2 minutes reading
About Nikunj Rakesh
Nikunj Rakesh, CISM, CDPO is a seasoned cybersecurity professional currently serving as Chief Information Security Officer (CISO) at Kratikal and Threatcop, where he leads enterprise-wide security strategy and governance initiatives. With deep expertise in Governance, Risk, and Compliance (GRC), he has extensive hands-on experience working with global standards and regulatory frameworks including ISO/IEC 27001, SOC 2, FedRAMP, GDPR, and NIST SP 800-53. His professional focus lies in designing, implementing, and managing robust Information Security Management Systems (ISMS), driving risk-based decision-making, and enabling organizations to achieve and sustain regulatory compliance while aligning security objectives with business goals.
The Need for a Consolidated View of Human Risk
In the modern threat landscape, security is no longer just about firewalls and endpoint protection; it is about managing the human element across every digital touchpoint. The core topic of Nikunj’s address is the necessity of moving beyond “checkbox compliance” and toward a strategic, data-driven understanding of human behavior. He argues that while organizations are proficient at monitoring their “tech stack” through solutions like SIEM, they often ignore the “people stack”. The challenge lies in the fact that an employee may be highly professional and vigilant on email but significantly less cautious on collaboration tools like WhatsApp or Slack, creating dangerous loopholes for attackers.
Key Quotes:
- “Security managers can actually put up most of their time into building up security strategies for the organization… rather than getting involved into creating content related to fishing awareness”.
- “If we talk about the people pillar… if we do the same thing with the people—the behavior of the people throughout different domains—and just correlate what they are doing… this can help organizations a lot”.
- “Consolidation of all the activities throughout the channels is very much important to get an understanding of how a user behaves”.
Categorization and the People Stack
Nikunj emphasizes that a one-size-fits-all training model is ineffective. Instead, security managers should use AI to categorize individuals based on their specific behaviors and perceptions. By doing so, organizations can create custom “playbooks” for different risk levels—such as a specific set of rigorous steps for a “highly vulnerable” group versus a different approach for lower-risk employees. This transition allows AI to handle the heavy lifting of running campaigns and figuring out which content should go to which set of people, effectively testing the “maturity of the control”.
Ultimately, Nikunj advocates for a “People Pillar” of security. Just as a SIEM correlates logs from various technical components, organizations must consolidate and correlate human behavior logs across email, phone calls, and messaging apps. This proactive approach helps identify where an individual is most likely to fail, ensuring that security is not just a repetitive activity but a robust defense against evolving attack vectors.
Discuss Your Organization’s Human Risk Challenges – Book a Meeting
