Bengaluru, 8th September 2025: Cybersecurity today isn’t just about stopping attacks, it’s about transforming risk into resilience and enabling trust through strategy. True impact comes when leaders look beyond checklists, shaping culture, foresight, and communication to safeguard what matters most.
In this conversation, Mr. Marquis Fernandes (Director – India Business, Quantic India) engages with Mr. Amit Subhanje, Cybersecurity Leader at RTX, who shares how combining ISO/IEC 27001 with COBIT 5 builds resilience into enterprise DNA. He reflects on the importance of cultivating a security-first culture, guiding young professionals from technical roles to strategic leadership, and aligning cybersecurity goals with business outcomes. His journey underscores how cybersecurity is not just defense, but a catalyst for trust and long-term resilience.
Q. Which framework or combination has yielded the most tangible impact in real-world cybersecurity resilience, and why?
From a strategic perspective, the integration of ISO/IEC 27001 with COBIT 5 has delivered the most significant and sustainable impact. ISO 27001 establishes a rigorous, risk-based information security management foundation, while COBIT 5 seamlessly aligns cybersecurity initiatives with enterprise governance and overarching business objectives. This synergy ensures that cybersecurity is not treated in isolation but embedded deeply within the organization’s risk appetite and strategic vision – driving measurable resilience and operational continuity.
Q. As a leader who builds security culture, how do you ensure security awareness programs move beyond check-the-box exercises to become ingrained in an organization’s DNA?
Cultivating a security-first culture starts at the executive level and permeates throughout the organization. I emphasize continuous behavioural reinforcement, strong executive sponsorship, and the alignment of security goals with business incentives. By making security a shared responsibility and visibly recognizing and rewarding secure behaviours, we transform awareness programs into proactive, everyday habits – turning employees into vigilant defenders of our enterprise’s digital assets.
Q. What’s your advice to young cybersecurity aspirants trying to transition from a technical role to a strategic leadership position?
To successfully navigate the path from technical expert to strategic leader, it’s essential to develop both deep technical expertise and strong business acumen. Understanding how cybersecurity supports and enables business goals is critical. Equally important is cultivating communication and stakeholder engagement skills – the ability to translate complex technical risks into clear, strategic business insights is what sets leaders apart. Above all, approach leadership with empathy, curiosity, and a vision for long-term impact.
Q. If you could have one fictional superpower to protect the digital world, what would it be and how would you use it?
I would choose “Precognition” – the ability to foresee and anticipate cyber threats before they manifest. This proactive foresight would empower organizations to pre-emptively neutralize risks, shifting cybersecurity from reactive defence to strategic anticipation, ultimately safeguarding critical assets more effectively.
Q. What was your very first role in this industry and how do you feel about it now?
My first role was as an IT Internal Auditor, which laid a strong foundation in risk assessment and control frameworks. Reflecting on it today, that experience was invaluable – it shaped my holistic approach to cybersecurity, viewing it not only as a technical discipline but as a strategic enabler of business resilience and trust.
Q. What’s your secret ritual before starting a big project or presentation?
Before embarking on any major project or presentation, I take a moment to align my objectives with the organization’s broader business goals. Clarifying the “why” and the expected outcomes sharpens my focus and messaging, enabling me to connect effectively with diverse audiences – from technical teams to executive leaders – and deliver meaningful impact.
Mr. Amit Subhanje’s perspective showcases that the future of cybersecurity leadership lies in bridging technical rigor with strategic foresight. His journey underlines that true resilience is built not only on frameworks, but on culture, adaptability, and the ability to translate security into lasting business value. In a world where disruption is constant, his message is clear, cybersecurity is no longer just about protection, it is about enabling trust and empowering enterprises to grow with confidence.
