Meet the Expert: Dr. Saadat Bunyatova

Published by Mark Hayes
May 13, 2024 @ 2:11 PM

Meet Dr. Saadat Bunyatova, a seasoned IT professional with more than 17 years of experience managing cybersecurity initiatives across multiple industries, including manufacturing, services and finance. We asked Saadat questions about the role of the Senior Cyber Security Compliance Expert to share her insights into the ever-changing world of cybersecurity:

 

Journey in Cybersecurity: You've been in the cybersecurity field for over 17 years. Could you share a bit about how you started and what has kept you passionate about this field throughout your career?
 
My journey into cybersecurity began in the early days of the internet when cyber threats were just starting to emerge. Back then, as a software engineer, I believed flawless code was the ultimate defence. But the deeper I dove into this work, the more I realized the digital world is far more intricate. Perfect code wasn't enough to keep the bad guys out. This sparked a shift in my focus. I delved into hardware security and the intricate world of network management. It became a journey of self-discovery, fuelled by a relentless curiosity to understand the why behind everything. Every question I pursued led me down new paths, eventually landing me in the realm of Cyber GRC.
 
What truly ignites my passion for this field is its constant evolution. Just when you think you've grasped it all, a new threat surfaces or a groundbreaking technology rewrites the rules. It's a relentless game of cat and mouse, with high stakes and a constant surge of adrenaline.
 
Beyond the Checkbox: Compliance can sometimes be seen as a checkbox exercise. Can you share an experience where adherence to standards led to a significant win for your company?
 
When defending the Cyber GRC team and emphasizing that our work goes beyond simply ticking boxes and being a "stopper" team, I frequently cite these particular instances. Alongside shaping the better cybersecurity poster and managing cyber security risks in alignment with business goals it is also about driving real value for the company. In one of my previous roles where I led the compliance department, we were not only fortified our cybersecurity posture but also achieved tangible financial victories in 3 fronts: sales, procurement, and finance. Here's how compliance became a revenue driver:
 
Our alignment with regulations like ISO 27001 and ISO 9001, along with our ISO certifications, became a powerful sales tool. We used it to win major tenders, demonstrating our commitment to security and quality.
 
Compliance also empowered our procurement team. By adhering to international standards, they negotiated better deals with suppliers. This, along with securing partnerships with leading IT providers like Cisco and Motorola (thanks to our gold partner status), resulted in significant cost savings and expanded market reach.
 
Demonstrating our security and quality focus didn't stop there. We secured loans with lower interest rates. Lenders saw our compliance as a sign of stability and reliability, boosting our financial reputation and giving us access to better financing.
 
These are real-world examples of how compliance with international standards can translate into tangible benefits. It's not just about ticking boxes; it's about driving business success and adding value to the organization.
 
GRC Tools: What factors do you consider most important when selecting GRC tools for your
organization?
 
Picking the perfect GRC tools for a company isn't a one-size-fits-all situation. I would like to emphasize several must-haves:
 
Integration: The tool should fit like a glove with the existing IT systems and workflows. No disruptions, no major reworks – just a smooth transition that keeps things running efficiently.
Security: Security is paramount. The tool itself needs to meet cybersecurity standards, not create vulnerabilities. Strong access controls, top-notch encryption, and regular updates are all mandatory.
User-Friendliness: Complexity is the enemy here. The tool should be intuitive and easy to use, allowing the team to get up and running quickly without needing a Ph.D. in tech.
Scalability: In today's fast-changing tech world, companies are evolving rapidly. So, the perfect GRC tool should scale as a company expands, handling more data, users, and complexity while remaining reliable and fast.
Reliability: Choosing a GRC tool is like choosing a teammate. This is about long-term GRC success, not just a quick sale.
 
Moreover, it's essential to recognize that the ideal GRC solution for each company should have an individualized approach. Factors such as the sector we operate in, the volume of operations, historical data, product portfolio, and organizational culture all play a crucial role in determining the most suitable GRC tools. Just like medications, we cannot simply adopt someone else's prescription and expect it to work for us.
 
Security in the Board: What is your most important piece of advice for Board-level executives on managing cybersecurity risks?
 
I'd like to tackle this question from a different angle, focusing on enhancing the board's comprehension of cybersecurity by emphasizing effective communication methods. This approach ensures they possess the necessary information for informed cybersecurity decisions. It's crucial for today's Cyber Experts to stress the importance of cybersecurity using concrete evidence and avoiding overly technical language. Our CEO Belen Garijo's 3T philosophy of Truth, Trust, and Transparency holds true in cybersecurity communication as well. We should prioritize these principles when interacting with the board.
 
1. Truth: Providing precise and honest information on the organization's cybersecurity status, risks, and ongoing initiatives.
2. Trust: Building confidence and reliance through demonstrating competence, reliability, and
integrity in fulfilling commitments.
3. Transparency: Openly sharing information about the organization's cybersecurity practices, including strengths, weaknesses, and areas for improvement.
 
Overall, adhering to the principles of truth, trust, and transparency fosters a collaborative relationship, leading to more effective governance of cybersecurity risks and better protection of the organization's assets and reputation.
 
Women in Cyber: You are an advocate for women in tech. How important has mentorship been in your career, and what role do you think community networks play in supporting women in cybersecurity?
 
Raising three daughters has fueled my passion for empowering other women, both personally and professionally. We actually have a saying in our family: "A candle loses nothing by lighting another candle". This proverb perfectly captures the essence of mentorship, right?
 
Throughout my years fighting for women in tech, I've witnessed firsthand the transformative impact of having a mentor. I was fortunate to have amazing mentors and continue to benefit from that support. One piece of advice that's always stuck with me is: "If you want to go fast, go alone. If you want to go far, go together". It's helped me navigate the challenges of the industry and build strong connections with other women.
 
Speaking of connections, platforms like CIONET have been a game-changer. This year alone, in CIONET events I’ve connected with incredible women like Touria, Anna, and Vivien – just to name a few. Each one is brilliant and inspiring in her own way. Their resilience, creativity, and determination are truly remarkable. Platforms like CIONET create a supportive space where women can find resources, mentorship, and networking opportunities designed to empower them. By working hand-in-hand, we can continue to lift each other up and create a more inclusive and equitable tech landscape for the next generation.
 
Tips for the Next Gen: What’s one piece of advice you’d give to your younger self when first starting out in cybersecurity?
 
One piece of advice I'd give to my younger self when first starting out in cybersecurity is to embrace every opportunity that comes your way.
 
1) Embrace Challenges! Don't fear setbacks or mistakes. They're stepping stones on your path to learning and growth.
2) Fuel Your Curiosity! Never stop asking questions. Be relentlessly curious and hungry for
knowledge.
3) Build Your Network! Make yourself visible and create a strong personal brand within the
cybersecurity field.
4) Understand the Business! Grasping fundamental financial concepts helps you quantify cyber risks and communicate effectively with business leaders.
 
These will not only help to grow professionally but also make you a valuable asset in the field of
cybersecurity.
 
 
Don't miss the chance to see Saadat live as a CIONET panelist on “Implementing GRC Automation -Beyond the Checkbox” at the Converge Conference on May 23 in Munich!
 
DE20240523 Converge NL
 
 
Posted in:CIONET Germany

No Comments Yet

Let us know what you think

You May Also Like

These Stories on CIONET Germany

Subscribe by Email