she exclaims. Vandana was assigned a task in cybersecurity, and this essentially birthed her career. Staying with Wipro for five years, Vandana accumulated hands-on experience in core cyber security domains such as network security, vulnerability assessments and security operations. During this intense tenure, often characterized by numerous night shifts, she configured firewalls, routers, switches, SIEMs and a range of other solutions.
She left the Indian multinational conglomerate to join IBM, further cementing her network security credentials. From here, Vandana joined Accenture as a security and information administrator and was soon told there were openings for application security. With minimal experience, Vandana was given three months to expand her knowledge in application security. Expressing the challenge of switching from network to application security in a short time as nerve-wracking, it was also the best decision for her career. Combining expertise in both areas provided Vandana with what she describes as a full-length view into cybersecurity.
At this time, in 2012-2013, people were starting to talk about DevSecOps and DevOps. “I was introduced to OWASP in 2012, whom I only known as a testing guide and Top Ten and initially I thought they just produced web code,” Vandana laughs, “Within a year, I realized it was so much more.”
OWASP, or the Open Web Application Security Project, is a free knowledge-sharing platform and global non-profit online community. OWASP produces freely available articles, methodologies, documentation, tools, and technologies in the field of web application security. With regional chapters, each with hundreds of members and multiple projects, OWASP is one of the leading global cyber security professional associations.
The OWASP Bangalore chapter leader encouraged Vandana was to immerse herself in the community of OWASP. She took heed, marking a key that was a huge turning point in her career. “I got to meet people from OWASP and the prominent security community, NULL.”
Her involvement in OWASP grew. She was asked to lead the Bangalore chapter in 2017, a role that took a few months of deliberation before a cautious acceptance. As Vandana aptly puts it, this turned out to be serendipitous and worked for good. The very next year OWASP launched Women in AppSec, and Vandana was appointed the Asia lead.
High on the list of impressive moments in an awe-inspiring career was 2019 when Vandana was asked to keynote at an OWASP conference in Washington DC. There, she talked about diversity with incredible passion in front of thousands. “It was not just gender diversity; it was about colour, age, different fields, ethnicity,” Vandana reveals. “There is something to learn from everyone, and that is what cybersecurity is all about,” Vandana expands, “It is like a buffet with different dishes.”
Curious to understand how she felt before such a momentous keynote, I dug a little deeper asking Vandana to explain the lead-up. “Being a vice-chair for women in App Sec is one thing. Speaking in front of over a thousand people is a totally different feeling. There was a lot of pressure to get it right,” Vandana discloses. Redirecting the adrenaline from fear and nerves into preparation, Vandana went through multiple iterations of her slides and had her presentation peer-reviewed to ensure the message landed correctly.
Vandana’s speech also addressed research into the cybersecurity skills gap. This gap, Vandana suggests, could be partly due to hesitancy by job seekers only applying for jobs where they meet 99% of the criteria. Vandana believes talking about diverse topics and making them comfortable could give people the confidence they need to start applying. “If you have the right attitude, you will learn the skills on the job,” she states.
The keynote speech was a pivotal moment, catapulting Vandana onto the global stage as an authority in diversity in cybersecurity. “A lot of organizations and people reached out to me afterwards to get my slides and to understand how they can shape up their recruiting process,” she expounds.
That same year, Vandana applied to join the global board of OWASP. The global board consists of just seven people, Chair, Vice-Chair, Secretary, Treasurer and three members at large. Some cynics questioned whether Vandana should go for a global position naming various obligations such as work and family as deterrents. On the other hand, Vandana had a supportive circle encouraging her to try so as not to regret never going for it.
Having supportive friends is another important tool in your arsenal Vandana recommends in life. “It is important to have friends that support your risk appetite and crazy ideas,” Vandana grins.
“I was voted in with the highest number of votes for Treasurer on the board,” Vandana recalls. The following year saw her appointed to Vice Chair of OWASP global board. As positions are for two years, Vandana had to reapply in 2022 to serve again and decided to apply as Chair for OWASP global board, which she won.
Not only does Vandana Chair OWASP, which is volunteer work, she is also a member of the Black Hat Asia Review Board as well as multiple other conferences, including Grace Hopper India and OWASP AppSec USA, to name a few.
Vandana is also the founder of InfoSec Kids, which was established in 2020. I queried how InfoSec came about, to which Vandana replied, “I saw a need to educate kids about cybersecurity,” she begins. The idea for Infosec Kids was born out of conversations with police which revealed a clear need to educate kids and their parents about cyber risks and safe cyber practices. “When we were growing up, we didn’t have smart phones in our hands. Now days, kids have access to smart phones, and it’s important that we take care of them,” Vandana elucidates. InfoSec Kids is still relatively new and is planning upcoming activities to ensure the right information goes to the right people. I am impressed with Vandana’s drive and determination to ensure the next generation has good cyber literacy, a vital skill in today’s world.
With a lot of dedication to volunteering, I was curious to learn what Vandana’s bread and butter is. “I work for Snyk and am their first employee in India,” Vandana tells me, “I am their security relations leader in the APJ and ANZ regions. I connect with CISOs and organizations to understand the issues they are facing around application security and software security and to provide solutions.” Describing her job with passion, I am struck by Vandana’s energy and commitment to cybersecurity.
I am always curious to understand regrets or big challenges and asked Vandana to reflect on her stellar career and any things she might want to change. Vandana simply notes her biggest challenge was her shyness. Describing herself as an introvert, Vandana says she has learnt to become more fearless and more confident and can now hold a conversation with anyone.
Last year, Vandana won a Cybersecurity Woman of the Year award, which gained her a scholarship into our Cyber Leadership Program. “Winning an award is not what matters,” Vandana humbly emphasizes, “But if it connects you to people or teaches you something, that is what matters.” Vandana remains in touch with many people from the CLP to this day, demonstrating the power of community, and says she learnt a lot about leadership from the CLP. Vandana believes her success lies in curiosity and willingness to reach out for help. “Never shy away from connecting with anyone or asking a question. It is always good to ask and to learn. Always be ready to accept help. It doesn’t make you any less of a person,” she underscored.
It is clear Vandana has a lot of wisdom to share, and I asked for some closing remarks for anyone trying to break into security but doubting themselves due to their gender, ethnicity, experience, or other self-imposed limitations. “Be you!” Vandana exclaims. “Never ever doubt yourself. A lot of the time, other people don’t judge us; we judge ourselves,” Vandana states. “People are so wrapped up in themselves that no one cares whether you succeed or fail!” she emphasizes. To overcome doubts, Vandana reiterates the importance of discussing your problems with friends and mentors. “When you start discussing your doubts, you realize either you pass or fail,” Vandana explains. “And even if you fail, you still get experience,” she concludes.