Krishan Kanagarajah
Tackling cyber threats
Q: How do you stay updated on emerging trends in cloud security – and which developments do you see being most impactful?
A: I stay updated on cloud security trends through continuous learning, industry publications, networking, vendor engagement, discussions with colleagues and monitoring threat intelligence feeds.
In my opinion, the key developments that are most impactful for the industry right now include zero trust architecture, cloud native security solutions, AI and machine learning, serverless security, and compliance with evolving regulations like General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).
These trends are shaping how organisations enhance their security posture and protect cloud assets.
Q: Where do you see the biggest shifts in cybersecurity over the next five years – particularly concerning cloud security and banking?
A: The cybersecurity landscape is evolving rapidly and over the next five years, significant shifts will occur in several key areas.
Organisations are increasingly adopting cloud native security solutions like cloud access security brokers (CASBs), cloud workload protection platforms (CWPPs) and cloud security posture management (CSPM) tools to safeguard cloud environments with a heightened focus on zero trust architecture for secure access control.
In the banking sector, stricter regulations like the Australian Prudential Regulation Authority’s (APRA) CPS 234, GDPR, the Digital Operational Resilience Act (DORA), the Federal Financial Institutions Examination Council (FFIEC) standards and CCPA are driving investments in robust security measures and effective incident response plans.
AI and machine learning are playing a pivotal role in detecting and responding to threats, including fraud and anomaly detection. while focussing on emerging threats. Additionally, the cybersecurity workforce is expected to grow as organisations aim to bridge the skills gap in this critical area.
Q: How have you seen the cybersecurity posture of organisations evolve over the past two decades?
A: The cybersecurity landscape has evolved dramatically over the past two decades due to tech advancements, globalisation and increasingly sophisticated cyber threats.
Remote work and cloud computing have expanded the attack surface, intensifying the need for robust data privacy measures due to regulations like GDPR and CCPA. Enhanced frameworks like NIST and ISO 27001:2022, along with AI, machine learning and blockchain, are transforming threat detection and response.
Organisations must continually adapt to protect against emerging threats.
Q: How do you see automation impacting penetration testing?
A: Automation transforms penetration testing by enhancing efficiency, scalability, accuracy and cost-effectiveness. It takes over repetitive tasks, freeing testers to focus on strategic activities, and accelerating vulnerability identification and remediation.
However, it poses challenges such as diminished human expertise and creativity, difficulties with unconventional vulnerabilities, false positives or negatives and ethical concerns about misuse.
Professional penetration testers must embrace automation by mastering tools and scripting languages like Python and PowerShell, enhancing strategic thinking, problem solving and creativity, staying updated on cybersecurity trends, understanding the ethical implications, and collaborating with automation experts to remain effective and successful.
Q: In what ways do you think AI and machine learning will influence cybersecurity audits and assessments?
A: By integrating AI and machine learning into cybersecurity audits and assessments, organisations can enhance their ability to identify vulnerabilities, mitigate risks and respond to threats more effectively.
It’s an exciting time for the field with technology continuously evolving to meet the challenges of an ever-changing threat landscape.
AI can be used to continuously monitor networks, prioritise cybersecurity efforts and improve incident response. It will also support continuous compliance auditing and automate vulnerability scanning while machine learning can analyse user behaviour to detect anomalies.
These advancements will greatly enhance organisations’ ability to identify vulnerabilities, mitigate risks and respond effectively to threats, ensuring a robust and proactive cybersecurity posture.
Q: And finally, what motivated you to pursue a career shift to cybersecurity and IT auditing, from finance and business auditing?
A: Cybersecurity has been my enduring passion since 2000, sparked by the thrill of exploring a secondhand computer. While my initial ambition was to forge a career in IT, the prohibitive cost of IT degrees led me down the path of accounting.
After gaining qualifications as an accountant, I found a perfect intersection of my interests by moving into IT auditing, armed with Certified Information Systems Auditor (CISA) certification.
My journey continued as I specialised further in cybersecurity, earning Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP) and Certified Cloud Security Professional (CCSP) certifications.
Today, I remain dedicated to auditing with a focus on safeguarding digital landscapes.
CV IN A NUTSHELL
Krishan Kanagarajah’s career began in 2002 as an audit trainee at Kreston Sri Lanka before he moved to Ernst & Young (EY).
By 2007, he had qualified as a chartered and management accountant. In 2009, Kanagarajah gained Certified Information Systems Auditor (CISA) certification and transitioned to IT auditing. Obtaining Certified Ethical Hacker (CEH) certification in 2012, Kanagarajah has since specialised in technology audits, cybersecurity and penetration testing.
In his spare time, Kanagarajah enjoys nature photography, playing the piano and gardening.
FACT FILE
FAMILY
Father – Kanagarajah Suppiah (retired principal)
Mother – Anandini Kanagarajah (retired farmer and housewife)
Wife – Bamini Krishan (supportive homemaker)
Sons – Keayshav and Bhaveesh Krishan (in primary school)
SCHOOLING
Hindu College Colombo
HIGHER EDUCATION
MBA – Postgraduate Institute of Management (PIM)
BSc in Business Administration – University of Sri Jayewardenepura
FCA – Institute of Chartered Accountants of Sri Lanka (CA Sri Lanka)
ACMA – Chartered Institute of Management Accountants (CIMA)
PRESENT OCCUPATION
Manager of Group Audit – Cyber Security
Past president of the Institute of Chartered Accountants of Sri Lanka (CA Sri Lanka) – Australia Chapter
COUNTRY OF RESIDENCE
Australia
CITY OF RESIDENCE
Melbourne