Mar 25, 2026

AI Security: Hype vs. Reality and the Roadmap to CISO with Niyati Daftary

Transcript

Host: Hi everyone, this is Purusottam and thanks for tuning into ScaleToZero podcast. Today's episode is with Niyati Daftary. Niyati is a passionate and result-driven cybersecurity professional with over six years of experience securing digital ecosystems across banking, finance, insurance, government, and energy sectors. She specializes in transforming complex security challenges into actionable strategies that enhance resilience and regulatory compliance.

Thank you so much, Niyati, for joining me today.

Niyati: Yes, so happy to join in today. Thank you so much for the wonderful introduction for Purusottam.

Host: Absolutely. But before we kick off, know that I just did like a two-liner intro. Do you want to add anything to your journey? Like how maybe how you got into it or what do you enjoy the most nowadays? Anything you want to add to your journey?

Niyati: Oh, yes. So it's been a long journey in quite a short or stipulated time span, would recommend or suggest because initially in my first two years, there was a lot of hands on on VAPT application security running around different clients on prim on ground and doing all the hands on activities.

Then it slowly evolved into a more consulting kind of a background and then providing advisory creating regulatory specific reports and now it's a whole and so like I have an in-to-in view of different enterprises globally. I help them for strategizing for their cybersecurity roadmap and also be aware of all the new tech which is coming into this particular cybersec world.

Host: Sounds good. So with that, you spoke about your journey, right? And today you are working with lot of organizations to define their programs, security programs and things like that. What does a typical day in your life look like?

Niyati: Correct. So firstly, I have a permanent remote job. So I'm very happy. I can start my day at my own time. Mostly I start off 10 in the morning and a day prior we get a list of all the calls or even a week prior of all the client calls, questions and queries which we have.

So the first half generally is to answer and address client calls within our time zone or certain other geographies which overlap with my, I specifically decide in India, so my time zone. And then in the second half, we work on research areas like depends on whatever new tech, new innovations are coming into the field of cybersecurity or portent into the client challenges, which we have seen in the call, what are certain approaches to fine tune, where are some lags, which most of the clients are facing. So that's how my daily day goes in.

And then midway we have some community or group research communities is what we call that. So particular different pockets like data security or maybe API security. So there's a group of researchers around this who come together, discuss their entire ideas for this month and then pan out the whole plan for research for that month for that category.

Host: Sounds good. So a lot of research component, a lot of day in, day out, working with customer queries and finding out what challenges they are facing and providing guidance on those. like a tough combination to handle. So I'm more interested in some of these areas. So let's dive in.

Today we'll focus on security programs in the AI age and the role of partner in security in general. We'll try to find out as much as we can today. So let's start with AI, right? We are in the AI age right now and AI has become like one of the most talked about topics in cybersecurity. I'm pretty sure on a daily basis you must be getting a lot of questions around AI as well. So from your conversations with security leaders, what are...

What are those real security risk organizations are worried about? Are they worried about that AI being, let's say the AI systems that we have put together that being manipulated or data poisoning, or it's about AI introducing new risks to data leakage through prompts and things like that? What's the major, maybe let's say top three concerns that you have occurred?

Niyati: Honestly, I will tell you it ranges across all the topics which you mentioning, but the most important one is the CISO or the cybersecurity leaders remit in AI governance. What is security's role as a whole? Firstly, defining that. That is where a lot of leaders are still struggling and there is a little ambiguity. So we help them establish their role, remit, ensure that particular governance elements for specific to security. Once that is done, there's two approaches. is how do they manage inventory, approve all the possible AI usage and pools in their organization. So that is the next part.

Second is there are frameworks like NIST AI RMF or ISO 42001. So which one should they follow? When? How can they implement this? So we help them guide in that particular selection or just align their existing policies across these particular frameworks.

And then comes the part where how do they start piloting with these particular tools for their particular security usage, for example, maybe soft automation or DevSecOps automation, AI coding agents is gaining a lot of momentum, things like that. And as you're saying, a huge, huge concern, where we are seeing that CISOs are not, or even cybersecurity leaders are not very open to giving this experimentation is because of the data security concerns. how can they align with their data privacy, data security regulations and then provide this particular access in a secure way?

So these are the questions which, so if you can see there's a whole from foundational to the advanced stage, all possible queries and questions. And these have dramatically increased since this year start.

Host: Yeah, I mean, yeah, I was just hoping for top three, but you shared many more, right? And it's understandable because it's such a new area. There are so many unknowns, starting with like you highlighted governance. That's so important because I'm just trying to relate it to the cloud world, right? Even today, we have the challenge of understanding your inventory in the cloud as a P6. So with AI, which is very new,

We have not even figured out how to figure out the inventory because there are reporting agents that folks are using. are browser agents folks are using. There are chat agents folks that your team is using. And how do you stay on top of it and then do governance?

And the other thing that you highlighted, which is super interesting, is the frameworks. Since it's very new, the AI security and all is very new, the frameworks have not also caught up that well.

Like if you think about Cloudworld, there are so many CIS, NIST, all of those frameworks in place, right? They guide you that what controls to focus on and things like that. But AI being so new, it's definitely a challenge because as you highlighted it, CISOs are accountable for some of these things and they cannot just take a risk where their data gets compromised, right? Exactly. Yeah, fair.

So now, do you think based on the current state of looking at your research and maybe your conversations with your security leaders, do you think the industry is overestimating or underestimating the security impact of AI?

Niyati: Honestly, both the industry is overestimating the short term fear with respect to AI because there's no the amount of adoption is not as much as the height and fear right now, which we see and the attackers have not leveraged that much of a tax or face or payload wise or scope as of now. So in a short term, the there's a slight overestimation.

But we are highly underestimating the long-term impact specifically to support security as well, which AI can provide. Just as an example, like we are working on certain research notes where how the SOC, because as I talked to security leaders, SOC is the most, is the team which takes up most of their budget because that requires heavy technical expertise, staffing, resources, tooling support.

So that is an area where a lot of L1, L2 tasks are already being experimented and piloted and it's going to be soon automated. So the impact this will provide and even the kind of I think you recently saw the Claude code security news, the kind of bugs or the number of bugs it found which in the legacy codes as well within just a stipulated time span.

So difficult for a human to find. So how this is going to aid the security a long term is something which we are highly underestimating and not focusing that much on. So, I hope that answers the question.

Host: Yeah, I like how you sort of looked at from both the lenses, right? From the height perspective, whether we are there or not, and from the capabilities, those are available, whether we are able to utilize them and how that can impact from a security perspective. yeah, is a very good example because a lot of investment slash focus is being given to SOC because that's where a lot of manual effort is done today. So AI can certainly help in those areas.

So you highlighted tools could be one of the areas where maybe AI can help. So I know that you regularly speak with security leaders. And when you talk to them, when you understand their challenges, are they mostly technical, like what tools I should buy or how should I have my infrastructure set up, or it is more organization, like alignment with business and leadership using the right language so that when you go to your CEO and present it, they understand it. Which bucket would you put the challenges in?

Niyati: I feel more mostly the questions are coming and the challenges are pertaining to the program management and cybersecurity strategy roadmap aspect. So the first question is how do we ensure that we have a mature cybersecurity program? How do we ensure that our sub cybersecurity strategy and roadmap are aligning to our business priorities? How can we demonstrate value from cybersecurity to our leadership to our board?

And like board presenting tips as a first or a first year CISO role, how do I present this, how do I gain funding and buying from all the stakeholders involved. So I feel that is still an area which is of a huge concern to cybersecurity leaders, especially because a lot of business units are not seeing cybersecurity as a value creation activity or function rather maybe a blocker to their innovative activities.

So that is why that synergy collaboration with the CISO, CIOs and the other board members is something which CISOs and cybersecurity leaders are pivoting towards more. With respect to tech, they are already having a lot of tools maybe and also they have a support from IT for that particular tool management, maintenance, integration. So that is not that of a huge of a concern. The only kind of concern which we have is or we have clients asking is tool consolidation.

But that again, like is a underlayer to the question of providing more value and aligning with business priorities because their business priorities cost optimization. So how can we show cost optimization or more efficiency with or more standardization with this kind of tool consolidation approaches? So this is where I or we have seen trends in the questions of late.

Host: So that means when security leaders are coming to Gartner, coming to you, of course, are looking, the primary focus is how do I run the program better or how do I set up the program and how do I run the program better.

Tools, of course, play a role, but they might already have some tools, especially in the AI age, like you can easily sign up to chatGPT or Claude and then you can start using it. So it's less on the choosing maybe the individual tool and more on optimizing on the tools and optimizing the setting of the security programs and maybe optimizing the security programs as well.

Niyati: Yes, I think so with respect to the tooling or so program management, what you mentioned is absolutely correct. And also they a lot of time they want to understand what other clients are doing, what are people in this industry doing, what other industry benchmarks which you have, because we have a huge database of clients across the globe.

Even for newer tech adoption on newer strategy adoption, AI strategy, AI security strategy, what are other peers in BFSI sector doing? What are they experimenting with? Or if there's post quantum cryptography, which is highly anticipated now, how many how much percent of our BFSI clients have started working on this?

So they need an add on validation and some surveys, stats and references, benchmarks we can provide so that they can justify these to their boards. With respect to tooling support the kind we do have our magic quadrant. So they do need to know that this is a category where we have a lack of tool or we need integration of tools or we are planning for consolidation. So which are the top vendors, but we do help them with their proposal reviews or technical negotiations as well with the vendor so that they can get the best value in their RFPs, their procurement and they have a wider picture or range. So we have some demographic specific tool reviews and all these internal research notes.

So we have our analysts space covered in two areas particularly. One is a tech cohort and one is a program management cohort. So in both the directions we can guide in. So I particularly lead into the other program management cohort, cybersecurity program management and strategy. Cybersecurity leadership is the practice which I cover basically.

So that is where I am getting more of these kinds of questions, but I am sure my other counterparts might be dealing with other form of questions as well.

Host: Yeah, you're right. There is Magic Quadrant that Gartner has, which often guides security leaders to at least see top five and then pick from them. But one of the things that you mentioned, makes a lot of sense is sort of peer analytics. I'm just using the term. What are other peers in the industry from a program management doing or from a tooling perspective doing? That helps a lot, right? Because, and you must have heard this as well, like lot of security buying happens based on the network knowledge as well, right?

That's where conferences add a lot of value where you can meet with other peers and you can find some of the knowledge as well, right? So yeah, makes sense. That's a key one I felt. And being sector specific, that, definitely!

Because if I am in FinTech, getting some data from health care may not help me, right? Even though you can recommend the best program management strategy, best tooling, but are folks in similar industry using it and how are they using it that helps a lot? Yeah, yeah. So these are some very good points that you highlighted.

So now I'm going to sort of connect your previous job with current maybe. So you have worked in consulting before and now you're doing research advising security leaders globally. What changed in the way you think about cybersecurity problems moving into an analyst role? Let's say when you look across multiple organizations now, do you see a pattern that individual or like companies often miss?

Niyati: Yes, I think it's very good you highlighted the word pattern because that was honestly going to be my answer for this question. Because when I was a consultant, I did work mostly in the BFSI but at scattered clients on scattered or different forms of projects. I felt, this is the challenge here. This is a challenge. here when I have maybe in a month, 15 queries with different clients across the globe and for same questions, I see patterns in the questions coming up. And also in the patterns, I do see that challenges are very similar.

For example, I'll give you one example on data for Indian clients specifically. Like there was this DPDP Act and data security. RBI has mandated banks for having certain data encryption and certain controls to be in place, all the clients had the same question.

Like one of them, first question was, how do we implement data masking? What are the best tools? Some other client, we are facing ABC challenges with our data encryption. Is there a better solution or answer to this question? Third one is data masking versus synthetic data. But if you see like all these questions or how do we even formulate our center of excellence for post quantum cryptography or data encryption?

So all these questions are falling just under the same bucket. Their entire challenge is encrypting, adapting or masking their data and not allowing up so for regulatory adherence and for the safe usage of AI as well for that particular data set.

So when I started, like when I had so many calls on different topics over here, I am able to categorize all these challenges and see patterns that, okay, this is where clients are failing. This is where they are still struggling. This is where the traditional foundational concepts also need to be challenged a little bit.

For example, a lot of them are following the three lines of defense model very, very strictly or the three lines model for cyber risk management, risk management overall. And they are implementing that in cyber, but that is not working honestly too much in cyber, we do need collaboration.

So then we are coming up with such challenging perspective research notes as well just to guide the industry that this is how you have to go ahead. I am not telling you to break that entire model and do something else but in that silos, in that model there is a slight collaboration which will enhance your productivity and efficiency from A to B significantly. So that is how we are planning out the research.

Host: Yeah, I mean, it makes a lot of sense. Let's say when you are at a consulting role, you are sort of focused on a single customer's problem, right? And now when you are at Gartner and you are looking at challenges from customers across the globe, can definitely, you have much larger data set to find patterns. And then that would definitely help you when you are recommending a security program to a customer or to a client when you see that, hey, customers in your industry are facing these five challenges. These are the patterns that we have seen, and this is how you should build your program around it. So yeah, totally makes sense.

One thing, maybe another question on this is, do you see that maybe there are certain things that as a practitioner, I believe strongly, but actually the research data or the pattern data contradicts it. Anything that you have noticed like that?

Niyati: Not, yeah, so maybe in terms of adoption for certain technologies, when I compare my particular geography or demographics of APAC specific countries and EMEA and US, we have a common set of survey data, but it is significantly varying the level of maturity which I see here in APAC countries, and in the other countries, it's different.

The way things are rolled out, the level of MSSP support being leveraged in, in APAC specific countries and versus the U S and other countries that is very different there. I see a lot of things that being built in-house from scratch here, MSSP guidance, support, leverage, ring, all those services is being done.

So that is where I feel some of those stats or, know, surveys which we have may not be applicable in terms of the realistic maturity of for clients here. So that is why it's excellent that all of them are after reading a research note, mostly connecting or having calls with us so that we are able to find out this exact difference or guide them exactly for their particular use cases and things like that.

Host: Makes sense! Now, I know that you develop frameworks and write research. You do research and you write on it that many security leaders rely on. If you can shed a little bit of light on how does a piece of security research being developed, is it driven by industry trends or the industry data or it's from the problems that maybe clients are facing and they're bringing to Gartner conversations. How do you go about it?

Niyati: So there's a mix of all the things which you mentioned in. So we go across, we try to do an analysis of all possible client inquiries, which we receive in maybe one month, six months, or one year at max. And then we try to link our existing research notes, what we have, what guidance we have around those inquiries. Easily we are able to find the gaps. That is the first thing.

Apart from that, we do have a lot of trends and analysis of trends based on different conversations which we are having with vendors, industry partners, some regulatory guidance which has come in and we try to maybe even update our existing research for adhering to these guidelines which have come in to meet these gaps or even when we combine these two, if there is a huge gap or a category or a previously mentioned guidance or a previous traditional foundational workflow which is going on is not working for a huge number of clients.

If we see a trend that okay today this is one trend which guidance which we have provided but even after one year there's a huge set of clients asking the same set of questions that means that this is not working the approach is not working. So how are we challenging it? What are some better methods which we can come up with? So that is how we develop.

This is the whole process I have told you at a very high level. But still, and as you know, especially when I told you there's regulations, some legal guidance and a lot of maybe CIO work collaborations as well in a particular research. So we have segregated cohorts for each of these practice.

And after a notice ready, the subject matter experts or as we call it peer reviewers from each and every cohort will review this note or research thoroughly and once it is finalized, it is in line and approved by all of these folks, then we have this research published.

So I'll give you a very quick example is we did a research note on like this, I did a research note on the ideal cybersecurity team sizing. Now you cannot give a particular size that this is if you have 10 people you will do efficiently where you will be able to fulfill all your projects and business mandates and everything. A lot of, we just saw that we gave certain estimates and we had a lot of surveys where we took the benchmarks for industry what is the median benchmark.

So clients were taking it on the count and the numerical value directly. So we just analyzed what is happening and then even where all do we need representation from this collaborative folks which I mentioned in the legal, the privacy, BPO and everything. We updated that and then after that we put a whole big note at the top that these benchmarks are just to inform you not dictate your end-to-end decisions.

So these are the kind of things which if you see clients already know most of these things, but very foundational or minor things is where they are getting stuck. So that is how we are able to fine-tune the research and even improve the writing altogether.

Host: It's funny that you mentioned that, let's say, whatever research note Gartner publishes, folks just take it as the recommendation that, we should just do it. Gartner is saying that you should have, let's say, 10 people in your cybersecurity organization. Then, yeah, we should do 10 people in our cybersecurity organization.

It's very similar to like, sorry, rather like with the authority that Gartner has, sometimes the footnotes are missed, right? That what data set Gartner has looked at, maybe you don't fall into that. Maybe what industry Gartner has looked at when publishing the research. But often we don't read the details and we just start taking it as the best practice and we should do it, right? We should just follow it directly.

Niyati: So just to add to that, I personally feel that that is why we do a lot of webinars now where we give this particular guidance. So with AI and everything, think not just AI in general, reels and everything, attention span of people has reduced significantly. They do not read through entirely something which we have observed as well.

So we try to do these interactive webinars, workshops or non-standard briefings, client briefings wherein we do or advise on all these areas. And also, as I mentioned, one important element is vendors as well. So as I told you that we see that these tools have come up with ABC features, but still after a year or after certain duration, clients are still having the same challenges. So the feature which was built for this challenges is not fulfilling that.

What is the issue? So we are even in that space where we are advising vendors that okay this is how you can update or this is a must have feature in this entire industry or category because this is what the clients are struggling with. So as a whole all these aspects surround and support that particular creation of a research piece.

I'll tell you how, because we have had clients tell us that, okay, we can search this on chat GPT. We can search this question on any GNI tool. So how is Gartner different is because they will just tell you that do these three things. What are these three things applicable to your organization? Is your vendor providing this feature? If not, which all other vendors or what else is happening here? How much is the adoption rate?

And apart from all your other priorities and budget should you even invest here? So this kind of a whole spectrum question is something which we will be able to provide which is missing in the AI specific. So I feel that whatever innovations come in the human element and the particular logical reasoning which we have, and the established experience of so many experts over the years that is something which is very hard and that is how our research will never be able to be replicated with the AI centric tools.

Host: Yeah, I know that there were conversations maybe a year or so ago when I think chat GPT with GPT4, I guess, folks started asking the question, do I need a Gartner? I can just go to chat GPT and ask these questions. yeah, like the lack of context, lack of vendor knowledge. Like there are so many aspects, right? It's not just about that, hey, well, this is my problem. How do I solve it?

It's much more complicated than that. And every enterprise has a snowflake setup. And it's not as simple as just asking a single question and getting whatever response top three you get and you start implementing, right?

You mentioned about the struggle that security leaders go through. What have you seen that you highlighted that sometimes security leaders take the research note on the face value and just run with it? Any other challenges that you have seen that security leaders face when they are looking at a research note, trying to implement it, and maybe not succeeding with it and coming back to that. What have you noticed? What other challenges you have noticed?

Niyati: Yes, so maybe like when I tool implementation. what we have is a we peer sourced a lot of client feedback on what are the core challenges they faced in DLP implementation or a particular technology implementation and we research and put that research note out. But there are clients who face challenges even beyond that. So how do we come up with that? The maybe staffing model for this.

The most important thing is gaining business buy-in and board visibility. Now this is something which is different for each and every client. So when I review a cybersecurity strategy, I need to understand what the core drivers for that organizations are personally and then we can keep, adapt or create that particular strategy to align with their business priorities.

So, where clients are facing challenges most is I cannot write a very industry specific or a very detailed research note on suppose cybersecurity strategy which will be applicable to each and every person. So, that context which you mentioning and how is this particular research going to be relevant to their organization and their board, that translatory line is something which I still feel some clients struggling with because even when we give them entire approach that this is your entire fire plan for maybe it's supposed DLP implementation. These are the steps. This is the pre-work. This is the fire plan, but even to conduct that pre-work, there are certain challenges which come in then also allocating having a buffer budget for the whole plan. What person should be of the cybersecurity budget be allocated, how do they get and plan and translate all that.

So there's a lot of things which go on in the research note but between the lines reading and aligning that with their organization and context is something which I have seen clients struggling the most with.

I think that is going to be a challenge through and through, but that is why we have these one is to one inquiries and calls with clients can leverage. So they just go through a research note and then they put down their pointers. then we not just through one call, but N number of calls throughout there, you know, that particular goal is met. go through that. We find you and we have, we review their work and tell them that, okay, this is how this entire note is going to be applicable in your context.

There have been calls where we even tell them that this is not going to be applicable for your context because I've seen a lot of very new cybersecurity leaders, very enthusiastic. They want to do 10 things at once and they are like, no, we'll just cut this cost. We automate these things. We'll consolidate these things and we have to tell them, no, please stop. This is not where the industry is heading and this is not at all applicable to you but so these are fun it's honestly you know each call I'll tell you till now which I've had there's no two calls which have been similar all of these have been just such a amazing ride till now.

Host: No, no, I can totally understand, right? Like often, like if let's say the research note or a framework is hard to understand or lengthy, we just go to chat.jpg and say summarize, right? And you get a summary and you run with that. And that often misses the fine print, like as you highlighted also, right? That often misses the fine print. So you miss that entirely.

And you are now looking at a summarized version of a research note which was put together, maybe it is not relevant to your industry or to the size of the organization or the complexity that you have. And that brings more questions and more challenges with the program implementation.

Now, for an aspiring CISO. So this question came from a common connection of ours, Dhananjay. For an aspiring CISO, a security professional who is aspiring to be a CISO, what should the roadmap look like? How do they consume maybe some of this information? How do they implement, monitor? What would you recommend?

Niyati: So from my experience and what I've observed right now, I do feel that the new age CISOs who are going to be CISOs in some upcoming years will have to have a refined understanding of tech as well as the non-tech or regulatory or GR governance aspects. So maybe in the initial years, try to have as much hands-on experience or if not hands-on, at least the overview of all possible tech major technology stacks like your identity and access management, security, infrastructure security, application security, SOC.

Then even so if start hands on tools and the challenges there once you do that you'll know what are the challenges and what is required exactly there. Once you reach that level of maturity start going ahead into the GRC domain a little bit understand how audits are being done on what is required there and try to lead smaller teams. So it does not have to be like you are at a very high managerial position or anything.

Maybe you are a product security member or leader and you have five people under you or 10 people team under you. That still showcases a lot of gives you opportunity for a lot of strategy building, roadmap building, leadership and executive presence as well.

So start from there, once you are at that level, then let's see the plan ahead. I highly recommend that people can be a BISO first prior to a CISO because that business integration and understanding insight is very, very necessary. So after this particular leadership, if they head into that particular role, I feel the path ahead is going to be comparatively easier and they'll have all possible alliances across all teams to support them with all their initiatives as well. So this is what I would recommend for this journey.

Host: Make sense. But often for this, like when you are hands on or when you're trying to understand business, tooling also plays a role. Industry news plays a role. So you have to stay on top of it, right? If you could give one advice to security leaders who are navigating through all the noise of cybersecurity, what would you give them? Like what should they be worried about or what should they stop worrying about?

Niyati: I feel they should stop worrying about being on track with all the security trends which have come up because it's not possible to have AI, PQC readiness and all the newer things, agentic development, automated SOC and everything at once.

And I feel that most of the conversations I have is everyone is running towards these trends and they are neglecting the existing gaps in the maturity and the already existing vulnerabilities and weaknesses in their organization. So, whenever you building your roadmap strategy or even any other plans, first focus on the foundational things.

Have that very, very cleared up, sorted and remediated or at least at a particular resilient level so that if there is any attack or any ambiguity which comes in your business continuity will be maintained. You will not face any major losses.

Based on that, understand what is applicable and required for your organization's drivers. Like if your organization wants to go AI first, cloud first, automation first, then go ahead with only the technologies supporting that. If they want to be compliance first organization, then just focus on that.

I think we have a very, very good research this year where the leadership vision is something which we come up with every year. If I'd recommend everyone to read that and just states that that what should today's CSO or cybersecurity leader be? So he should focus on, know, optimize cyber resilience, have an agile strategy and roadmap, and most importantly, be a trusted an influential partner to their overall business. So I would recommend everyone to go in that direction.

Host: The last one I feel is the key because whether you are AI-initiated, AI-enabled or not, that trusted partnership between the business and the security org is a decade old problem. And doubling down on that for sure would help, wheather you use AI or not, doesn't matter.

It plays a major role when you need budget or when you need approvals and things like that, when you are running a new program. For all of those, unless you have built that trust, it's very difficult to go in front of your board and say that, I need $5 million because I want to do XYZ, things like that. So yeah, it makes sense.

And on that note, that brings us to the end of the podcast. However, before I let you go, I have one last question. Do you have any like learning recommendation for our audience? It could be a blog or a book or a podcast or anything that you would want our audience to go and spend time on.

Niyati: Okay, so for maybe all our clients at Gartner, I think Gartner is a huge library, would say encyclopedia for any topic, not just cybersecurity for your other practices as well within your INO like infrastructure and operations, your CIO, whatever everyone's priorities are, whatever are the trends going in each of these areas. So that is one thing.

From a podcast, we have a CISO Edge podcast from Gartner and I personally love this because it comes up with a lot of challenging notions to the existing foundational cybersecurity concept. So that is one thing and apart from this, as you mentioned, even we have to be very up to date for all the trends which are going on.

So Risky Business is one of my favorite podcasts because it comes up with weekly schedules and weekly recordings for all possible newer things which are happening in tech and also humorous note to it. So I don't feel like, know, I'm listening to a very technical part or technical thing. It brings simple examples, lot of humor and conveys a very, very strong message, but in a very, very understandable and subtle way.

So I personally would recommend everyone to start, but getting a visibility or getting a hang of one, not just these, but any of their favorite podcasts, which updates them on what is happening in this field on a day in and day out basis.

Host: Awesome. Yeah, I look forward to signing up to at least the risky business. I'm already listening to CISO Edge podcast. But one of the things that we will do is when we publish this episode, we'll add these references to recommendations to the show notes as well so that our audience can go in and sign up and start listening to it. And that brings us to the end of the podcast.

Thank you so much, Niyati, for taking the time and joining with me today.

Niyati: Thank you so much, Purusottam. I had a wonderful time from connecting and learning all about how the world perceives Gartner as well and the value of Gartner. Thank you so much for such an amazing time.

Host: Yeah, it was a very fun conversation. Thank you so much. And to our audience, thank you so much for listening in. See you in the next episode.