Introduction
The Krishnamohan Kandar interview explores how cybersecurity is evolving from a compliance-driven function to a core pillar of business resilience. In an exclusive conversation with Veloxx Media, Krishnamohan Kandar, Vice President & CISO at CRIF India, shares insights on building digital trust, managing emerging risks, and aligning security with business growth.
From compliance to risk-led cybersecurity leadership
Kandar’s journey into cybersecurity was shaped through continuous learning and hands-on experience rather than a predefined path. Starting from a GRC pre-sales role without prior domain knowledge, he built his expertise through structured learning, including certifications like CISA and CISSP.
A defining moment in his career came when he began viewing cybersecurity not as a compliance checklist, but as a risk management function. His transition into a CISO role further reinforced the importance of ownership, decision-making, and aligning security with business objectives.
Building a security-first culture across organizations
According to Kandar, cybersecurity becomes ineffective when it is not visible in day-to-day decision-making. Instead of making employees security experts, he emphasizes instilling a simple mindset: asking “What is the risk?” before every action.
He highlights practical approaches such as continuous awareness through communication, embedding risk thinking into workflows, and ensuring leadership actively participates in security conversations. This approach transforms cybersecurity from a policy-driven function into an organizational reflex.
Emerging cyber risks in a rapidly evolving landscape
Kandar points out that organizations are underestimating the pace at which cyber threats are evolving. Key risks include AI-driven attacks, deepfakes, advanced phishing, identity compromise, API abuse, and cloud misconfigurations.
He emphasizes that most security breaches stem from poor decision-making rather than technological gaps. With India’s rapid digital adoption, the gap between scale and security maturity is becoming a critical vulnerability.
GRC as a business enabler, not just compliance
One of the key insights from the Krishnamohan Kandar interview is the evolving role of Governance, Risk, and Compliance (GRC). He explains that GRC is fundamentally about building trust—with customers, regulators, and partners.
A strong GRC framework enables organizations to move faster with confidence, supports sales and client engagement, and acts as a competitive differentiator in today’s data-driven economy.
Balancing innovation with security in the AI era
As organizations adopt AI, cloud, and digital transformation initiatives, Kandar stresses that security should not act as a barrier to innovation. Instead, it must be embedded into architecture, development, and operations.
He highlights the importance of structured risk assessments, consistent implementation of frameworks, and awareness-driven decision-making to ensure innovation is enabled without compromising trust.
Advice for aspiring cybersecurity leaders
For young professionals, Kandar emphasizes the importance of strong fundamentals, continuous learning, and accountability. He advises aspiring leaders to go beyond technical skills and understand risk, business impact, and decision-making.
He compares cybersecurity to a constant state of readiness, where professionals must be prepared for evolving threats while maintaining a strong sense of responsibility toward protecting data, systems, and trust.
Conclusion
The Krishnamohan Kandar interview highlights a clear shift in cybersecurity thinking—from compliance to resilience, from control to decision-making, and from IT function to business enabler. As digital ecosystems grow more complex, this approach will be critical in building secure, scalable, and trust-driven organizations.
