TECHx Media spoke with Manish Agarwal, CIO of M.H. Enterprises, for its cybersecurity-focused magazine CodeRED June-July Edition 2025. He shares key insights on building a zero trust security model, aligning cybersecurity with business goals, and overcoming challenges in today’s hybrid environments. Read the interview below to know more.

What are the top cybersecurity priorities for your organization this year?
Our top cybersecurity priority this year is building a resilient, Zero Trust-driven hybrid security model that protects both on-premise and cloud environments. We’re actively working on enhancing privileged access controls, implementing network access control (NAC), and deploying intelligent threat detection tools for real-time visibility across endpoints and user behavior.

Additionally, we’re emphasizing automated vulnerability assessments and database activity monitoring to proactively identify potential weaknesses. Security awareness training remains critical, as human error continues to be a common threat vector.

How do you align cybersecurity initiatives with overall business goals?
Cybersecurity is tightly aligned with our broader business strategy. Every security initiative we implement is assessed for its impact on risk mitigation, operational continuity, and customer trust.

For instance, during major automation and digitization projects, security controls are embedded right from the design stage. We track metrics such as risk reduction, incident response time, and compliance coverage, all of which tie back to our strategic goals of efficiency, resilience, and credibility.

Can you share a recent cybersecurity incident or close call and how your team handled it?
We encountered a situation where abnormal login activity was detected within our internal network. The behavioral patterns resembled a brute-force attempt. Thanks to proactive monitoring, our team was able to isolate the endpoint and investigate immediately.

The root cause turned out to be a dormant user account that hadn’t been deactivated post offboarding. We conducted a full access review and strengthened our user lifecycle management practices. It was a timely reminder of how even non-malicious oversights can open doors to risk.

What are the key factors you consider when evaluating cybersecurity vendors?
Our evaluation criteria are centered around solution maturity, ease of integration, scalability, local and remote support, and measurable business value.

We value vendors who understand our environment and challenges, offer transparent pricing, and provide long-term partnership, not just product delivery. Proven references, hands-on trials, and solution roadmaps also play a role in our selection process.

How do you prefer vendors to approach you, with education, product demos, or proof of value?
A consultative, educational approach works best. We prefer vendors who start by understanding our needs and pain points, then offer targeted insights and practical examples.

Short, focused demos and access to a test environment help us evaluate feasibility. The more relevant and hands-on the engagement, the better the outcome for both sides.

What are the biggest gaps in current cybersecurity solutions that vendors should address?
Many solutions today still lack context-awareness, they flag activities without prioritizing based on risk or business impact.

Another gap is the difficulty in integration. Products should come with out-of-the-box connectors or easy-to-deploy APIs. Finally, licensing and usage models need simplification. Too many options often confuse buyers rather than helping them.

Are there specific challenges in integration, scalability, or support that you’ve faced?
Integration with legacy infrastructure continues to be a challenge. Some newer tools are built cloud-native but struggle in hybrid or transitional environments.

Scalability is generally less of a problem now, but consistent and regionally-aware support is still a pain point. We now make it a practice to test vendor support responsiveness before full-scale onboarding.

How is your cybersecurity budget evolving year-over-year?
Our cybersecurity budget has seen incremental growth, with a reallocation towards analytics-driven monitoring, user awareness, and automation-based defense.

We’re also optimizing our spend by balancing commercial products with open-source tools wherever feasible, without compromising on coverage or reliability. Budget discussions are increasingly linked to risk and incident trends.

What’s your advice to vendors looking to position their solutions for budget approval?
Focus on outcomes. Position your solution in terms of business impact, risk reduction, operational efficiency, or compliance readiness.

If your tool replaces multiple systems or reduces manual work, quantify that. Avoid overly technical selling and instead align with planning cycles and strategic goals. A clear ROI narrative goes a long way in securing buy-in.

Have you collaborated with vendors on co-developing or customizing solutions?
Yes, collaboration has been crucial in several successful deployments. In cases where off-the-shelf solutions didn’t fully meet our operational nuances, we worked with vendors to fine-tune workflows and reporting structures.

Such partnerships have led to better user adoption and product stability.

What common mistakes do vendors make when engaging with CISOs?
Some vendors come in with pre-built pitches that may not align with our actual environment. O thers dive too deep into technology before understanding our business context.

Inconsistent follow-ups or ignoring compliance and data residency considerations are also common pitfalls. The best engagements are those where vendors listen more than they sell.

What’s one innovation or improvement you hope to see from vendors in the next 12 months?
I’d like to see more intuitive AI-driven analytics that reduce false positives and prioritize alerts based on context. Also, easier deployment models ,something that doesn’t take weeks to configure.

Vendors who can offer modular, adaptable solutions with strong analytics will stand out in the coming year.

You can also read the full interview in TECHx Media’s CodeRED June-July 2025 Edition: https://techxmedia.com/codered-june-july-2025

Related post

View all