CXOToday has engaged in an exclusive inyterview with Jai Balani, Data Security and Privacy Engineer at Netflix, California, United States
- Take us through your work journey and share as a Data, Security, and Privacy Engineer, what are some of the key things you are responsible for?
I moved to the US in 2005 to pursue a Master’s in Computer Engineering at Stony Brook University. I received a full scholarship and worked on TextMap, a research project using natural language processing to monitor entity references in news.
With robust experience in data engineering, I’ve held key roles across multiple organizations. At Goldman Sachs, I pioneered a semantic layer and an automated revenue reporting system. At Prime Healthcare, I led the creation of the company’s first enterprise data warehouse, benefiting data analysis across various hospitals. While at Heartflow, I designed data lake and data governance platforms that optimized data management and facilitated enhanced data exploration, pattern recognition, and swift decision-making.
Currently at Netflix, my focus has been empowering security engineers on endpoint security, detection and response and google workspace management, and building our second-generation external data reporting platform.
I’m a speaker and panelist at conferences, educating leaders on Privacy Education, Open Source Supply Chain Risks, and Engineering Leadership. I advise companies on Data Engineering best practices and privacy-preserving solutions.
- Throw some light on the growing cyber-crime globally and a few preventive tips for data protection that can help organisations run safely ?
As the usage of the internet has been rising it has contributed to the rise of cyber-crime as well as more sophisticated hacking techniques. Over the last decade there has been a significant rise to scams like fake emails (phishing), stealing personal info (identity theft), unauthorized access to data (data breaches), and malicious software locking users out (ransomware attacks), causing financial losses as well as reputation damage in both public and private sectors.
Jotting down some well-known best practices below:
- Implementing Intrusion detection systems (IDS) that could help detect and alert any unauthorized access to the network. There are well established malware defense solutions which can protect your systems from malicious software
- Regular Software Updates: To reduce risk of exposure to known vulnerabilities keeping systems and software up-to-date and enabling enterprise wide software management systems is quite useful
- Switch to Passkeys: Security industry as a whole is moving to Passkeys, they are a replacement for passwords. A password is something that can be remembered and typed, and a passkey is a secret stored on one’s devices, unlocked with biometrics.
- If using Password, enforce Multi-Factor Authentication: Multi-factor authentication (MFA) is a multi-step account login process that requires users to enter more information than just a password. For example, along with the password, users might be asked to enter a code sent to their email, answer a secret question, or scan a fingerprint. Using multi-factor authentication is fundamental to a secure infrastructure.
- Network Security: Another highly common practice is the usage of firewalls, encryption, and secure networks (Virtual Private Networks) to protect sensitive data from unauthorized access.
- Regular system audits and controls: Even companies with the most advanced systems need to employ regular system audits and controls to help organizations determine if current security measures are adequate to secure against various threats.
- Finally, security information and event management systems (SIEM) are quite useful to collect security logs which then help identify and respond to threats.
Some lesser known trends that are also helpful:
- Building a red team: Its highly recommended to build a team of professionals who could proactively identify vulnerabilities before actual attackers do and thereby help to fortify the organization’s security and privacy measures
- Implementing a zero trust architecture: In this architecture every access request is fully authenticated, authorized, and encrypted before access is granted, regardless of the user’s location, device, or network. This approach minimizes the threat of attackers moving laterally inside a network once they’ve gained initial access.
- Considering secure infrastructure as a necessity: A common weakness in cybersecurity is companies not fully investing or focusing on it until they are directly impacted by a breach. In some ways it should be seen analogous to insurance as a protection from unforeseen events and hence well invested and always a priority.
- In the digital era, kids are exposed to a vast amount of content online and are vulnerable to cyber crime- how do you think this can be prevented ?
Parents can use parental control tools and safe search settings to restrict access to harmful content and monitor their child’s activities. Parents should stay informed about the latest online threats specifically if those are targeting young children. Privacy settings should be reviewed and updated regularly on all devices and accounts used by children.
- Protecting kids from cybercrime- some tips for parents to keep in mind to help the digital generation ?
I believe that children’s online safety begins with educating children about online risks, such as sharing personal information and interacting with strangers. Good password practices should be taught early on.
It is quite important to foster open communication so that children feel comfortable discussing their online experiences. Children should be encouraged to report offensive content and to maintain respectful online manners. By fostering responsible online habits and maintaining open dialogues, a safer digital environment can be established for children.
- Online Gaming Platforms are thriving in India and so are Cybersecurity threats: How can these platforms be safeguarded ?
The most fundamental step would be to use strong passwords and extra login steps for users. Large platforms should also use secure ways for payment processing, automated fraud detection mechanisms, keep gaming software updated, and ensure there is protection against large scale attacks by investing in zero trust architecture and building a red team.
I would also recommend a couple of preventative steps like allowing players to control who can see their details and communicate with them and in case of a breach have a detection and response plan to cut the damage and get back to business quickly.
- How the Mushrooming startups in the FinTech, AdTech, HealTech Spaces can build a reliable and advanced data governance system globally ?
With the advent of startups and highly successful online platforms/products in India the impact of technology is in its very early stages in India. I strongly believe that the pace at which technology is evolving is going to be extremely hard for the general population to be aware of all of its risks and pitfalls.
Hence the responsibility of ethical and responsible use of technology lies on the same companies that are developing the online platforms/products.
Building a reliable data governance system involves understanding Regulatory Landscape and establishing a detailed data governance framework that outlines data ownership, data definitions, data privacy, quality, standards, and compliance.
- Finally, share the importance of Data Governance and Cybersecurity in today’s day and age and why should Indian students join the cyber squad ?
Data Governance should not be treated as another checkbox to stay compliant with the laws, over the years, good data governance would help build the reputation of a company and give it a competitive advantage. Cybersecurity as a field is quite mature already and companies have the advantage of proven methodologies for securing their infrastructure. Successful implementation of both these essential features would require a proficient and disciplined team and hence a great opportunity for Indian students to contribute to the success of their company