WHAT’S HER JOURNEY?

Pallavi Kaul Associate Director, Deloitte

Pallavi Kaul, Associate Director at Deloitte, has carved a distinct path in cybersecurity, focusing on Governance, Risk, and Compliance (GRC). Reflecting on the early stages of her career, she recalls, “In the early stages of my career, the turning point came when I was hired into the GRC team at HCL. That opportunity gave me hands-on exposure to governance, risk, and compliance, and helped me see how cybersecurity underpins business trust and resilience. From there, I consciously deepened my skills, pursued certifications, and built on that foundation to shape a professional path in cybersecurity.”

From the outset, Pallavi had clarity about the direction she wanted to take. “When I started my journey in cybersecurity, I did have a sense of direction — I was always more drawn to the governance and risk management side than to purely technical roles. I wanted to understand how organizations can build trust, ensure compliance, and embed security into business strategy. So my career choices were quite intentional, focusing on Governance, Risk, and Compliance as my core path.”

For those beginning their journey, Pallavi advises, “I’d remind myself to stay curious and not be intimidated by how vast cybersecurity seems. No one masters it all. Start with fundamentals, but be flexible to explore different domains. Eventually, you’ll find your niche — for me, that turned out to be Governance, Risk, and Compliance.”

She emphasises the importance of a strong foundational knowledge for aspiring cybersecurity professionals: understanding regulations, risk frameworks, and business strategy is critical to translating security into actionable and effective solutions.

Looking forward, Pallavi foresees transformative changes in the industry. “Over the next two years, I believe the most transformative shift in cybersecurity will be the move toward AI by design. Instead of deploying AI as an add-on tool, we’ll see it embedded directly into architectures, policies, and controls making security systems more intelligent, adaptive, and self-healing. This will elevate the industry from reactive defense to predictive resilience.” She also warns of the growing sophistication of threats: “The real threat will not just be more attacks, but the intelligence behind adversaries using AI to scale precision phishing, deepfakes, and automated exploits. At the same time, the quantum threat to encryption will shift from theory to urgent boardroom conversations, forcing adoption of PostQuantum Cryptography.”

The aspects of her role that bring the most fulfillment are clear: “As a Cybersecurity GRC practitioner, what fulfills me most is the ability to translate regulatory complexity and risk into clear, actionable strategies that help organisations operate with confidence. I take pride in enabling leaders to see cybersecurity not just as compliance, but as a competitive advantage built on trust and resilience. Knowing that my work helps protect critical assets while empowering growth is what gives me the greatest satisfaction.”

Pallavi also stresses the importance of work-life balance in a demanding field. “I’m a mother to a 6-year-old son, who was born in Sydney, and my husband works with Google — so family time is precious. I make it a priority to be present with them, while also carving out time for fitness and reflection. That balance not only keeps me grounded but also makes me more effective as a Cybersecurity GRC practitioner.”

To remain effective and informed in an ever-evolving landscape, she combines structured learning with real-time insights: “I actively follow ET CIO forums, leading news articles, and regulatory updates to capture both global trends and local perspectives. I complement this with professional certifications and peer exchanges.” www.linkedin.com/in/pallavi-kaul-bb1360b

Pallavi Kaul’s journey highlights the value of intentionality, continuous learning, and the pursuit of a meaningful niche. For those aspiring to enter cybersecurity, her story underscores that curiosity with strategic focus can lead not only to professional success but also to the satisfaction of making a tangible impact on organisational trust and resilience