Pawan Desai
CISA, CISSP, CBCP, Co-Founder & CEO, MitKat Advisory
MitKat is a premium management consultancy specialized in risk management, which is primarily focused on global corporations, government departments/ multi-lateral organizations, and NGOs operating in challenging environments. SecurityLink India has recently got an opportunity to talk to Pawan Desai – CISA, CISSP, CBCP – Co-Founder & CEO of MitKat Advisory, who is one of Asia’s leading security thought leaders, speaker and author. Some excerpts:
SecurityLink India (SLI): How do you define MitKat Advisory in essence, and how was it conceptualized?
Pawan Desai: India and Singapore based MitKat Advisory is a leading risk consultancy company in Asia. Our mission centres around outstanding services to clients, being financially healthy so that we can reward ourselves and grow, and be a great place to work which consistently attracts, develops and retains best in class talents.
SLI: What is your modus-operandi?
Pawan Desai: MitKat works collaboratively with niche clients to promote business and protect their most valuable assets – people, information, material assets and brand. We consult, take ownership for implementation of recommendations and help sustain initiatives.
SLI: Which are your key areas of excellence in terms of services and verticals?
Pawan Desai: Information and advisory services (Threat Intelligence and Travel Advisory), security and safety consulting and design, operational support services, embedded security leadership, cybersecurity and business continuity plan (BCP), fraud and integrity risk management, training and change management, and so on.
SLI: What is your priority sector – government or private, and why?
Pawan Desai: We work with the world’s most respected corporations (more than 50 of the top 100 global brands). We also work on strategic projects with leading global NGOs as well as with government.
SLI: How do you see the trend today in relation to L1 vs. T1?
Pawan Desai: It depends on the maturity of the organization, and the priority they accord to the security of their personnel, brand and other critical assets. Most mature organisations have a value-based buying with a pre-defined percentage for technical competence as well as price. However, many organisations still have L1 bias, including government organisations.
SLI: Please name some of your completed and pipelined projects, and which is your most satisfying one so far, and why?
Pawan Desai: We provide Threat Intelligence and Travel Advisory to many of the world’s most respected organizations 24x7x365, and in the case of most of our customers the satisfaction rate is close to 100%. We have done.
some of the most advanced security consulting and design projects, including envisioning and design of national level command and control centres. We have worked in war and insurgency impacted areas, saved lives, and calmed and helped people in crises – this is obviously very gratifying.
Very tight non-disclosure agreements are a norm in our industry. However, we are always willing to share our learnings and experiences.
SLI: How would you describe the security and surveillance business in India as on date, and where is the trend leading to?
Pawan Desai: More and more organisations are moving from excessive human dependence (and associated vulnerabilities) to an optimum mix of people, process and technology. Organizations also want a standards and frameworks-based efficient security, and a consistent level of efficiency and user experience across the enterprise.
SLI: New developers and technologies are emerging at a rapid pace; what would be its impact on the Indian market in the days to come, and what are your advices for the end customers?
Pawan Desai: As minimum wages go up, the cost of compliance increases, breaches occur with alarming regularity (mainly due to human vulnerabilities) and regulators become unforgiving, more organisations are preferring to get professional consulting and design support, undertaking techno-infra interventions and strengthen processes to achieve better security and user experience at optimum cost.
SLI: What would be the state of physical security personnel in the wake of emerging technologies, and how could the balance be established?
Pawan Desai: Going forward, there will be fewer but better skilled and trained personnel. They would be more techno-savvy and be able to operate security technologies well. Soft skills will become more important as security personnel are usually the first point of contact. Many organisations are undertaking (with professional consulting support) cost optimization and performance improvement exercises centred around reducing/ optimizing guards, using technologies and strengthening processes.
Some new age integrated corporate services providers are providing tech-enabled integrated facility, security and other corporate services as a bundled offering.
SLI: What challenges or inhibiting elements (both legislative and otherwise) do you face in the industry, and what are your recommendations in relation to them?
Pawan Desai: We need standards and frameworks for physical security. Current physical security legislation covers only manned guarding, and that too is getting outdated rapidly. We need integrated security standards, guidelines, frameworks to cover other stakeholders such as consulting and design companies, security OEMs and system integrators, employers etc.
SLI: How have the safe and smart cities projects been doing so far? What are your contributions towards these projects?
Pawan Desai: Smart cities program is a great initiative but implementation record has been mixed. Different cities are making progress to different degrees. Some like Pune, Nagpur, Bhubaneswar etc. are doing relatively better. Some cities are making good progress in specific parameters – like Indore in cleanliness.
Consultants or so called project management consultancies (PMCs) are in place but strictly speaking, there is no project to manage. Project management involves feasibility study (Go/ No Go), DPR, design, design development, tender development and tendering – all of these take time. Unfortunately, the emphasis due to various other considerations is just to get the tenders out at the earliest.
The role of ICT is being overplayed and the urban infrastructure design does not get the place of pride. What needs to be understood is that before a city tries to make itself smart, basics need to be in place. Sometimes unfortunately, provision of basics like water or sewage disposal is being confused with. Projects are being planned and tendered in isolation – by doing 20 isolated projects, we would not make a city smart.
To properly utilize the infra, the infrastructure has to be developed first. In the rush to show results, the original vision and mission is getting diluted. What we need is a pancity development rather than area based development (at least of the basic infra).
Perhaps except one smart city i.e., Pune, no one has the procurement or financial guidelines, though it is very much required, and therefore they have to re-invent the wheel for everything,
There is serious lack of skills, particularly at the cutting edge or middle management. There exists a need for training/ skill development (by industry bodies) to rotate top talent who have developed execution expertise across smart cities. System integrators need to develop their talent.
Sometimes tenders can be better worded. I have even seen tenders like – the scope is…, but not limited to… .
MitKat is largely into consulting and design space – for cities, ports, financial districts, strategic projects, command and control centre designs etc.
SLI: A recent newspaper update states that majority of CCTV installed in Delhi are defunct and a large chunk of data feed is wasted – and this is not the only case. How would you correlate it with the success of smart cities? Where is the gap and how can that be filled?
Pawan Desai: I think a lot of it has to be related to governance and ownership issues such as no proper special purpose vehicle (SPV) or a functioning board, inadequate empowerment of officials, short tenures of CEOs, inadequate accountability, focus on L1, overenthusiastic bidders agreeing to any terms of contract and picking up contracts at unrealistic prices, lack of skills etc.
We need to practice project based approach and allow sufficient time for feasibility study (Go/ No Go), DPR, design, design development, tender development and tendering. We need a pan-city development plan and the execution be made in phases. SPVs and Boards need to be constituted properly and CEOs must have longer tenures, empowerment and accountability. There is a serious need for skill development and strengthening of governance.
SLI: Hi-rises and infrastructures such as hospitals are supposed to be, and are usually constructed under consultants’ guidance, however, the cases of hospital fires, collapse of buildings and other incidents are on the rise. Where do you see the lapses and how can these be minimized?
Pawan Desai: India has a dismal safety record – whether road or rail safety, or structural or fire safety. Some of them are attitudinal. We need to enforce laws, regulations, standards and frameworks, and fix accountability.
SLI: What are the impacts of weak PSARA, inadequate cyber laws (IT Act), and no dedicated laws for security and surveillance in India? What are your recommendations?
Pawan Desai: The laws for cyber security and privacy are under formulation. Globally, there is no one standard for physical security (unlike ISO 27001 for Information Security or ISO 31000 for Risk Management or ISO 45000 for Occupational Health and Safety Management). There are standards, frameworks, guidelines, country-specific legislations, and best practices pertaining to surveillance, select security technologies and aspects of safety. There is also a global standard for asset management.
Having operated across the globe including in very challenging environments of Middle East, Africa, South Asia and APAC, we at MitKat have been privileged to learn many good things from different environments. Based on global standards, frameworks, guidelines, learnings from country-specific legislations and best practices across the globe, we are adopting an integrated standards and framework based approach to security – one that uses technology optimally, forms a part of the integrated asset management, provides efficiency, consistency, better user experience and confidence to the customer, and reduces human dependence and optimizes costs.
SLI: What are some of your basic suggestions to the end customers to consider while planning implementations of security, surveillance, and cyber security and fire safety etc.?
Pawan Desai: Security is most efficient and effective when it is incorporated at the planning and design stage itself. Have a risk-based approach to security. Identify critical assets and carry out a threat-vulnerability risk assessment. Design security optimally with an optimum and effective mix of people, process and technologies.
Cyber security is an all pervasive subject and closely integrated with physical security, surveillance and access, fire and life safety, BCP and crisis management. All aspects of endpoint, application and network security must be planned and implemented well.
SLI: Kindly share your points of view about SecurityLink India.
Pawan Desai: SecurityLink India is doing a good job of keeping stakeholders appraised with latest developments in physical security, fire and life safety, surveillance, security technologies, geo-political and security developments, coverage of key events, lessons from major incidents and case studies. It publishes well-researched articles, provides insights from industry experts and business leaders and showcases innovative technologies, solutions and approaches. I must compliment the Editor, the team and contributors for putting together excellent, informative and thought provoking articles consistently.