Shivkumar Pandey is currently working as Group Chief Information Security Officer (CISO) in Bombay Stock Exchange (BSE). Pandey has 18 years of industry experience in IT service delivery and cyber security across industries like BFSI, ITES & Telecommunication. He has been at leadership roles in cyber security and IT infrastructure management across various organizations for past 16 years. Prior to joining Bombay Stock Exchange (BSE) as CISO, he was CISO at National Payment Council of India, Reliance JIO, SUD Life, Future Generali India, Kotak Mahindra, and TATA AIG.
Key Security Initiatives
The stock exchanges in India are closely watched and reported globally as India is one of the fastest growing economies. The exchanges are seen as a reflection of the health of the economy of a country. The news about any halt or disruption in trade at a stock exchange spreads like wildfire and has tremendous monetary ramifications. The Bombay Stock Exchange (BSE) facilitates up to 250-280 million orders per day. This makes cyber security a critical business factor for the BSE. In order to ring-fence itself from global cyber security threats, BSE implemented a next generation Cyber Security Operations Centre (CSOC). Also BSE was planning to transform its current information security posture to next generation security analytics and operations. To mitigate the risk identified through risk assessment, relevant technologies and processes were identified. Subsequently short term and long term objectives were set and classified into several domains based on their attributes. BSE implemented advanced technologies like anti APT for protection against latest malwares and ransomware, and mitigation of threats like zero-day attack. Niche technologies like cognitive analysis and artificial intelligence, user behavioral analysis, anti-APT, deception technology, real-time forensics etc. were also implemented. BSE subscribed to multiple global and local cyber threat intelligence feeds. The project transformed the overall maturity posture of BSE in terms of cybersecurity readiness and threat mitigation levels.