KK is one of the pioneers of cybersecurity in India. He is the Founder and CEO of a well known Cyber Security company, Network Intelligence India Pvt Ltd. Having begun his firm as a one-man show in 2001, it has now grown to a team of over 450 consultants spread across offices in New York, Dubai, Mumbai and Singapore. He is a trusted consultant and trainer to organizations all across the globe on various aspects of cybersecurity. He is well-versed with the security challenges of various industry verticals, and also with international standards and frameworks such as ISO 27001, PCI DSS, COBIT, HIPAA, etc.
He is the author of two books (on Linux Security and on the Metasploit Framework) and of numerous articles on information security. He was the first security researcher from India to present at Blackhat in 2004 (on ‘Detection and Evasion of Web Application Attacks’) and since then has spoken at numerous global conferences.
Let’s have a look on the below conversation, Hackers Interview team had with Mr. KK Mookhey :
Hackers Interview: Where did you get the inspiration to enter into the cyber world?
Mr. KK Mookhey: In the year 2000, I was in the third year of computer engineering at VJTI (Mumbai), when I first started toying with the idea of starting my own venture. But I didn’t have any real concrete ideas, and I wasn’t confident enough to quit college to start my own company. However, by the start of the 4thyear, I was fairly sure that I didn’t want to continue on the well-trodden path of doing my bachelor’s, then going to the US, and pursuing the H1-B, Green Card route. Also, I was certain that I what I wanted to do in life was to run my own company. So, the only question was one of timing. And at that stage it felt that the sooner I start my own company, the lesser the risk, and so at the start of the 4th year of engineering college, in the year 2001 I dropped out of college and started tinkering around with ideas of what sort of company to start. A few weeks of twiddling my thumbs and tinkering around with different ideas, I came across a job opportunity for Network Security Engineer. This made me curious about network security and when I researched online for what this referred to, I found that there were companies like Foundstone and hacker groups like @stake doing some really cool work. And that’s how I got inspired to start a security company.
Hackers Interview: What challenges did your venture face, as the time went on, on the basis of the traditional emphasis that people possess?
Mr. KK Mookhey: In the early days, everything was a challenge. Right from searching for an office, setting up the basic infrastructure, registering a company, etc. I had no clue about these things and had to learn along the way. Convincing clients that I could deliver security services was also a challenge – obviously because I had not done this before. I remember, convincing one of our first clients – a large bank to let me do a penetration test on their website. I literally went to a store called Computer Bookshop (in the Fort area of Mumbai), searched for computer security related books, found just one – Hacking Exposed – and read through that to teach myself how to do a penetration test! In those days, running a tool called enum on exposed Netbios ports could expose a large amount of information about the server, and result in a fairly easy hack. Overall though, I think starting a venture in India is still quite tough, and that too in the services sector is even tougher. I regularly advise people who have 9-to-5 jobs to stick with those and not take a risk of starting their own ventures. Starting a services business is tough, scaling it up is incredibly tougher!
Hackers Interview: What is the aim, with which you started with your venture?
Mr. KK Mookhey: I would have liked to state that I had a very clear vision when I started out, but that was not the case at all. It was just that I came from a tech background (if 3 out of 4 years of engineering college counts), wanted to do something different, wanted to build a business in India, and not pay any bribes while doing so. So, at that stage the aim was basically quite simple – start a company in India and be as ethical as possible while doing so.
Hackers Interview: How do the operations of your business take place? What is the basic framework which keeps track and handles daily work?
Mr. KK Mookhey: First and foremost, we have a great team. Everyone in my team is so highly committed and passionate that I feel blessed to have people like them in my company. However, with 450 people in the company and operations spread across multiple countries, we have started putting more structure and processes and systems in place.
I remember some years back – I think in 2007 or 2008, when we hired our first HR person and she asked me to develop KRAs and KPIs. My first reaction was – why? Doesn’t everyone know what they are supposed to be doing? Why do we need to write these down? A few years’ back someone in my team told me we should have a documented process for pen-testing, and I thought, why do we need to document how to run tools like nmap, Nessus, Metasploit and others. Today, I wouldn’t imagine being able to run the company without these basic processes and systems in place. We spent considerable effort in documenting so much of our knowledge that was dispersed amongst various team members and creating a large learning and development portal. We started a formal learning and development program last year. Still, we lack in multiple areas, and being a techie, the company has run largely on instinct and passion. This year our goal is to put in place more formal processes and systems and be able to properly measure our progress on financial and non-financial goals (such as employee and customer satisfaction, service quality, etc.)
Hackers Interview: How well do you think your company has been? Have you been able to make a difference, and remain profitable along the way?
Mr. KK Mookhey: I think we have done well, but obviously as an entrepreneur I always feel there is so much more to do. My ambition at this stage is to build Network Intelligence into a global cybersecurity brand. We have done well in India and the Middle East. Our teams have delivered excellently across the board, and clients do look at us as a preferred services partner. We want to improve significantly in the quality framework of our services, expand our reach geographically, add new services to our portfolio, and build our productsFiresec™ and Insights™. Over the past 5 years, we have grown at an average CAGR of 40-50% and yet maintained a 15-20% EBIDTA. How we have managed to do this, is a bit of a mystery to me. All I can say is that, once you bootstrap a venture, you always remain very conservative in terms of costs, and aggressive in terms of growth. Basic common sense, keeping your ear to the ground, and focusing on new ideas while retaining existing customers and relationships is the key to growing a services business.
Hackers Interview: Do you think you have been able to contribute to cyber security in a significant way?
Mr. KK Mookhey: This is a question I often ponder over. Are we as a company really making a significant difference? In some ways, yes. For instance, the training division we run, imparts cybersecurity training to nearly 400 students per year. This is a significant addition to the cybersecurity workforce of the country. Our products also deliver value to the customers. The passion which we try to drive into every employee of the company also sets us apart and ensures that people on the ground, deliver great services. Again, while I think we have done well, I also think there’s a long way to go in terms of the contributions and positive value we could create in cybersecurity.
Hackers Interview: Do you feel that depending on machines really is the right way to go?
Mr. KK Mookhey: I don’t see any other way. Human progress – however you choose to define that term – has depended on machines since the Industrial Revolution. Now, we are going to have to depend on machines to make certain key decisions for us. And training them to do this, is inevitable. Cybersecurity is already getting disrupted by ML-based technologies, and this trend will significantly accelerate. The cybersecurity skill shortage is a crisis right now, and it will only get worse. Machine learning and automation is the only reliable way ahead. There is still a long way to go even when it comes to applying ML properly to cybersecurity. Yet, this is the right approach. Static, rule-based solutions won’t work. Machine-based solutions combined with human talent will help achieve a lot more.
Hackers Interview: Describe how your journey was, from being a nobody to a successful entrepreneur.
Mr. KK Mookhey: I am not sure I would tag myself as ‘successful’ just yet. As an entrepreneur, I can tell you that every day is a mixed bag of successes and failures. The successes don’t get celebrated, as every new customer win simply means the responsibility to deliver on a higher set of expectations. Every failure gets over-analyzed, as anything going wrong in the company is my personal responsibility. Further, as a services business in India, cashflow is always a major concern. Having spent 17 years building the business to this level, there are always multiple moments in the year when we are staring into the abyss in terms of cash in the bank. Luckily, we have survived through our rainy days and never delayed payroll cycles and hopefully will continue to manage our cashflows properly while still continuing to invest in research, development, process improvement, training, etc.
Hackers Interview: So what could be next towards global domination of your venture?
Mr. KK Mookhey: When I was 25, the words global domination would have seemed appropriate to use. At 38, I think this is a bit of an over-ambitious term to think about. Right now, the focus is to keep building the firm, improving our service delivery, continuing to innovate, introspecting constantly to improve both employee satisfaction and customer satisfaction. If in doing so, we end up dominating anything globally – that’s fine. If we go down in history as having built a good company, with good people, delivering good services, then that’s also perfectly fine.
Hackers Interview: What do you think the future holds for technology, and what could be the next big thing?
Mr. KK Mookhey: Within the cyber security context, I think there will be large amounts of automation driven by big data, cloud and machine learning. Very soon, large organizations will begin to trust machines to not just identify risks (which is already the case), but even take decisions on remediation (for instance, should we patch this server or not). The human element in cyber security would be to understand risks in the context of the organization’s business, design the security architectures, and ensure the right tools/algorithms are used with the right tweaking to get risks down to acceptable levels. Today security conversations are highly focused on the attack and detect part, we need to shift conversations back to defense as well.
On a more philosophical note, I am not sure technology is doing a great job as far as the world is concerned. We’re doing a great job of screwing up one planet, while we are making plans of colonizing others. At the same time, some of our best minds in technology are developing better algorithms to serve up more appropriate ads to us. Privacy seems like a quaint notion, and I fear that the world my kids will grow up in won’t even understand what it means to have privacy while still having the freedom to use technology. Another major concern is the fake news phenomenon, which is only made much worse by machines which can now mass-produce and mass-propagate absolutely fake content. So, I am not sure whether things are moving in the right direction or not as far the march of technology vis-à-vis the greater good of the world is concerned.
Hackers Interview: Do you feel satisfied with what you have gone through your life? Do you feel that you have done whatever you wished for, since you started as a small timer?
Mr. KK Mookhey: As a 20-year old, one dreams of being a billionaire and creating the next Infosys or TCS. As a 38-year old, one’s goal is to provide a comfortable and secure existence for one’s family, while doing something productive and useful for society with one’s talents and time. So maybe the 20-year old me isn’t successful, but the 38-year old me is fine with how things are progressing. Sometimes shifting goalposts is a great way to be happy in life! I would say that I swing between absolute contentedness and healthy discontentment at different times of the day.
Hackers Interview: Finally, what keeps you going? What helps you keep going strong throughout the day?
Mr. KK Mookhey: At one stage, the pursuit of material wealth was definitely a big motivation factor. But two years back I sold my dream car (an Audi) and have been using Ola’s and Uber’s and espousing the rental economy to everyone who cares to listen. So, what really motivates me is the challenge of solving technical and people problems, and learning constantly (I don’t think any other field in IT has so much to offer as does cybersecurity), and seeing the company grow. Running a company can be thrilling and highly self-satisfying, but it can also be boring, depressing, and frustrating. Eventually, one learns to take the ups and downs in one’s stride. Thankfully, I haven’t had a spell of a few boring days in office in quite some time, and I hope things continue to be that way!
“Thanks Mr. KK Mookhey for giving your precious time to our readers.”