During one of the most active years for network vulnerability exploitation, Prutha Parikh led Trustwave’s team to create the scanning signatures to detect potential flaws in client networks.
It’s not just a technologically demanding job — it’s a logistically difficult one, as well. Parikh’s team is internationally distributed, and Parikh was simultaneously in charge of Trustwave’s efforts for PCI-approved scanning vendor status, allowing vendors’ Trustwave product to remain approved to process credit card payments.
Parikh has received high marks from peers for her ability to manage a distributed team. It’s the kind of unglamorous but structurally important skillset that often gets overlooked.
“It’s not just the formal processes that are important,” she said, “but a lot of informal team bonding, too, especially because we're such a distributed group.”
Parikh emphasizes bringing aboard a wide variety of skillsets to her team, often recruiting from disparate security fields, and developing individualized plans to retrain them for network signatures.
“it is more important to have folks with the right attitude. There are things that can always be launched if someone comes in with that passion and with that willingness. I think it's truly important to differentiate for that and encourage more people.”
Her encouragement doesn’t stop there. Parikh instills a failure-is-part-of-success mentality, and pushes her workers to pursue research leveraging diverse past experience and learning new skills. A recent conference presentation on banking vulnerabilities, she said, took her team outside its comfort zone into a field it had never collectively worked on.
Taking weighted risks on people and projects, but being deliberate about how to make those people and projects successful is a key tenet of her managerial style and a key lesson from her time coming up in the industry.
“I was once told that I may not be a vulnerability researcher. I've taken that piece of feedback, and that's something that I know, I'm never going to tell my team — not today, not ever — because it affected me as an individual who was trying to build a career in cybersecurity,” Parikh said. “So I always come up with a plan with my team members to ensure that I am providing them with the resources, with the technical skillsets or training that is needed for them to achieve what they want to achieve.”