Zooming in on fraud

Where creative passions and work-life come together:
Talking with RELX Cybersecurity expert and photographeR
Robin Sundaram

Don’t you find it fascinating and surprising when you learn what your colleagues do in their spare time? But have you ever wondered why they do what they do and that maybe when you think about it, it isn’t curious at all – in fact, it explains everything?

And, so it was when I leaned in that I found out our very own Robin Sundaram is not only a cybersecurity expert but also a keen amateur photographer. Listening to him talk about his twin passions made me realise that it all made sense. While they might seem at first glance unrelated, that couldn’t be further from the truth.

Robin Sundaram is the Head of Information Assurance & Data Protection for RELX. He and his divisional Chief Information Security Officer (CISO) colleagues work together to protect RELX from millions of cyber-attacks annually. But in his free time, Robin enjoys photography and in this article we explore the parallels and divergences between cybersecurity and photography and how this creative outlet helps him at work and in life. He also shared with us some of his incredible work for us all to enjoy on World Photography Day on 19 August.

Monument Valley, Arizona

Churchill, Manitoba - Canada

Maple Pass Loop - North Cascades National Park, Washington State

Lincoln Memorial - Washington, DC

Monument Valley, Arizona

Churchill, Manitoba - Canada

Maple Pass Loop - North Cascades National Park, Washington State

Lincoln Memorial - Washington, DC

Let's start at the beginning. Robin was born and raised in Bengaluru, India. "I was the third of four boys, with very liberal but not very rich parents, so we were always told that education was everything. I moved to the US for graduate school in computer science. I always thought I would get a PhD and teach in India, but it wasn’t meant to be," recalls Robin.

After graduate school Robin spent seven years helping build a cybersecurity programme at a leading oil services company. He then moved to Atlanta in the US to help build ChoicePoint’s cybersecurity programme. A few years later ChoicePoint was acquired by RELX and, as they say, the rest is history.

As the Head of Information Assurance and Data Protection for RELX, Robin and his fellow divisional CISOs manage our cybersecurity programme to protect us from attacks on our networks, systems and databases.

"Our cybersecurity programme consists of five pillars. First we identify our assets and our risks by defining appropriate roles and responsibilities and clarifying our governance mechanisms. Simply put, this is the foundation of our programme."

"Next, we protect our systems, services and data against threats using anti-virus, phishing protection, firewalls and multi-factor authentication systems. Then we implement monitoring of our environment to quickly detect harmful activity. Our trained staff respond quickly to real and potential attacks and ensure that minimal harm is done to RELX. Finally, following a security incident, we recover swiftly and securely so that our business can carry on with little interruption."

"To do this, we have dedicated cybersecurity teams, but we rely on all our employees to be part of our virtual team," adds Robin. "From our developers who create secure applications; to our customer support colleagues who authenticate customers; to our finance teams who pay vendors; and all our users who receive emails, surf the web and interact with customers – we all help keep RELX secure."

"Our teams across RELX monitor billions of log entries every month and prevent thousands of attacks each day. In any given month, we block approximately 43 million unwanted emails, including 4.5 million phishing emails."

Robin's background in computer science seemed to lead naturally to a career in cybersecurity. When delving into how he acquired his photography hobby, I discovered that he fell into it completely by accident.

"My brother had got into photography in India and his pictures are amazing. I thought, 'Heck, surely I can do that too, let’s buy a good camera and get on with it.' Although I wasn't very good when I started out, the first good picture I took changed everything. It sparked a passion that continues to this day."

You wouldn't normally connect cybersecurity and photography but I uncovered that there are more parallels between the two than you might imagine.

"I see both parallels and divergences between photography and cybersecurity," says Robin. "Both fields are three-pronged, meaning that there are elements of technology such as cameras and firewalls, people such as the photographer and security engineers and finally process such as composition and operations, that are combined to get the best possible outcome. Both photography and cybersecurity do better when you plan first and execute second. And both do best when you choose a different perspective such as shooting at subject level or performing a network penetration test."

However, there are elements of photography that do not overlap so well with cybersecurity, such as the repercussions of the trial and error process.

"With digital photography, you can make a ton of mistakes and not be penalised for them – I take a thousand photos for every one that is publishable. I delete tons of photos that I take, because I shook my hand or there was a gust of wind or a stray airplane," says Robin. "With cybersecurity, mistakes matter. They aren’t fatal but you have to plan and implement processes that are mistake-resistant and also plan on what to do when the inevitable mistakes do occur."

Photography is all about seeing things from a different perspective. When speaking to Robin I inquired about what perspectives we're missing when it comes to the security of our data and information.

"There’s a reason why there are so many cybersecurity incidents these days. There’s a fair bit of human error, but often it’s just that perspective doesn’t match reality and businesses don’t plan for failure," says Robin.

He offered a few examples:

Denial

People assume their data isn’t important or won’t be targeted.

Luck

People assume that things will go perfectly.

Hope

People hope that good times will continue and a security incident won’t cause much damage.

"The cybersecurity leader or employee who relies on any of these three prongs in their cybersecurity programme just has the wrong perspective. Changing your perspective to 'we are a target, things will go wrong, we will have a security incident', and planning for that scenario is what distinguishes a successful programme from a failure," notes Robin.

Grand Canal - Venice, Italy

Mobius Arch - Alabama Hills, California

Ad Deir Monastery - Petra, Jordan

Grand Canal - Venice, Italy

Mobius Arch - Alabama Hills, California

Ad Deir Monastery - Petra, Jordan

We've found that hobbies and external pursuits can inform our work lives in unexpected ways. Robin reflected on how he could apply the lessons he's learned from photography to his career at RELX.

"It has taken me over ten years to get any good at photography. Photography, like career management, is all about doing the right things in the right order. Plan what you want to do. Get the right equipment. Learn from experts. Work hard. Expect missteps along the way. Keep your focus in the good times and bad. If you are entering the workplace, or if you’ve been in it for a while, these six lessons from photography can be applied to advance your career."

Robin mentioned that “thinking before you click” is a primary strategy for individuals and organisations to stay safe online. We imagine that this would be a good strategy for capturing the best photos as well.

"There is a definite parallel between photography and phish protection," notes Robin. "Preparation is everything in photography. The right equipment, the right weather, the right location, the right composition. I spend far more time visualising a shot from different angles and perspectives than I do actually clicking. My picture of the Milky Way involved looking at the weather patterns in April in eastern California; understanding when the Milky Way core is visible; matching it against New Moon nights; planning for wind conditions; understanding the locations of light pollution from towns as far away as 100 miles; and finally planning the hike out in pitch dark to the location itself. Once there? Setup, point, and start shooting. It’s the same with clicking on links in an email, isn’t it? If you spend a moment thinking about the email coming to you such as the sender, the message, the triggers, you’ll save yourself pain on the click if it's a bad one."

Creative outlets can alleviate much stress at work and in life. I learned from Robin that an outlet like photography can bring you to exciting new places and can impact those around you in meaningful ways.

"My travel and photography complete me. A few weeks ago, someone messaged me. She’s going through chronic medical issues and said she loved a picture I took. I shipped her a print of it and it made her day. A couple of months ago, a colleague said, 'my daughter loves your Milky Way picture so much, she sings Twinkle Twinkle Little Star every time she sees it. I shipped him a print too and made her day. Sharing my passion with colleagues and friends invigorates me and brings me back to work fresh and motivated. It couldn’t be a better outlet."

If you're interested in getting into photography, Robin has shared some tips on how to get started and the best ways to approach it.

"It’s so much easier now to take up photography than it was when I started. My top tips would be to not worry about equipment initially. Buy a cheap camera or even use the newer smartphones, they do a fantastic job. Start locally, take photos at markets, lakes, or city centers. I shoot mostly landscape, but human-interest photos are easier and accessible to all. And do it often – plan to do something photography related every week. Use the internet and learn from others. 99 percent of all I’ve learned is by Googling for things. And finally, shoot for the love of photography, not for Likes on Facebook or Instagram. Don’t get me wrong, I love it when people appreciate my pictures, but I’d also be fine if no-one else ever saw my photos."

If you enjoyed Robin's photography and want to see more of it, be sure to follow his photography account on LinkedIn.

Item 1 of 4