At BILL, Rinki Sethi wears both the CISO and CIO hats
Share!
At FastForward, we like to interview CISOs, CIOs and other technology strategists inside large organizations, but with Rinki Sethi, CISO at BILL, a financial operations platform aimed at SMBs, we found someone who is in charge of both IT and security. It’s a lot of responsibility, but in some ways it simplifies the job because she gets to ensure that security is always a priority.
Sethi says looking back at her career over the past 20 years, when she first started out most companies didn’t even have a CISO or much of a coherent strategy around keeping their systems secure. Her own parents didn’t even understand her job.
“I would explain it to my parents and they would say that they don’t understand what I was getting paid to do. There were no CISOs back then really outside of the banking industry. And now fast forward, it's like every company has a CISO or a security team or at least a security person,” Sethi told FastForward.
Sethi’s career as a security leader spans a variety of companies including pre-Elon Twitter, Rubrik, IBM and Palo Alto Networks, but she says while each company had different needs, there was a common thread that ran through all her jobs.
“When you look at a company's priorities, the priorities have been very similar. You focus on identity and access management, and you focus on data security, and so the main things that you're focused on remain the same, and what you're primarily protecting is the ‘crown jewels,’ whether that’s customer data or your code or whatever that is. And so it remains similar,” she said.
In terms of her current job, she has learned to combine the two roles with help from how she has structured her org chart. “I have a head of IT and a head of security under me. And the cool thing is, when you think about IT and how it's transformed over the last few decades, a lot of IT is now security. So you're making sure that you deploy apps securely, or you deploy infrastructure securely. And so usually, the friction that happens is prioritization between IT and security leaders,” Sethi said.
She said that she kind of stumbled into the dual role and it has worked out for her and the company. “Two weeks into my role at BILL, the person who was going to inherit IT left the company and I was asked to take it on and I've had it since then. It works really well together like that and removes friction between the infosec and IT teams that usually exists in other organizations.”
“So that friction goes away, because now if we want to prioritize security, we can remove roadblocks and say, ‘Okay, this is how I'm going to fund it or resource it’. And it's all managed in that way. Instead of having that constant prioritization discussion, it all falls under me.”
Why AI is exciting and scary
And that dual role could also help connect the dots as she looks at an AI future that can have both positive and negative impacts on her role as a security leader. Like many security execs, Sethi sees AI as a double-edged sword, both exciting and scary. On the positive side of the ledger, it’s going to help bridge the talent gap as security teams are constantly struggling to find people to fill roles.
“One of the biggest problems we as security leaders have been facing is the talent gap, and how do we scale? And how much is enough? And I think AI and LLMs are going to help us scale. They're going to help us be much more productive. And I think you'll see the roles of security engineers start morphing into something different,” she said.
But at the same time, it’s also going to complicate the threat landscape, and increase the number of things she has to worry about as a security leader. “You're already seeing very sophisticated attacks. You're seeing the deep fakes and different things happening now with the sophistication of AI usage by attackers, but we have to use this to stay productive and scale and stay ahead of them.”
She says that sometimes it takes a startup thinking creatively to solve some entrenched problems, even if it takes a little more of her bandwidth to work with them. “I think how you structure your time with those innovators is really important. But I also think the sooner we bring them on, the more we're going to see progress with the kind of innovation that startups bring.” And that’s especially true in an industry where there is a lot of consolidation.
If one of her go-to companies gets acquired, and service levels drop, having a bench of startups ready to step up is going to give her an advantage. “It can really save you if you have a good sense of what else is out there and what's good. So I think always having some kind of lab environment or innovation space for the team is really important.”
Photo courtesy of BILL
