Twitter’s Rinki Sethi on why CISOs win when security is a shared responsibility

Starting a new job can be stressful at the best of times. During lockdown, it can be a real challenge.

Rinki Sethi joined Twitter as its chief information officer a year ago during the peak of the pandemic. Like most companies, Twitter had closed its offices, requiring its thousands of employees — and new hires — to work from home. For someone who thrives in the office, Sethi said going in as a new, entirely remote employee came with its own complexities.

“When you’re leading a security organization, one of the biggest things is trust, and one of the things you have to lean in on is building trust with the people that are driving security — your own team,” Sethi said during a wide-ranging virtual fireside interview at TechCrunch Disrupt 2021. Building those working relationships over video calls is much tougher, she said. “I’m used to doing that in person.”

Sethi is no stranger to cybersecurity and has previously held senior cybersecurity positions at IBM, Intuit, Palo Alto Networks, and most recently served as Rubrik’s CISO. Now as Twitter’s CISO, she oversees efforts to protect Twitter’s information and technology assets — entirely remotely for the time being. While that comes with its own challenges, there have also been upsides.

The pandemic didn’t just change how companies respond to cyber threats, it changed how we work. Remote work has broken down barriers to the global talent pool, once restricted by who could relocate to be near the office. We’re talking more about mental health in the workplace, and there’s a greater focus than ever on the people that keep companies running.

These factors don’t just make for a stronger workforce, they make for a more secure workforce. “There’s some ‘people-aspect’ to everything,” said Sethi. “Making sure your employees are feeling good; that they’re able to do their best work; that they’re mentally in a good space. I think that’s one of the most important things that tools, technology, applications and monitoring are not going to be able to solve for.”