Secret CSO: Upendra Mardikar, Snap Finance

What is the worst current trend in cybersecurity? “The worst trend right now is that we are in Cyber Pandemic with no end in sight. Security is still an afterthought in most of the organisations.”

Headshot of Upendra Mardikar, CSO at Snap Finance
Snap Finance

Name: Upendra Mardikar

Organisation: Snap Finance

Job title: Chief Security Officer

Date started current role: March 2020

Location: Santa Clara, CA

A prolific inventor and cyber security & digital identity business-enabler executive with an “art of possible” mindset who led global teams to secure world class organisations including American Express, Visa, and PayPal, is credited with 95+ patents and has won several innovation awards. Upendra Mardikar is the Chief Security Officer of Snap Finance, a leading Omnichannel Digital First FinTech in Buy Now Pay Later (BNPL), Lease To Own (LTO) and Loans space. He leads all aspects of cyber security and privacy while building new platforms to enable growth opportunities. This includes securing innovative multi-cloud platforms and products, Artificial Intelligence, client-facing technology, and customer and employee experiences. Prior to joining Snap Finance, he held Executive and Senior leadership positions at American Express, Visa and PayPal. Featured in Genius Journal, he helped pioneer blockchain in Amex-filed patents on blockchain and DLTS. Mardikar is an advisory board director for select security startups and venture capitalist firms.

What was your first job? I am an engineer and technologist at heart. I started my career by writing Operating System’s memory manager module and learnt that having a solid foundation is key for one’s career. 

How did you get involved in cybersecurity? I started working as a software engineer on Hardware Security Modules and Points of Sale terminals. That gave me an exposure to cryptography. Mathematics behind cryptography fascinated me and continued my learnings in the security world. I continue to learn different technologies like OpenSSL, IPSec/IKE, SSL and TLS, Key Management and other areas.

What was your education? Do you hold any certifications? What are they? I hold a Bachelor of Engineering in Computer Science and an MBA. I have CISSP, ISSAP, CSSLP certifications in Security.

Explain your career path. Did you take any detours? If so, discuss. My pedigree is of a technologist. I started as a software engineer writing system level programs. I became fascinated with how cryptography and security technology work and started learning it on my own. As I continue to learn more things in security, my leaders noticed and expanded my role in those areas. I didn’t feel any need to take a detour at all. I was lucky enough to work for esteemed companies. Some were in growth stage, early startups, big corporations going through digital transformations. That gave me insight on how to have a bias for action and yet influence across organisations and win as a team.

Was there anyone who has inspired or mentored you in your career? My career was shaped by several people; people who were my leaders and people who supported me in my team. I learned a lot from my peers and people across multiple levels in the organisations. By the grace of God, I was always surrounded by people from whom I could learn a lot.

What do you feel is the most important aspect of your job? Cybersecurity has evolved over the last few years. Earlier security professionals were just sitting in corners trying to work on some nebulous tasks. Now, due to the impact of ransomware and nation state sponsored attacks, it has become potentially a weapon to cause massive damage to economies. I think leaving a small footprint to help the world defend itself and keep individuals safe, gives me a tremendous sense of fulfillment. 

What metrics or KPIs do you use to measure security effectiveness? We use quantitative and qualitative metrics based on SECURE index and a few other methodologies. Most important one is, “Are we enabling business while reducing risk every single day”.

Is the security skills shortage affecting your organisation? What roles or skills are you finding the most difficult to fill? Security is not one organisation or vertical’s responsibility. It is a team sport and a journey. Federating security and coaching team members across various organisations is the path I follow. I hire differently. It’s not about the domain expertise that I am after. Is the person curious to learn, willing to put efforts outside of current scope of work and be a team player? I realised early on in my career that I can’t win alone and winning as a team is very important. That’s what I value. Hiring people with the qualities above is how I address the cybersecurity skills gap. 

Cybersecurity is constantly changing – how do you keep learning? Learning from various sources, peers in the industry, attending podcasts, preparing and presenting at conferences, co-authoring books and blogs are a few ways to keep learning. It's fun to keep learning.

What conferences are on your must-attend list? I stay away from selecting a few. There are several and the way to choose from is to evaluate on my own, what resonates with me and where I can learn from.

What is the best current trend in cybersecurity? The worst? The worst trend right now is that we are in Cyber Pandemic with no end in sight. Security is still an afterthought in most of the organisations. The best current trend is that security is getting a seat on the leadership table. Board is asking about security and the best news is that the President of the USA is taking security very seriously. Security leaders from various organisations are coming together to solve this Cyber Pandemic.

What's the best career advice you ever received? Be Humble. It’s easy to get carried away if you think you know more than other people.

What advice would you give to aspiring security leaders? “Art of Possible”. Security is going to get tougher day by day. How do we balance stellar experiences with security?  The only way to do this is to think outside the box and push ourselves to explore what’s possible. Fixing the perception that security is a naysayer organisation is the need of time.

What has been your greatest career achievement? It's very fulfilling for me to add value to people’s lives. Cybersecurity gives the opportunity to protect organisations and their ecosystems. Being able to make that difference is the greatest achievement in my career.

Looking back with 20:20 hindsight, what would you have done differently? I would have focused on knowing myself quite early in life.  I am a technologist at heart, and I like to be a Technologist Servant leader. The sooner we know about ourselves, the faster we advance in our careers.

What is your favourite quote? “We are all broken, that’s how light gets in” - Ernest Hemingway. Accepting ourselves and accepting others as not being perfect is the first step toward learning.

What are you reading now? I am reading the 9 volume series of The Complete Works of Vivekananda. You can find free versions on the Internet. It gives an amazing perspective toward life and who we truly are. It's all about philosophy.

In my spare time, I like to… I like to take a step back and reflect on goals, both personal and organisational.

Most people don't know that I… Write poems and odes.

Ask me to do anything but… compromise integrity.