Published on 00/00/0000
Last updated on 00/00/0000
Published on 00/00/0000
Last updated on 00/00/0000
Share
Share
INSIDE OUTSHIFT
9 min read
Share
“Vasudhaiva Kutumbakam” is a Sanskrit phrase that means, “the world is one family.” Ashish Kundu, Head of Cybersecurity Research at Outshift by Cisco, says this sentiment has inspired him throughout his career in security, privacy, and compliance to ask questions and seek solutions to collectively better the lives of others and our world.
Coming from a family of professors and Ph.D.s, he jokes that, “At some point, graduating with a Ph.D. was kind of a requirement as a member of the Kundu family!” But many of the questions he has researched and solutions he has discovered have been burning within him for decades.
Recently named an IEEE Fellow, he says that it’s important we remain committed and hungry to understand important problems and solve them with the best intent in mind – and that working for a company that empowers incubation and collaboration in the way Cisco has done with Outshift only enhances this work. Learn more about what this achievement means to Kundu, his career journey, and how he is inspiring future generations of technologists in this Q&A.
Q: What inspired you to go into data security, privacy, and compliance?
Data is everywhere, and data is essential for any form of computing, including machine learning (ML) and artificial intelligence (AI). Sensitive and valuable data is the primary target of attackers. In one perspective, everything is data, even an executable binary can be treated as data. What fascinated me since I started coding and studying computer science, is how the sensitivity and utility of data changes dynamically with its context.
In 2003 or 2004, I would find myself thinking about the challenges in ensuring data security for web services. I was interested in the security and privacy of data – but also compliance concerns, such as the Health Insurance Portability and Accountability Act (HIPAA) – that really inspired me to dig deeper.
Around this time, I also joined Purdue University and thought studying these challenges might be a good topic for my Ph.D. research as I began to realize the importance cybersecurity would have. It was the beginning of my journey into how to protect data, confidentiality, privacy, and compliance. Today that journey has led me to study and contribute to “security of graphs, and graphs for security.”
Q: Why did you think cybersecurity would become important?
I believed cybersecurity would become crucial because data is pervasive in computing technology – there is so much of it, and a lot of it is highly connected. The sensitivity of data can vary depending on the context – making security, privacy, and compliance complex issues. With regulations like HIPAA and other data privacy laws emerging globally, I saw the increasing need for robust data security measures, especially in cloud systems where a lot of private data is stored, and computations are performed using third-party infrastructure and services.
Q: What excites you the most about your work?
In my area of research, if you look at the end-to-end aspect of the problem, understanding that problem is extremely important – it is 50% or more of the job itself. I enjoy asking those critical questions about the entire lifecycle, from the creation point and identifying weak points in the data’s journey to the moment that data may no longer exist. It is something that has been slowly developing for decades in both academia and industry, and I enjoy thinking through these challenges from a variety of perspectives and where the appropriate changes need to be made to protect us all. Holistic end-to-end data security is still a problem unsolved. And in the current context, the trustworthiness of AI and ML depends on this problem as well.
Q: How has your career evolved since your Ph.D.?
After completing my Ph.D. at Purdue University, I joined the IBM Thomas J. Watson Research Center. There, I was fortunate enough to have contributed to and led the research projects on holistic security, privacy and compliance of data and systems. I also led research and development for several flagship products.
My work has always revolved around understanding the end-to-end aspects of the data lifecycle, data flows and associated questions on security, privacy, and compliance. I've explored various aspects of this field, from encryption and anonymization techniques to the vulnerabilities present when data is decrypted during processing.
My research has led to practical applications and products, including about 70 research publications, 170 patents (with approximately 160 granted), and many awards related to research. I was also named a Master Inventor multiple times by IBM Research for the technical value of my inventions.
Additionally, I was honored to receive the prestigious CERIAS Diamond Award in 2011, which is a recognition by CERIAS, Purdue University for Outstanding Contributions to Cybersecurity in Doctoral Research by a graduating Ph.D. student.
Q: What are some of your career highlights and proud achievements?
My research has been around “security of graphs, and graphs for security” – be it for security of data, security for AI or AI for security, security of systems and code, vulnerability, and threat analysis.
One of my proudest achievements was the work I carried out in my Ph.D. thesis, which focused on developing cryptographic digital signatures for graphs that maintain data authenticity without compromising privacy. This helped verify the authenticity of the graph data without leaking, which has significant impact on privacy and confidentiality – especially for industries like healthcare. I must thank my Ph.D. advisor Professor. Elisa Bertino at Purdue.
Graphs help us capture the relationships between different data points, systems, entities, and identities. Beyond data graphs, graphs can also be used to model security contexts for vulnerability and threat analysis and attack or threat propagation graphs. How can we automatically generate attack graphs using ML, and discover new vulnerabilities, advanced persistent threats (APT), attack paths to crown jewels, and lateral movements? Software supply chain graphs offer a detailed view into the potential risks. This has continued into my work with Cisco Research on graphs and AI together for security.
It is fulfilling to see the solutions we’ve conceptualized and developed helping Panoptica – which is one of the most cutting-edge products out there. I’m proud to have been a part of all this research, with so many great colleagues throughout my career, and to have had an impact on a product as unique and effective as Panoptica. It takes so many of us to come together to contribute to this progress, so it is not just my journey I’m proud of – but collectively the team’s journey.
Q: Can you explain what the IEEE fellowship is and how you achieved it?
The IEEE Fellow is a great honor and privilege from the Institute of Electrical and Electronics Engineers (IEEE) that recognizes individuals who have contributed significantly to the advancement of engineering, science, technology, and society at large.
I never aspired for this or even thought I could be at this level. But one of my professors told me they were going to nominate me for the 2023 fellow process, and while I thought perhaps someone might be a better candidate, I was also truly very grateful for their belief in me and my decades of work.
The process is very long, about a year or more. Back in November 2023, I didn’t even know that it was already announced. My long-time mentor called me and said, “Did you see the news? Congratulations!” I asked why he was congratulating me, and that is when he told me I had been elevated as an IEEE Fellow.
Again, this is truly an honor that I believe took a team to accomplish – I am so grateful to everyone. I have such a wonderful family, mentors, colleagues, and leaders. My current leader, Ramana Kompella, has been very kind to provide me the opportunity and freedom to carry out as well as lead research with great freedom and generate scientific and technical impact – he is a great leader and researcher who has done so much for Cisco Research and Outshift. Of course, there are many other amazing leaders at Outshift like Vijoy Pandey, Papi Menon, and Shubha Pant who have all been wonderfully supportive. I’m very thankful to all of them.
Q: What advice do you have for someone looking to enter the fields of data security, privacy, and compliance, or aspiring to achieve the IEEE fellowship?
The most important thing is to have a continued hunger and thirst for knowledge, giving your best in a committed manner to solving foundational problems and creating an impact. Be an open-minded constructive and collaborative researcher with a goal to push the boundaries of knowledge and bring research to help progress this world for a better future.
Recognition and opportunities to give back will come as you make life easier for others through technological innovation. This may take time, but never look at what the next month or quarter will bring – but what this contribution will mean in the long term. Gratefulness is a key to learning, growing, and contributing as a researcher and an engineer!
Ethics are also crucial in our field, and we must ensure our knowledge is used for the betterment of society and not misused. Training will be a big help here. There is great power in this field, but that comes with great responsibility, and we should be very careful in how we approach this as fairly, safely, and ethically as we possibly can.
Q: What do you enjoy most about working at Outshift and Cisco Research?
At Outshift and Cisco Research, I appreciate the freedom to lead cybersecurity research and the ability to translate that research into impactful products that can be brought to market. This is truly one of the best places I have ever worked and an incubation engine like Outshift doesn’t quite exist anywhere else. Because of this,I am always looking for ways I can give back to Outshift and Cisco with my new ideas, every day.
The collaborative environment we have here allows for forward-thinking and the opportunity to think years ahead with an extensive academic focus. It's a unique place that values intellectual freedom, responsibility, and ethics while creating an inclusive future for all.
Search for open positions and join visionaries like Ashish Kundu, who secure the future and learn more about how Cisco Research is advancing the field of cybersecurity.
Get emerging insights on innovative technology straight to your inbox.
Discover how AI assistants can revolutionize your business, from automating routine tasks and improving employee productivity to delivering personalized customer experiences and bridging the AI skills gap.
The Shift is Outshift’s exclusive newsletter.
The latest news and updates on cloud native modern applications, application security, generative AI, quantum computing, and other groundbreaking innovations shaping the future of technology.