Ms. Shivangi Nadkarni

Offbeat Careers: Information Security Expert

Interview by EJ Shreya Agarwal

In this series, we will try and bring you the stories of people who chose offbeat careers. When we talk about careers and career counselling, the usual route that is taken is aptitude testing, options, earning potential, etc. 

But we, at The Children’s Post, wanted to do things differently. What is life like for a profession? 

So, we are speaking to professionals and asking them things that matter – what is your life like? What led you to become this? What has your journey been? 

Today, we bring you the story of Miss Shivangi Nadkarni. With over 24 years of experience in the field of Information Security and Risk Management, E-commerce and Networking, Ms. Shivangi Nadkarni is the Co-founder and CEO of Arrka consulting. She has also worked in companies like Sify and Wipro. She has authored the privacy book of Knowledge which is the first book on Data Privacy in India. She is a Certified Information Security Auditor (CISA), a Certified Information Privacy Professional (CIPP) and also a DSCI Certified Privacy Professional (DCPP).

Ms. Shivangi Nadkarni
Ms. Shivangi Nadkarni

Q1. Please tell us something about your childhood. And how did your curiosity towards information security develop?

Mrs. Shivangi: I was a regular student and I had an affinity for quant. I really enjoyed math and physics. I didn’t enjoy chemistry that much, I struggled through it. And decades ago when I was graduating, the only options that “good students” were supposed to take up were pretty much engineering, medical and so on. So, I decided to do a degree in engineering, worked hard in my 12th and went to BITS Pilani. I just had exposure to computers in my 7th-12th  class. I just learnt a little bit of programming with no intention of working in this field. At that point in time this field didn’t even exist. I thought that I should do something in quant and engineering and that’s how I ended up in BITS Pilani.

Q2. You have worked in companies like Sify and Wipro. How was your experience there?

Mrs. Shivangi: Let me also tell you that when I graduated from BITS, I didn’t want to work in the tech field at all. Then I went to IIM Calcutta and I did a management degree and I wanted to do consumer marketing. Everybody wanted to do that at that time and I wanted to do what everybody was doing. But life took turns and finally, I was in Sify, when it was a Startup- at a time when the word startup wasn’t used at all. It was just a new company and everybody thought I was a little off in my head to join a company that was not established. I was the fifth employee and it was fun to be in a company that was being set-up. I stayed there for 10 years. I ended up being a part of the whole revolution of the internet being born in India. While I was in Sify, the company decided to bring in ‘digital signatures’ into the country. Nowadays they are taken for granted but it was back in 1999, when this concept came into existence.  To replace your physical signatures, you can use digital ones. Digital Signatures are embedded in cryptography- so it uses basic cryptography to sign. That’s when I first got exposed to cryptography, security, stuff like that and how all of it is used. It’s related to law and government. The government makes certain laws and regulations that allow certain types of things that are implemented in technology. That’s when my interest in information security started.

Q3. What made you quit these companies and start your own venture – Arrka?

Ms. Shivangi: Five years after I joined Sify, when the digital signature project was being set-up, it was again a totally different project. Within a large company, I was again starting from scratch. Then I moved to Wipro, which was a really large organization. After a while, I realized it was not in my DNA to work in large companies. My heart lay in creating something from scratch and being a part of it. And that’s why I started Arrka. 

Q4. What is Arrka Consulting?

Mrs. Shivangi: Arrka means ‘sunshine’. It basically works in two fields of information security – Cybersecurity and Data privacy. For most people, Cybersecurity and Data privacy is the same thing but these are actually two DIFFERENT fields. As a company, we enable organisations to implement and manage security and privacy within that company.  For example: You’re using an apple phone and apple has so many privacy features on iOS. For that to happen, there is so much that needs to happen within a company. And that’s what we do. Like that, we help a lot of companies what they need to do inside so that people like you and me as consumers can use privacy and can implement privacy and security.

Q5. How was your experience writing the book on Data Privacy in India?

Mrs. Shivangi: That was interesting. Basically, it is not my own publication, I did it as a project for the Data Security Council of India which is a NASCOM body which represents industries and its their publication. It was just outsourced to me. 

Interestingly, when I was asked to write the book, I was used to making documents as part of my work and I thought ‘this is just an extension of that’. So I happily said yes, and I was asked to make a project plan as to how long I would take. I made a very ambitious plan that I would finish writing the book in three months. What really happened was at the end of those three months, I had barely finished one chapter out of ten chapters.  So, it was a very interesting experience with a completely new field, very little reference points and writing through all of that, writing in a manner that is flowing rather than in a very pointwise manner, that is what we do in the corporate world. But it was fun, I learnt a lot – both about the domain and about writing books. I really enjoyed it. 

Q6. You’re a part of the Asia Advisory board of IAPP. What it is like to be a part of such an organization and what is this organization about?

Mrs. Shivangi: IAPP is the International Association of Privacy Professionals. It is the largest privacy body in the world. Basically, it builds a lot of knowledge about privacy. They have advisory boards across Asia, Europe, Americas etc to get professionals to come in and give their inputs about what’s going on in the market, in the region and comment on what offerings they need to do, new products they need to develop etc. At the Asia level, Asia currently is going through a lot of developments in the field of privacy. So its very interesting. We get a forum which helps us interact with our peers across Asia as well as some global folks. You understand what’s going on globally. You learn a lot and you contribute also.

Q7. How do you think we can manage our privacy in this era where a lot of things are digitally done?

Mrs. Shivangi: There is so much that you and I can do as individuals. The basics never change. Be careful about what you post online. Remember that it is going to be there forever. There’s no question of it ever getting erased. You may erase it or think its gone but its not. Be very sensitive about any personal information that you share. Not just your name, family information or stuff but also any financial information or any health information about people.

Today you go into any store where people just say give me your phone number and without thinking we give that mobile number. So ask why you really need that mobile number. Don’t just randomly give that out. People can track you.

Be very careful about the sites you visit and the apps you download. Don’t just randomly download all the apps and let them be in your phone. Once a quarter do something I call ‘spring cleaning’ of your phone. Make sure that any app you haven’t used in 2-3 months, please delete that. Minimize the apps in your phone. Your phone knows exactly what you do at all points in time and all apps on it know exactly what you do every time. Think about whether you really want the world to know what is going on with you and your family at all points in time. And its not just the app, they share it further with hundreds of people. You may think you have downloaded a shopping app or a gaming app, but while you’re playing the game, that gaming app has something called third parties/ external parties. There will be some 30-40 of them embedded in that. All of them are watching you, and all of them have access to your data. That’s why when you say for example, when you talk about a book with your friend, and you suddenly start seeing ads on your insta/facebook feed, because all of it is connected and you’re being watched. So just remember you’re being watched at all points in time

Q8. A lot of kids nowadays have social media handles. Could you give them some tips on how they can manage their privacy there.

Mrs. Shivangi: All social media have sections called security and privacy in the settings. First of all when you set up your social media handle, go and switch off everything in terms of limit the access to just your friends, or maximum friends of friends. Limit where your data is being shared. Limit ads. Wherever there is an option of turn off stuff, turn all of it off. You can always go back and turn it on later, if at all you feel that is required

Be very very careful about what information you share on your social media handles. Don’t pick a fight. Don’t say mean things. Think, 10-15 years later, somebody who is interviewing you for a job or for anything else, they’re going to come back and see something stupid you did 10 years back. You want that to happen? You don’t! You can’t erase it. Be very sensitive about that. Remember your personal data is very precious and it is the most expensive commodity in the world and people are willing to pay, whatever it takes, to get hold of that data. Be very careful about that. Just as you guard money, you have to guard your data. It has the same, or if not more value

Be very careful about your photographs too! Wherever in social media you have an option to lock your photographs, prevent downloads things like that, you must do it.

Q9. What challenges did you face and how did you overcome them?

Mrs. Shivangi: Challenges are always there, no matter what you do. Just as you face challenges with trying to balance school and activities and making sure you get good grades etc, similar challenges keep on happening. You just have to go with the confidence. Build the confidence that you can handle them. If you decide you want to do something, you can always do it. You will always find a way to do it. There is nothing called impossible. We’re not doing brain surgery and nor are we doing something which is sending us into space. Everything else you can find a way to do it. Just that you have to work hard, sometimes take a deep breath, sometimes take a pause, say that I’ll come back and revisit this after a period of time. 

I think my friends, or what I call a larger community of sisterhood, its very important to have them. Build relationships, nurture them over the years and ask for help. They are the ones who come back and help you. Always make sure you contribute to other people’s lives. Don’t just always go with this thing of what’s in it for me. Always contribute. When you have a challenge, other people will help you, just as when other people have a challenge, you should go out and help them

Q10. What was your success mantra?

Mrs. Shivangi: I don’t know if I have a single success mantra. I think it changes with time. For me its always been how much of an impact I can make on the world around me. In a way that is positive and in an area which is new to me. I have always worked an area which is new. That’s what keeps me going. But that’s not true for everyone, everybody has their own mechanism and mantra for success. There’s no right or wrong, everything is right. You just need to find what works for you. And it can change. It will change with time and its okay to change. 

Q11. Any piece of advice for anyone who’s aspiring to work in this field?

Mrs. Shivangi: Make sure you get technology grounding- by that I don’t mean you have to do a technology degree but you need to have a good tech grounding and also a little bit of a broader view. Don’t be very narrow, and that I think is not just for cybersecurity, actually any profession, to do well, while you need to build depth and expertise in specific areas, you also need to build a perspective. Cultivate your hobbies, read, do what you enjoy, meet different people, because we all are from different walks of life and the more people you meet, you hear different ways people look at the world and sometimes a solution comes to you which you won’t have thought of, if you were just within your circle. For cybersecurity, stay put, get a good technology grounding, get lots of experience, work with organization which will give you that experience because it’s a vast field. Read a lot about what’s going on in the world.