Vivek Shitole exemplifies thought leadership and industry recognition in Information Security. With around 18 years of professional work experience in Information Security and Privacy, Technical & Operational assessments, Risk and Management consulting, performance improvement, and PMO, Vivek has cemented his place as an authoritative figure in the realm of IT security. His extensive career has spanned various roles, including leading teams in risk management engagements, implementing IT operating models focused on security and privacy, and contributing to Oracle’s Business Assessment & Audit group.

Vivek’s credentials are not just confined to his work experience. They extend to his academic achievements and professional certifications as well. Holding an MBA in Operations & IT and an Engineering bachelor’s degree, he enriches his practical knowledge with theoretical insights. Vivek is also a marathoner and a full-distance Ironman, showcasing his dedication and perseverance both professionally and personally.

His certifications—ranging from PMP, Six Sigma Green Belt, ITIL-V3, to ServiceNow Administration—further underscore his multidisciplinary expertise. However, it is his thought leadership, extensively published articles, and contributions to prestigious forums and organizations, like the InfoSec Purple Book Community, that truly set him apart.

Journey into information security

Vivek’s journey into Information Security began with his early career as a Java programmer at Capgemini, where he first encountered secure coding practices. As he navigated the rapidly expanding internet landscape, Vivek observed that technological advancements were introducing new risks to organizational assets. “Businesses and governments were looking for answers to omnipresent security questions more than ever,” he recalls. This growing need for security solutions spurred his transition into the Information Security and Quality Assurance group, where he led a team of security professionals.

In 2009, Vivek pursued further education with a full-time MBA program at the University of Pittsburgh, aligning his coursework around InfoSec and Data Privacy. Joining KPMG as a technology senior associate in 2011, Vivek found himself at the heart of the tech industry in the San Francisco Bay Area. “With the rapid adoption of social, mobility, analytics, cloud and the ‘Internet of Things’ (SMACT), there was more and more need for InfoSec professionals, giving me an ocean of opportunities,” he explains. His career took a significant leap forward in 2018 when he started at Oracle, where he has since led numerous Data Privacy and InfoSec engagements, written influential articles, and contributed to industry standards through various committees and forums.

Key topics in published articles

In his published articles, Vivek addresses several critical themes in IT Security and Privacy. One of his key topics is the implementation of “Information Security and Privacy controls in Data Center decommissioning,” where he explores the phases of decommissioning and the associated high risks. He has also shared his pioneering work on the proactive reduction in InfoSec incidents using proven process improvement techniques such as Six Sigma. This innovative approach has set a benchmark for process improvement in the industry.

Another significant area of his focus is Datalake security. As Vivek notes, “Using big data via tools such as Datalake has propelled technological advancements,” yet it complicates information security in multiple directions. His articles delve into these complications and suggest potential remediations. Additionally, he emphasizes the importance of structured data privacy programs in big tech organizations, which function both as data controllers and data processors. His insights provide a comprehensive guide for maintaining robust data privacy and governance programs.

Evaluating InfoSec innovations and certifications

As a judge for various InfoSec events and technology awards, Vivek prioritizes a comprehensive set of criteria to evaluate innovative solutions and practices. He focuses on the relevance to the technical and business problems and assesses the ease and cost of implementation to ensure that the solutions are both practical and economically viable. Additionally, the resources needed for implementation and the short-term and long-term impact are critical factors in his evaluation process.

He also considers the tactical as well as strategic fit in the industry and organizations, ensuring that the innovations align with broader industry trends and organizational goals. Moreover, information security controls and data privacy compliance with regional and country-specific requirements are vital elements that Vivek prioritizes to maintain high security standards. Lastly, the tech stack used in solutions is evaluated to ensure compatibility and efficiency.

In his role as a reviewer for industry-leading professional InfoSec certifications like CCSK v5, Vivek places great importance on the content’s relevance and coverage of essential topics. He meticulously checks whether the certification topics advised by the Cloud Security Alliance (CSA) are adequately covered and up-to-date with current industry dynamics. These topics include “Cloud Computing Concepts & Architectures,” “Cloud Governance & Strategies,” “Risk, Audit, & Compliance,” and “Identity and Access Management,” among others.

Vivek uses a detailed set of criteria to provide feedback, such as evaluating whether the course was engaging and met the stated learning objectives. He assesses if the course was accessible to the target audience with at least two years of cybersecurity experience and suggests improvements where necessary. He also examines if any critical concepts are missing and if the progression of course concepts was easy to follow. His feedback includes reflections on the multimedia approach used in the course, technical difficulties experienced, and any errors in the content, ensuring that the educational material is comprehensive and effective.

Exclusive membership in InfoSec communities

The Purple Book Community (PBC) is an exclusive, invite-only organization dedicated to spreading InfoSec challenge awareness, creating valuable resources, powering networking, and amplifying recognition within the industry. “One Community (PBC), Many Goals” is its motto, reflecting its vision to connect security leaders and practitioners with a trusted community. This community equips members with the expertise to embrace secure development practices, solve evolving challenges, and democratize software security.

Vivek considers himself fortunate to be part of this remarkable community. He shares, “I get great opportunities to connect with some of the best brains of InfoSec industry on topics such as ‘Managing risk as the world embraces AI.'” The PBC offers a wealth of resources, including in-depth white papers, tools, and techniques for information security. They also conduct and lead various industry-leading events and conferences, fostering a collaborative environment. “It is like one big professional family with bright minds helping each other and collaborating for excellence achievement,” Vivek adds, highlighting the supportive and innovative atmosphere within the community.

Transformative insights from blogs

Leveraging the DMAIC approach from Six Sigma methodology, Vivek has proactively reduced InfoSec defects, a pioneering effort detailed in his blogs. He notes that many organizations deploy information security controls that are primarily reactive, designed to mitigate incidents after they occur rather than prevent them. “It is not feasible to deploy proactive security controls for all types of potential InfoSec incidents,” Vivek explains, highlighting the challenge that led to his innovative approach.

In his writings, Vivek describes how the DMAIC (Define, Measure, Analyze, Improve, Control) methodology can be used to proactively address InfoSec issues. By using a real-time case study, he demonstrated a 74% reduction in Information Security tickets/incidents. This significant improvement not only satisfied the client but also secured an extension of their contract by two more years. “Client was satisfied with the results and decided to continue with our services,” Vivek proudly shares, emphasizing the practical impact and success of his methodologies.

Data-driven operational reviews at Oracle

In his role at Oracle, Vivek approaches multiyear, data-driven IT operational reviews with meticulous planning and execution. By regularly affiliating with executive leadership, he aligns his strategies with the company’s vision and risk posture, creating comprehensive risk identification and mitigation programs. “Conducting detailed and result-oriented industry benchmarking” allows him to project As Is – To Be scenarios for critical areas, ensuring targeted improvements.

Vivek manages detailed technology assessments across various sub-domains, including Cloud Services provisioning, vendor risk management, and Business Continuity Management. He thoroughly assesses clients’ Cloud Services Strategy and Roadmap, identifying gaps and providing strategic recommendations. By effectively using his background in statistics and Six Sigma process improvement techniques, he explores data-supported opportunities to enhance processes. “These approaches with astute planning and execution have resulted in multi-million dollar savings and improved processes with various reputational, legal, and compliance risks mitigations,” Vivek emphasizes.

Impact of professional certifications

Much of Vivek’s effectiveness in managing complex IT security and privacy projects is attributed to his professional certifications. “These certifications are an excellent way to learn about industry-leading practices and theories,” he explains. The PMP certification, for example, provides comprehensive knowledge essential for managing end-to-end projects, including planning, execution, and successful completion. He notes that PMP-certified professionals are in high demand across diverse industries, and according to a PMI report, the global economy will need 25 million new project management professionals by 2030.

The Lean Six Sigma Green Belt certification also plays a crucial role in his approach. “The Green Belt course focuses on how process efficiency can be improved and how processes can be designed to deliver customer or client quality,” Vivek says. This certification equips him with the ability to recognize process improvement opportunities and design quality control programs using standard Six Sigma statistical methods. Additionally, the ITIL-V3 certification, which provides a framework for managing IT-enabled services, guides him through different service lifecycle phases. “Various IT service products are based on this framework, one famous such product is ServiceNow,” he adds, highlighting the practical applications of ITIL-V3 in his work.

Vivek’s journey in Information Security is marked by relentless dedication, innovative practices, and an unwavering commitment to advancing the industry.