Karthik Rao Bappanad is a technologist with a keen interest in public policy. He has more than 23 years of industry experience, spanning IT Programme and Project Management, Service Delivery Management and over a decade in Cyber Security. His professional journey has traversed various sectors including IT services, banking, manufacturing and government, and across five countries and four continents, fostering a richly diverse skill set.

Karthik was the head of CySecK, which is Karnataka state’s Centre of Excellence in Cyber Security. Prior to this, he was heading Security Engineering at ReBIT – a subsidiary of Reserve Bank of India.

At CySecK, Karthik provided cybersecurity advisory and guidance on strategy to various state government departments, along with conducting capacity building programmes. He led the preparation of the Cyber Security Policy for the state of Karnataka, built a community of leading CISOs in the state with a focus towards building a strong cybersecurity ecosystem and prepared the strategy for the Karnataka state government to tackle information disorder.

At ReBIT, Karthik led an “As Is Study” of RBI’s cyber security posture that was used to chart the overall security programme roadmap. He established an application security programme, institutionalised a programme for periodic security risk assessment of all critical IT systems and led incident response to critical security incidents / alerts.

Karthik has also spent close to 17 years at Infosys, where he started as a coder, moved on to Systems Integration, and later Project and Programme Management in Cyber Security. The project he was managing was awarded second prize in Infosys Annual Awards for Excellence in the category of “Project Execution Excellence”.

Karthik has managed end-to-end cyber security programmes across various domains like SOC, Identity and Access Management, cyber risk assessments, infrastructure security, application security, Governance, Risk and Compliance. His IT service delivery experience includes setting up the Future Mode of Operations, service transition, incident management, problem management, change management, demand and capacity management, knowledge management and financial management. With apologies to Rudyard Kipling and CLR James, Karthik pontificates “what do they know of cybersecurity, who only cybersecurity know”.

Karthik has been a speaker at events in India and abroad, including forums like Data Security Council of India, Telecom Regulatory Authority of India, National Cyber Security Agency – Thailand, Indian Cyber Crime Coordination Centre, Naval War College and many more. He is part of various committees to provide strategic advisory and guidance on cyber security. He is also a Fellow of UK Government’s Chevening programme, specialising in Cyber Security.

At DeepStrat, he brings his vast experience and expertise as a regulator, technologist and institution builder.