Deepen Desai: A doctor in computer viruses. [CISO] [Career Notes] - CyberWire Daily

Podcast Summary

Podcast: CyberWire Daily
Episode: Deepen Desai: A doctor in computer viruses. [CISO] [Career Notes]
Date: January 18, 2026
Host: N2K Networks
Guest: Deepen Desai, Global CISO at Zscaler

Episode Overview

This episode features Deepen Desai, the global Chief Information Security Officer (CISO) of Zscaler, as he shares his unique career journey from a family of medical doctors to becoming a “doctor” for digital viruses. Desai discusses his early fascination with computers and cybersecurity, key career milestones, the evolution and disruption in the cybersecurity space, and his mentoring philosophy for building successful security teams. He offers advice for aspiring professionals and reflects on what he hopes will be his lasting legacy in cybersecurity.

Key Discussion Points & Insights

Family Roots and Early Inspiration

Upbringing:
- Desai comes from a family of doctors and was initially intrigued by medicine, but his real passion was computers and software development.
First Encounter with Cybersecurity:
- His initial exposure to the security side of technology came from online gaming, where he observed players using cheating tools like aimbots and hacks.
- This sparked his curiosity about how such cheating applications manipulated legitimate processes.

"More than the game, the part that really intrigued me was how those cheating applications were working. What were they doing in the back end?"
— Deepen Desai [02:17]

Education and Early Career

Academic Focus:
- Emphasized software and operating system fundamentals during his master's, cultivating a deep interest in cybersecurity.
First Security Project:
- Created a client able to detect DLL injection and monitor modifications to application behavior.
Career Beginnings:
- Landed an internship at a startup building UTM (Unified Threat Management) appliances.
- Moved on to Dell SonicWall, contributing to cloud and next-gen firewall detection technologies.

"Now you're doing something that you love doing and it's having an influence in protecting thousands of organizations around the globe."
— Deepen Desai [04:40]

Innovation and Disruption at Zscaler

Joining Zscaler:
- Joined in 2014, attracted by the company’s disruptive concept of delivering a comprehensive cloud security platform.
- The platform replaced the need for traditional appliances with an as-a-service model, enabling large-scale protection and rapid evolution of detection strategies.

"Honestly, it's a disruption in the field of cybersecurity where we're able to scale, where we are able to protect organizations globally."
— Deepen Desai [06:02]

Pandemic Impact:
- Highlights how companies using legacy technology struggled during COVID-19, while Zscaler customers adapted quickly and maintained security resiliency.

The “Digital Doctor” Analogy

Family Jokes and Identity:
- Desai laughs about being a “doctor” treating digital viruses, drawing a parallel to his relatives’ work in medicine.

"I always call myself, hey, I am also a doctor. But in the field of treating digital viruses... We are the Internet doctors trying to make sure it's a safe place and protecting the organization."
— Deepen Desai [07:02]

Mentoring and Building Security Teams

Team Structure:
- Advocates splitting security experts' time:
  - ~70% on business needs (malware tracking, creating detections)
  - ~30-35% on self-driven research and skill-building.
- Encourages ongoing learning to stay ahead of evolving threats.

"The way you need to structure their daily routine is 70% of their time may go towards what is needed for the business... 30 to 35% at least, that's the minimum you need to provide time ... to develop their skills, do research, learn about new techniques."
— Deepen Desai [07:32]

Advice to Aspiring Cybersecurity Professionals

Foundations First:
- Emphasizes the importance of strong software development and OS fundamentals.
- Understanding technology at a deep level is crucial for successful security work.

"Unless you know the fundamentals, you will struggle as you try to learn about how the threat actors are trying to abuse the existing technology."
— Deepen Desai [08:16]

Legacy and Lasting Impact

Proud Accomplishments:
- Takes pride in mentoring and developing talent whose careers have flourished.
- Driven by the advancement of detection tech, especially for zero trust and cloud-based security.

"Most of those guys are leading key technologies at many of the major security vendors... That's one area where I would like to be remembered as a mentor."
— Deepen Desai [08:33]

Contributions to Industry Transformation:
- Proud of helping organizations transition away from legacy security architectures, particularly valuable during the pandemic.

Notable Quotes & Memorable Moments

On Early Intrigue with Hacking:

"More than the game, the part that really intrigued me was how those cheating applications were working." — Deepen Desai [02:17]
On Doing Impactful Work:

"Now you're doing something that you love doing and it's having an influence in protecting thousands of organizations around the globe." — Deepen Desai [04:40]
On Disruption:

"Honestly, it's a disruption in the field of cybersecurity where we're able to scale, where we are able to protect organizations globally." — Deepen Desai [06:02]
On Mentoring:

"That's one area where I would like to be remembered as a mentor that helped get them into the field and learn and allow them to pick up some of the newer stuff." — Deepen Desai [08:33]

Timestamps for Important Segments

00:00 — Episode start, brief context
01:20 — Desai’s family background and early fascination with computers
02:17 — Intrigue with online game hacking and technical exploration
04:40 — Early career highlights and moving into industry-impacting roles
06:02 — Disruption at Zscaler and cloud security transformation
07:02 — Digital doctor analogy
07:32 — Team structure and philosophy on research time
08:16 — Core advice for security career aspirants
08:33 — Legacy as a mentor and technology leader

Episode Takeaways

Desai’s journey illustrates how curiosity, strong technical fundamentals, and a focus on innovation can drive impactful careers in cybersecurity.
Mentoring and team development are as valuable to Desai as technical accomplishments.
Cloud-first security disruption continues to shape industry practices, with Zscaler’s evolution serving as a leading example.
For aspiring professionals: Strong foundational skills are key, and ongoing research and learning should be prioritized.

Transcript

Cyberwire Network Host (0:02)

You're listening to the Cyberwire Network, powered by N2K.

ThreatLocker Advertiser (0:11)

Most environments trust far more than they should, and attackers know it. ThreatLocker solves that by enforcing default deny at the point of execution. With ThreatLocker allow listing, you stop unknown executables cold. With ring fencing, you control how trusted applications behave. And with ThreatLocker DAC defense against configurations, you get real assurance that your environment is free of misconfigurations and clear visibility into whether you meet compliance standards. ThreatLocker is the simplest way to enforce zero trust principles without the operational pain. It's powerful protection that gives CISOs real visibility, real control, and real peace of mind. ThreatLocker makes zero trust attainable even for small security teams. See why thousands of organizations choose ThreatLocker to minimize alert fatigue, stop ransomware at the source, and regain control over their environments. Schedule your demo@threatlocker.com N2K today.

Deepen Desai (1:20)

Hello, my name is deepin desai and I am the global ciso at zscaler. So growing up, I mean, I come from a family full of doctors. They're all in the field of medicine. So that, that was an area that intrigued me. But at the same time, I was very fascinated by computers and, you know, developing newer programs, software development. That, that was the, the area of interest for me when I was growing up. It was really interesting the way I ended up of cybersecurity. This is more than 20 years ago. I was introduced to an online game where there were folks literally cheating, right? Terms such as hacking, aimbots, a lot of the features that some of the gamers were using to take advantage, to gain advantage over the competition. And more than the game, the part that really intrigued me was how those cheating applications were working. What were they doing in the back end, right? So that's when I got exposed to Microsoft Windows APIs, things like DLL injection. How was the behavior of a legitimate process being modified to gain advantage? So that was my first exposure in that area. And then as I started getting more deeper into the field of software security, OS security, it's a thing that continues to evolve and there is never a dull day in the field of security, as most cybersecur experts would agree, Right at the master stage, all my coursework was focused on software fundamentals, OS fundamentals, and then with inclination towards cybersecurity. So I created a client that is able to detect any kind of DLL injection, any kind of attempt to modify that legitimate application behavior. So that was the first thing. Then I was able to get an internship At a startup that was building UTM appliances back in the day. And then the next opportunity from there onwards I got to build detection technologies. That was at Dell Sonicwall where I influenced some of the detection technologies on the cloud side, some on the next generation firewall that was introduced. And that really was very, very satisfying because now you're doing something that you love doing and it's having an influence in protecting thousands of organizations around the globe. The most recent stint, and this is eight years old, 2014 is when I joined Zscaler and the concept was very, very disruptive. I mean it was already a fire. We came up with this security cloud platform where the organizations around the world that were struggling to manage those appliances and point products, now we're offering that as a service. The entire security stack is in the cloud and that provided me and my team ability to perform some of the next generation detection technology changes. Honestly, it's a disruption in the field of cybersecurity where we're able to scale, where we are able to protect organizations globally. Even in the in the situation where pandemic hit, most organizations that were using the older technologies were struggling. Whereas if the organizations that were using what we have built, they were excelling and we continue to see more and more adoption as well. When I'm in the group of doctors, which is on the family side, I always call myself, hey, I am also a doctor. But in the field of treating digital viruses, just like you guys treat physical viruses targeting human body, we are the Internet doctors trying to make sure it's a safe place and protecting the organization. There are two important components when you're trying to groom a new security expert. So number one is you need to provide time to train and research. Especially in the field of security research, the way you need to structure their daily routine is 70% of their time may go towards what is needed for the business. Whether it's tracking certain malware family, tracking certain exploits, or developing those detections. 30 to 35% at least, that's the minimum you need to provide time to those folks to develop their skills, do research, learn about new techniques and continue to improve their ability to analyze those new evolving threats. So that's how I always have made sure my team was built and structured in a way that they are enabled to do that research activity and then that in a way also helps them contribute towards that 60 to 70% of the goal where they're trying to protect the customers. For the folks that are aspiring to get into the field of CyberSecurity, my number one recommendation is to have strong fundamentals on software development side as well. Understanding the technologies, whether it's operating system fundamentals or some of the programming languages. Those are some of the things that really helped me as I plunged into this completely different field. Because unless you know the fundamentals, you will struggle as you try to learn about how the threat actors are trying to abuse the existing technology. I'm really proud of two things and that's honestly the areas where I would love to be remembered as well. So number one is, you know there is a significant skill shortage when it comes to the field of cyber security. So every time when I hire someone the team that I build it brings me immense pleasure as I see them progress through their career, them developing newer skills, them picking up newer responsibilities. I still remember my first team that I built 15 years ago. Most of those guys are leading key technologies at many of the major security vendors and some of them are still with me. So that's one area where I would like to be remembered as a mentor that helped get them into the field and learn and allow them to pick up some of the newer stuff. The second piece is the detection technologies especially aimed towards the Zero Trust, the cloud based security where I had some exposure at my previous job. But at Zscaler I spin to the next level. So getting remembered for solving the problem of legacy security architecture and helping thousands of organizations, especially during the time of pandemic, to keep their users secure.