In this episode of the DevReady Podcast, host Anthony Sapountzis sits down with Shantanu Bhattacharya, Founder and CEO of Siometrix, to explore the evolving landscape of cybersecurity. Shantanu shares his extensive expertise, covering his pioneering work on the TCP/IP stack and public key infrastructure technologies that shaped secure communications. Now based in Canberra, Shantanu provides cutting-edge cybersecurity consultancy to federal agencies and organisations, focusing on data-centric security and fortifying operating systems to combat today’s complex cyber threats.
Shantanu discusses his extensive career in cybersecurity. Shantanu shares insights into his pioneering work, starting with the development of the TCP/IP stack, and his contributions to public key infrastructure technologies that enabled electronic signatures for legal standards. He reflects on the evolution of cybersecurity from rudimentary measures to addressing complex threats in today’s interconnected world. Currently based in Canberra, Shantanu provides cybersecurity consulting to federal agencies, leveraging his deep technical expertise. His innovative approach at Psychometrics involves fortifying operating systems to secure data comprehensively against potential attacks.
In this podcast segment, Anthony and Shantanu discuss the challenges posed by zero-day attacks and Shantanu’s approach to cybersecurity. Rather than engaging in the traditional “cat-and-mouse game” of detecting and addressing such attacks, Shantanu focuses on data-centric security with a 360-degree surveillance strategy. This approach involves verifying not just user credentials but also the device and software attempting to access data, adding multiple layers of protection. They also touch on the technical aspects of running software at the kernel level, ensuring system-wide low-level access for monitoring, and the process of obtaining code signing certification for such software.
In this segment, Shantanu discusses his approach to assisting both small-to-medium businesses (SMBs) and government agencies with cybersecurity. He highlights the unique challenges SMBs face, including navigating an overwhelming number of tools to optimise their cybersecurity within budget constraints. Shantanu explains that his work begins with identifying vulnerabilities in an organisation’s IT systems, including risks posed by connected smart devices and hybrid work setups. He emphasises the importance of awareness—both for himself and his clients—about existing systems and risks, which allows them to collaboratively devise tailored mitigation strategies. Shantanu also underscores that cybersecurity isn’t solely about installing tools but implementing secure processes and ensuring human compliance to close potential gaps, such as weak passwords or unsecured networks.
In this segment, Shantanu and Anthony discuss the cybersecurity risks posed by IoT devices, particularly those purchased from less reputable sources. Anthony highlights the vulnerabilities of cheap, unregulated devices that lack robust security protocols, contrasting them with established brands that invest heavily in scrutiny and protection. Shantanu agrees that segmenting IoT devices on a separate network is a fundamental security measure. They also address how IoT devices can act as entry points for attackers, potentially bridging gaps to compromise larger networks, including workplace systems. The conversation underscores the importance of vigilance in unexpected areas, such as home CCTVs, to mitigate cybersecurity risks.
Anthony and Shantanu discuss key cybersecurity measures businesses should implement to safeguard their networks and data. Shantanu stresses the importance of identifying where critical data is stored, as protecting it without this knowledge is impossible. He highlights the risks associated with cloud When referencing computing, the term 'cloud' refers to the generalisation of interconnected computers and services running on the Internet,... software, where organisations unknowingly increase exposure by uploading sensitive information or simply accessing it. Anthony likens this to building a house, where every new cloud-based service adds a vulnerable “window” to the structure, exposing businesses to potential attacks. They underline the need for dedicated IT or network professionals to oversee security and manage risks effectively in today’s cloud-dependent environment.
In this section of the DevReady Podcast, Anthony and Shantanu discuss the challenges in cybersecurity, particularly the dynamic and relentless “cat and mouse” game of defending against ransomware, phishing, and Zero-Day vulnerabilities. Shantanu emphasises that complete prevention of these attacks is impossible due to constant new vulnerabilities, even in long-standing systems. Instead, robust multi-layered security protocols and access controls, such as device authenticationAuthentication is sometimes used interchangeably with authorization. However, they provide two different services or features to any system you are... and multi-factor verification, are essential for minimising risks, especially since human error remains a significant vulnerability. The conversation highlights real-world social engineering tactics, illustrating how attackers exploit human emotions to extract sensitive information and demonstrating the importance of comprehensive, multi-factor security systems.
Shantanu emphasises the importance of appointing a Chief Information Security Officer (CISO) or at least dedicating bandwidth to cybersecurity responsibilities within businesses. He highlights the challenges organisations face when no specific role is allocated for cybersecurity, leading to gaps in preparedness and processes. Shantanu underscores the increasing accountability of boards for cybersecurity, the risks posed by oversharing personal information online, and the evolving threat landscape with AI-driven exploits. He also shares practical steps like using password managers, separating networks, and being vigilant about critical business assets to mitigate risks. Additionally, Shantanu offers a virtual CISO service for organisations unable to hire a full-time CISO, helping them identify vulnerabilities and implement security measures.
Topics Covered
- Shantanu’s Career and Contributions
- Cybersecurity Evolution and Challenges
- Data-Centric Security Approach
- Cybersecurity for SMBs and Government Agencies
- IoT Device Security Risks
- Cloud-Based Security Risks
- Organisational Cybersecurity Readiness
- Practical Cybersecurity Measures
- Virtual CISO Services
Important Time Stamps
- Shantanu Bhattacharya on Securing the Internet from Day One (0:07 – 4:29)
- 360-Degree Data Surveillance: The Next Level of Cyber Defence (4:30 – 9:33)
- Small Businesses, Big Cyber Risks: Shantanu’s Guide to Staying Secure (9:34 – 13:06)
- Cybersecurity 101: Protecting Your Network from IoT Vulnerabilities (13:07 – 15:43)
- Why Knowing Your Data’s Location Is Key to Cybersecurity (15:44 – 18:20)
- Whac-A-Mole Cybersecurity: Why It’s About Minimising Risk, Not Eliminating It (18:21 – 26:28)
- Why Every Business Needs a Chief Information Security Officer (CISO) (26:29 – 34:43)
