Chief Information Security Officer at Headspace Health
Chief Information Security Officer for Headspace Health, Puneet Thapliyal is a seasoned cyber security and networking executive who is responsible for the business’ overall product and IT security as well as member data privacy.
With an undergraduate degree in Computer Science from HBTI, Kanpur, Thapliyal came to the United States in 1999 to study for his Master’s degree in Computer Science from Rensselaer (RPI) in New York.
“My first job out of college was at Oracle, here in Silicon Valley, and then Yahoo, and those were great experiences,” he says. “Along the way, I picked up this passion towards cybersecurity, and re-educated myself in this field.
“Cybersecurity is one of those rare domains where you have to be on your toes all the time. You have to constantly be in a learning mode because the attackers are not sitting still. They're evolving, and we need to be always catching up,” Thapliyal adds. “That's an education challenge that I really like, and that adds to my underlying computer science background as well.”
In 2013, Thapliyal co-founded Trusted Passage, which was one of the first companies to be building what is now called ZTNA, or Zero Trust Network Access solutions.
“2013 was a little early to be building out that solution,” he says. “The industry was not ready, it required a mind shift change in the technology leadership, and companies to say, okay, there's a new way of doing access controls or access provisioning for your company.
“In the past decade, thankfully, driven by other parallel initiatives such as Google's Beyond Corp initiative and cloud security alliances, software-defined perimeter initiatives, the market has turned a corner and everyone realises the benefits of building these zero trust architectures, which is a highly popular term inside cybersecurity at the moment,” Thapliyal adds. “Trusted Passage was building that solution. It was a great experience to build something out of nothing and take it to the market to learn all the mechanics of building a company and truly cherish that experience.”
In 2016, Thapliyal joined digital health startup Ginger. “I wanted to be part of a company that has a large impact on the world, and I got introduced to Ginger in 2016,” he says. “When I talked to the founding team, I was very impressed by the vision they had of solving mental healthcare for the whole world. I wanted to be part of the journey, and that was how I got into digital healthcare.
With Ginger merging with Headspace in 2021 to create Headspace Health, as CISO Thapliyal is well aware of the importance of cyber and data security.
“I think the biggest challenge at the moment is what we call the malicious insider problem,” he describes. “Whether we have enough controls inside the company to prevent the peeking and poking of healthcare data is important already, but that will become really important if we have what I call the future celebrity scenario. Let's say a highly popular celebrity publicly starts talking about getting therapy services from Headspace Health. Do we have enough controls inside to prevent people from reaching that patient's data? That's a very futuristic scenario, but we are investing a lot in building the right level of controls and audit capabilities to prevent that.
“The second biggest challenge is too many third parties. So we are a SaaS-first company. We operate in a very heterogeneous environment, where we interact with a lot of third parties on a day-to-day basis. That's a risk that any of them being hacked means our data is breached. That's the second challenge where we want to make sure, like we have a very mature TPRM programme, a continuous security assessment programme. So that's a huge challenge for my role at the moment.
“I'm a technology cybersecurity person at heart, and so that's what I enjoy a lot. If we can use those skills which I bring to the table, to solve a very challenging problem, which is about the data security of mental healthcare data privacy, then that excites me even more. The combination of two results in delivering highly trustworthy service to our members, that's also very motivating to me.”
Read the full story HERE.
Concentrating on continuing to reduce future morbidity and mortality, and really giving people healthy life years, remains our key strategic focus.