Shankar Karthikason, Group Head of Cybersecurity Strategy, Advisory & Operations at Averis, has made a remarkable impact in the cybersecurity landscape. With a career that spans over two decades, Shankar has transitioned from a Network Engineer to a recognised leader, earning accolades such as the World CIO 200 Malaysia Chapter award. In this Voice of Averis, Shankar shares his journey, achievements, and insights, addressing industry challenges, and building a secure digital future.

Hello! Tell us about yourself and what you do.

Hey there, my name is Shankar. I currently serve as the Group Head of Cybersecurity Strategy, Advisory & Operations at Averis, a position I’ve held since January 2020.

I provide strategic guidance to Group IT and senior management on tackling IT and cybersecurity risks, ensuring security compliance, and developing cloud strategies. My role ensures alignment between security initiatives and business objectives. I’m also responsible for setting the strategic direction for the company's cybersecurity efforts across IT, OT, IIOT, and Cloud infrastructure systems. This involves developing and implementing a comprehensive cybersecurity program to minimise risks and enhance the security and quality of these systems.

On top of that, I plan and strategise cybersecurity goals, metrics, and reporting mechanisms, creating maturity models, and continuously improving the cybersecurity program.

Additionally, I lead efforts to ensure that appropriate policies and standards are consistently applied, fostering a culture of cybersecurity compliance among stakeholders. I also oversee the response to significant information security incidents, maintain strong relationships with security solution providers, and manage budgeting, resource planning, and talent management for the cybersecurity function.

Career Journey and Achievements

We’d love to hear about your professional journey leading up to your current role. Tell us more!

I began my career as a Network Engineer at a small vendor company, serving the telecommunications industry. Driven by a strong desire to grow and expand my expertise, I progressed to working as a Network Engineer at a multinational corporation (MNC). From there, I positioned myself as a leader, acquiring knowledge across multiple IT domains.

Throughout my journey, I’ve been involved in critical functions such as Incident Management, Problem Management, Internal Auditing, Project Transition, and NOC Management. These roles provided a solid foundation and diverse experience, ultimately leading me to a position as a Security Operations Center (SOC) Manager. I continued to advance, becoming the Global MSS Security Head and later the ASEAN Regional Cybersecurity Head.

As Group Cybersecurity Head for IT and OT at Averis, I’m responsible for developing and implementing comprehensive security strategies that align with business objectives. My role involves close collaboration with executive leadership, IT teams, and external partners to drive initiatives that enhance the organisation’s security posture.

Over the years, I’ve taken on progressively challenging roles, allowing me to expand my knowledge and experience across various cybersecurity domains. My commitment to continuous learning led me to earn several prestigious certifications, including CGEIT, CISM, CCISO, CCSK, and CSXP, which have been pivotal in shaping my approach to cybersecurity leadership.

I’ve been at the forefront of introducing innovative OT security strategies, ensuring organisations are protected from emerging threats while maintaining operational efficiency.

Beyond my technical responsibilities, I’m deeply involved in thought leadership within the cybersecurity community. I regularly write articles on LinkedIn, sharing insights on emerging threats, preventive measures, and best practices to help others navigate the complexities of the digital landscape.

My journey has also earned me recognition as a World CIO 200 Malaysia Chapter winner, a testament to my dedication and impact in the field of cybersecurity. As I continue to grow in my career, I remain committed to advancing the cybersecurity field and empowering organisations to achieve robust security through innovation and strategic thinking.

Can you elaborate the projects or initiatives that you believe that contributed most significantly to the award win?

One of the most impactful projects I believe that contributed significantly to my recognition as a World CIO 200 Malaysia Chapter winner was the Cybersecurity Operation Technology (OT) Program that I led for a group of companies. This initiative was designed to address the unique and evolving challenges associated with securing operational technology environments which are critical to the core functions of these organisations.

The program was comprehensive in terms of scope, involving a multifaceted approach to enhance the security posture of OT systems across the entire group. I also spearheaded the development and implementation of a robust OT security framework that integrated seamlessly with existing IT security practices. This was crucial in ensuring that the physical and digital aspects of operations were protected from emerging cyber threats without disrupting the core business functions.

The successful execution of this program did not only strengthen the cybersecurity defences of the group but also set a benchmark for OT security within the industry. The program's innovative approach and measurable results were significant factors in earning the award, reflecting the impact it had on enhancing the overall security posture of the organisation.

What were the main challenges you encountered during these projects, and how did you address them?

During the execution of the Cybersecurity Operation Technology (OT) Program, several key challenges emerged that required strategic thinking and collaboration to overcome. These included legacy systems and inherent vulnerabilities, as well as change management and resistance to new security practices, amongst others.

Cybersecurity Challenges and Solutions

What do you consider to be the most significant cybersecurity challenges facing businesses today, both globally and within our industry?

The cybersecurity landscape is becoming increasingly complex, with businesses facing a range of challenges that can cause a significant impact on operations, reputation, and bottom line. Some of the most pressing cybersecurity challenges within our industry include:

• Sophisticated Cyber Threats: Attacks such as ransomware and zero-day exploits are becoming more difficult to detect and defend against, posing significant risks.
• Dependence on Third-Party Vendors: This increases exposure to supply chain vulnerabilities, as breaches in the supply chain can lead to widespread impacts across the network.
• Cybersecurity Talent Gap: The shortage of skilled professionals makes it challenging for organisations to build effective teams, resulting in weaker defences and slower incident response times.

These challenges highlight the need for a proactive, multi-layered cybersecurity strategy that addresses both global and industry-specific risks. Organisations must remain vigilant, continuously adapt to the evolving threat landscape, and invest in the right tools, processes, and talent to protect their critical assets.

What emerging technologies and trends do you believe will have the most significant impact on cybersecurity?

Emerging technologies and trends are rapidly transforming the cybersecurity landscape. The ones I believe that will have the most significant impact are:

1. Artificial Intelligence (AI) and Machine Learning (ML): These technologies will enhance threat detection and response but will also be leveraged by attackers to create more sophisticated and targeted attacks.
2. Internet of Things (IoT): The increase of IoT devices can increase the attack surface, requiring stronger security measures to protect interconnected systems.
3. 5G Networks: As 5G enables faster and more reliable connections, it also brings new vulnerabilities, especially in critical infrastructure and connected devices.
4. Zero Trust Architecture: This approach is becoming essential for securing modern environments.
5. Quantum Computing: Although quantum computing is still in its early stages, it has the potential to disrupt current encryption standards in the future, making the development of quantum-resistant cryptography essential.

These emerging technologies and trends will not only shape the future of cybersecurity but also redefine how organisations protect their assets, data, and operations. Staying informed and proactive about these developments are crucial for building resilient and adaptive cybersecurity strategies.

Leadership and Innovations

What leadership qualities do you believe are essential for success in the cybersecurity field?

In the cybersecurity field, certain leadership qualities are essential for driving success and ensuring that organisations remain resilient against evolving threats. As a leader, once should practise:

1. Visionary Thinking to anticipate future challenges and opportunities. Visionary leaders can guide their teams toward proactive strategies that keep the organisation ahead of potential risks.
2. Strategic Decision Making, which is Important since Cybersecurity is a complex and rapidly changing field. Leaders must be able to make informed, strategic decisions that balance risk management with business objectives.
3. Adaptability to the environment as the threat landscape in cybersecurity is constantly evolving, and new challenges can emerge unexpectedly. Effective leaders are adaptable, able to pivot quickly in response to new threats or changes in technology. 
4. Strong Communication where leaders must be able to communicate complex technical concepts to nontechnical stakeholders, including executives and board members.

Commitment to Continuous Learning as new technologies, threats, and best practices emerge regularly.

How do you foster a culture of innovation within your team?

Fostering a culture of innovation within a cybersecurity team requires deliberate effort and a supportive environment that promotes creativity, experimentation, and continuous improvement. I encourage open communication and idea-sharing, ensuring team members feel comfortable contributing their thoughts, no matter how unconventional. Providing opportunities for continuous learning is key, and I ensure my team has access to the latest training, certifications, and industry resources. Empowering ownership is another priority, as I give team members the autonomy to explore new approaches and take charge of their projects. Recognising and rewarding innovative efforts is vital in maintaining motivation and encouraging further creativity. Lastly, I lead by example by staying curious, exploring new ideas, and remaining open to change, demonstrating my commitment to innovation.

Personal Insights

How does Averis’ culture support your role as a Group Head of Cyber Security?

Averis’ culture strongly supports my role as Group Head of Cybersecurity in several key ways. The emphasis on collaboration and teamwork fosters a highly cooperative environment, making it easy to work closely with other departments. Innovation is highly valued, encouraging the exploration of new ideas and technologies to enhance our cybersecurity efforts. The company’s commitment to continuous learning and development enables me to stay updated on the latest cybersecurity trends while ensuring my team has access to essential training and resources. Additionally, Averis’ leadership is supportive and recognises the critical importance of cybersecurity, providing the backing needed to achieve our goals effectively.

How can we leverage your success to inspire and motivate other employees?

Leveraging my success to inspire and motivate others is a powerful way to cultivate a positive and productive work environment. By sharing my professional journey, including the challenges, achievements, and lessons learned, I can provide valuable insights and encouragement to colleagues. Mentorship and coaching are also key, particularly for employees who show potential or interest in advancing their careers. Recognising and celebrating team members’ achievements fosters a sense of appreciation and camaraderie. Creating opportunities for professional development within the organisation further supports growth and engagement. Additionally, regularly highlighting the impact of the team’s work helps everyone see how their contributions align with the organisation’s overall success. When appropriate, sharing successes and the team’s achievements publicly within the organisation not only boosts morale but also sets a benchmark for what can be accomplished through hard work and dedication.

How can individuals contribute to building a more secure digital world?

Individuals can play a vital role in creating a more secure digital world by adopting a few simple practices. Good password hygiene is essential—using strong, unique passwords for different accounts and enabling two-factor authentication (2FA) wherever possible. Staying informed is equally important, as awareness is the first step in protecting oneself and others online. Caution should be exercised when navigating the digital space by avoiding suspicious links and refraining from downloading unknown attachments. Protecting personal information, especially when sharing on social media, is crucial to safeguarding privacy. Regularly updating software and applications ensures devices are equipped with the latest security patches. Lastly, educating others by sharing knowledge about cybersecurity with friends, family, and colleagues helps to foster a more resilient and informed digital community.

What do you consider to be your greatest achievement in your career so far, apart from this award?

Aside from receiving the award, I successfully transformed a fragmented cybersecurity team into a unified and highly effective security operation. When I assumed the role, the team was divided into multiple siloed groups with inconsistent processes and varying levels of expertise.

I also developed a clear strategic roadmap focused on standardising security practices, aligning them with global best practices, and adopting advanced security tools. By fostering a culture of collaboration and shared purpose, I unified the team under a cohesive strategy. We streamlined processes, improved incident response times, and significantly enhanced threat detection capabilities.

This transformation not only strengthened our security deliverables but also positioned the team as a strategic partner within the organisation, actively contributing to business objectives. Watching the team grow, excel, and play a critical role in protecting the organisation has been one of the most rewarding accomplishments of my career.

If Shankar’s story has inspired you to join a company that values continuous learning and improvement, we invite you to send your resume to recruitment@averis.com – your journey at Averis could be just beginning.