Deepen Desai
Chief Security Officer
Zscaler
NOVEMBER 2024
Chief Security Officer Deepen Desai of Zscaler got somewhat of a unique start to his career in cybersecurity – through gaming with roommates at San Jose State University. At the time, Deepen was working on his master’s degree and planning to be a software engineer. Back in 2002, while his roommates were playing an online video game, he realized that the players online “were cheating or hacking or whatever term you want to use to gain unfair advantage – they could see things that the normal video game would not allow,” he explains.
This made Deepen so curious that he started digging into the Windows operating system that the game used. His curiosity was so great that he ended up writing an AntiCheat program to catch these types of hacking attempts against gaming applications. Deepen shares that he “ended up selling my program to one of the gaming leagues while I was doing my master's degree – and that was my first experience in the field of security.”
Deepen continues that the AntiCheat program experience taught him a lesson he continues to apply to cybersecurity today: “How bad guys use – or should I say ‘abuse’ – the same API calls and the same vectors that are available to the good guys.” He explains that his roles early in his career were tied to vulnerability exploits, creating detections, zero day vulnerability analysis, and reverse engineering. “The goal was to understand what the issues are and how the bad guys are exploiting them, so that we could write defensive features in the product,” he said.
After about five years, Deepen got into his first leadership role, where he was focused on malware and antivirus at the network layer. He adds that he also gained experience in building a product and creating sandboxing. He joined Zscaler in 2014, and currently leads corporate and product security.
The Need for Collaboration in Cybersecurity Today
Part of Deepen’s role as Chief Security Officer involves research and engineering. “These are things that we see bad guys exploit, the newer techniques they are using. My team will come up with new detection prototypes,” he explains. “It could result in a net new product or it could be a new feature – with the single goal of making sure that the thousands of organizations that are relying on the Zscaler platform are protected.”
In thinking about how he started in security, he observed that “the technology changes, but the challenges remain the same.” He believes that the pendulum in the security industry has shifted in a direction that involves more collaboration. “We, as an industry, initially were not doing a good job on collaborating. There is still room for improvement on that aspect.”
But Deepen also believes that he sees progress in “bringing the good guys together.” He adds, “These cyber criminals do collaborate. They have a full supply chain model with expertise at each level, and so it’s necessary to have more collaboration and more active defense happening on our side.”
Looking Ahead: Top Focus Areas for Security Leaders
As Chief Security Officer, Deepen interacts with C-level peers in security and IT regularly and believes that they are aligned on some key priorities for the year ahead. “It starts with AI security,” he says. While everyone may be at different stages of AI adoption at their organizations, implementing AI and GenAI creates concerns around data security and governance. He says that “security and governance around AI-driven applications is one of the top priorities – both first-party and third-party applications.”
Deepen says that the second major focus area for CISOs is insider threats. He explains that there are malicious insiders, but also unintentional cases, “where it turns into an insider threat because of the way they were using certain things.” Having a formal program to manage these threats and maintain a strong security posture is critical.
The third priority for the year ahead, according to Deepen, is third-party risk management, which is one of the top priorities cited by CISOs in the Evanta community for this year, as well. Deepen notes this has become even more important as third-party and supply chain vendors have access to your organizations’ data. “If a third-party vendor is breached and your data was compromised, what is the impact on your environment because of that?” he asks.
While implementing a third-party risk management program is not new, Deepen shares that it is a priority because of AI-driven applications. “If there are ten apps that you started using in the last five years, half of those apps started adding AI modules into them,” he says. “Your third-party risk management program needs to evolve to consider all of those changes.”
Key Principles for Success in Security Leadership
In reflecting on his career, Deepen believes that one of his keys to success is “acting like an owner,” one of Zscaler’s guiding principles. “Do the right thing for the company, even if it means it's not going to result in good outcomes for your team,” he says. “If you follow that, more often than not, you will end up on the right side of the equation.”
Act like an owner and lead from the front.”
Another key leadership principle for Deepen is having a bias for action. He explains that “anyone can come in and complain about ten broken things, but if you bring ten issues to my attention and also come up with solutions for at least two of them, that’s how you move the needle.” He cautions against too much analysis and says that it’s better to fail fast, learn and pivot.
Finally, Deepen believes that success in cybersecurity requires you to “hire, develop and empower the best talent because you are as good as your team is.” He shares that it is close to impossible to scale on the innovation side of his role without talented leaders.
One thing I strongly believe in is that you either succeed or you learn.”
For CISOs who may be new to their roles, Deepen thinks that it is important to maintain a growth mindset and take the time to engage in continuous learning. He shares that he set up his own GenAI environment and tries to spend time each week learning new things.
He encourages new CISOs also to consider implementing a security ambassador program at their organization. Deepen has been driving a program at Zscaler for a few years and finds that it “helps set that security mindset and culture in the organization – and now they are the biggest advocates of getting things done the right way.”
Deepen is leading a session at the upcoming Southern California CISO Executive Summit on “How Zero Trust and AI Enable Innovation That Outpaces Adversaries.” To join the conversation, sign into MyEvanta to register for the summit. Or, if you haven’t yet joined an Evanta Community, you may apply here for the opportunity to get together with your CISO peers at local programs throughout the year.
Special thanks to Deepen Desai and Zscaler.
by CISOs, for CISOs
Join the conversation with peers in your local CISO community.
