We recently caught up with Sachin Bansal, General Counsel at SecurityScorecard, a global cybersecurity firm. In his down-time he is also a stand-up comedian. Prior to joining SecurityScorecard, Sachin was Director and Senior Counsel at RBC.
Sachin discusses his career path as a lawyer and a stand-up comedian, how he balances the two roles and the impact working remotely has had on cybersecurity.
How did the opportunity to join SecurityScorecard as General Counsel come about, and what attracted you to the role?
Several years ago, I had an epiphany: The "lawyer of tomorrow" (cheesy, I know) needed skill sets in cybersecurity, data privacy and intellectual property. And as a litigator, I wasn't getting these and started to feel like I was a dime a dozen. I also observed more and more non-tech companies positioning themselves as tech companies. That's when it became clear to me that I needed to jump into tech.
I came to SecurityScorecard because I have always been interested in our core product offering, which is rating an entity's cyber health from the outside-in. I promised myself I would only work for a company whose product I believed in, and that's why I turned down other opportunities where I wasn't particularly excited about the product.
Focusing on cybersecurity, what are the most significant challenges that in-house lawyers are likely to face over the next few years?
The biggest challenge remains the same, the in-house legal department must effectively partner with the Chief Information Security Officer (CISO), or if an organization doesn't have a CISO, then the head of IT or Chief Information Officer. Cybersecurity starts in the IT department, but the more forward-leaning organizations properly view cybersecurity as a business enterprise risk, not an IT issue. Thus, cybersecurity should be viewed as a "team sport" where various stakeholders holistically leverage their expertise, which makes a cybersecurity program that much more robust. For example, the legal department should review cyber-related disclosures, pressure test the incident response plan, and if applicable, interface with government authorities who are increasingly focused on cybersecurity.
How has your prior experience working at various law firms and then at RBC been valuable in your current role?
There's no way I could do my current job without my prior experience, both at law firms and in-house. I learned to deal with difficult people, write for different audiences (particularly non-legal readers) and synthesize a large amount of complex information to make quick decisions. Ultimately, I learned to exercise better business judgment and become a more effective business partner.
With regard to cybersecurity, what are the most significant developments you would highlight?
The severity and frequency of cyber attacks, whether in the form of ransomware or data breaches, has finally made cybersecurity a board-level priority. The key issue for boards is how to thoughtfully and proactively combat cybersecurity risk. One way is for boards to use cybersecurity risk metrics, such as security ratings, to quantitatively understand their own company's cyber health, but also the cyber posture of critical service providers. And while boards are increasingly looking for a "cyber expert," all board members should be engaged on cyber issues at a basic level. Organizations such as the National Association of Corporate Directors have done a tremendous job of facilitating that.
How has remote work increased the risks of cyber threats and how do you reduce these risks?
The drastic increase in employees working remotely means home networks have been merged with corporate networks, the latter of which are stronger and have more controls. Mitigation measures include strong VPN policies that enforce having updated operating system and browser requirements (Windows XP and Windows 7 shouldn't be allowed since they don't intake security updates anymore), having full encryption on devices (in case of theft or loss of devices which contain corporate data), and anti-virus software with the latest updates and definitions.
Not only are you a GC, you are also a stand-up comedian. Please tell us how this came about and how do you juggle being a lawyer and a stand-up comedian? Are those two roles as different as they seem to the outside observer? When and where can we see you perform?
Nearly 10 years ago, I was going through a difficult and dark time in my life and, on a whim, I enrolled in the Comedy Cellar's introductory workshop, which included two performances on the Comedy Cellar's famed stage. I was immediately hooked – I took the intermediate and advanced workshops and thereafter began performing at least once a week on stages (and bars) across New York City. I am thankful to family and friends who supported me and came to my performances; most of my early ones were fair to poor. Juggling a demanding career as an attorney has not been easy, but it has been extremely rewarding. Doing both has made me a better writer, quicker on my feet, and, of course, just a little bit funnier than I used to be. Humor is a powerful weapon that I've used to defuse tense situations and quickly break the ice.
I can be seen on the upstairs patio of Three Monkeys (in the Hell’s Kitchen neighborhood of NYC) under an outdoor tent. The lineup is always far more talented than me, and the venue serves excellent food and beverages like smoky old fashioneds and avocado toast! For tickets, please visit eventbrite.com
Was there an individual at Davis Polk who played an especially important mentoring role during your time at the firm?
The late Denny Lewis was my advanced civil procedure professor at Duke Law, and I marveled at his storied career as a civil litigator and pro bono advocate. Denny introduced me to many folks at Davis Polk, including the late Jack Cooney who was my assigned partner mentor as a precocious 2L summer associate. Many of us can never forget being part of Jack (and Michael Simes’s) team that travelled the world for a global FCPA anti-bribery investigation. We worked hard, had fun and learned a lot. I soon followed Jack out of Davis Polk to help launch a white collar practice (focused on representing individuals) at McKool Smith, which had just opened a New York office. Jack remains the most influential mentor I have ever had in my career, teaching me not only about the law, but about life.
Tell us about your typical Saturday or Sunday.
I wish I had something exciting to report here! I do make it a point to unplug on Saturday, including from my phone – so I generally won't even answer text messages, let alone email. On Sundays, I've tried to convince myself to let loose and watch football games like most guys I know, but the nerd inside of me isn't happy unless I plug away. Recently I've made a habit of creating a weekly priority list which my executive coach David Nour taught me: I bucket items by Serious (most important), Urgent (will become serious), and Growth (nice-to-haves), which he calls a "SUG" (Serious, Urgent, Growth) list. This method is particularly helpful for those days when dinnertime rolls around and you think to yourself "I didn't accomplish anything today." The SUG list is the counter to that.