Q1. Could you briefly outline how your role and responsibilities have evolved over your career — especially around building offshore delivery centres, managed security services, and global-scale remote infrastructure operations?

After more than 20 years in this field, my work has shifted a lot—from technical deep dives to leading strategy and scaling global infrastructure. I'll walk you through how my role has changed in three main areas:

Building Offshore Delivery Centres (ODCs)

At first, I was all about day-to-day operations. Pretty soon, though, I started building and scaling these centers from scratch.

• From Execution to Strategy: I stopped just managing tasks and started setting the entire vision for ODCs. Instead of just chasing cost savings, I built centers of excellence—places that deliver real technical expertise for clients all over the world.
• Quality Governance: I brought in standardized frameworks—think PMP, Agile—to make sure offshore teams aren’t just extra hands. They’re a real extension of the main business, fully in sync with global quality and compliance standards.

Managed Security Services (MSS)

My security work started with hands-on vulnerability assessments and auditing. Now, I design security architecture for whole organizations.

• Security Architecture: I went from analyst to architect, focusing on big-picture strategy. I roll out Zero Trust models and SASE (Secure Access Service Edge) to protect businesses that don’t have a traditional perimeter anymore.
• Proactive GRC: I handle the full range of Governance, Risk, and Compliance. I lead the charge to make sure our security isn’t simply reactive. It’s built on international standards like ISO 27001 and ISO 22301, so business keeps running smoothly across borders.

Global-Scale Remote Infrastructure Operations

I used to manage servers in one place. Now, I’m leading multi-cloud transformations for Fortune 500 companies.

• Orchestrating Transformation: These days, I run large migrations—from old data centers to public and private clouds (AWS, Azure, GCP). That means I have to think globally about resources and infrastructure life cycles.
• Automation & Scalability: To keep up with global operations, I focus on Infrastructure as Code (IaC) and automation. Tools like Ansible and Terraform let us manage massive, remote infrastructure precisely and almost no manual work.

That's how my roles and duties have grown—more strategy, bigger scale, and a stronger focus on building things that last.

 

Q2. With cloud-first and hybrid-cloud adoption accelerating globally in 2025, what are the most common security and operational pitfalls you see in migrating traditional managed-services offerings to cloud-based MSS models?

By 2025, moving away from old-school Managed Security Services (MSS) and switching to cloud-native and hybrid models isn’t just some passing trend. It’s something organizations must do to keep up. But honestly, this shift isn’t easy. The biggest problems come from people trying to force their old ways of thinking onto a world that’s completely changed.

Here’s what I see going wrong most often:

Security Pitfalls: Still Chasing the “Perimeter”

• Misconfiguration & Identity Sprawl: In the old days, we worried about “hard shells”—firewalls and perimeters. Now, in the cloud, identity is the perimeter. It’s easy to mess this up. I’ve seen way too many overly broad IAM (Identity and Access Management) roles or “shadow IT” projects where departments launch new cloud resources without letting security in on it.
• Shared Responsibility Mix-Ups: A lot of people think, “Well, my Cloud Service Provider (CSP) handles security, so I don’t have to worry.” Not true. The CSP handles security of the cloud; you’re on the hook for security in the cloud. Miss that handshake, and you end up with unpatched vulnerabilities and open storage buckets just waiting to be found.
• API Weaknesses: Cloud-based MSS leans hard on APIs for everything—automation, integration, the works. I keep seeing weak points here: bad authentication, no rate limits. That’s just begging attackers to walk right in.

Operational Pitfalls: “Lift and Shift” Tunnel Vision

• Cost Surprises (FinOps Gap): Shifting your old MSS over to the cloud brings sticker shock. Standard frameworks had steady, predictable costs. In the cloud, you pay for what you use, and that bill can balloon fast. Without FinOps—bringing financial discipline to cloud spending—people get blindsided by runaway costs.
• Blind Spots in Hybrid Monitoring: The scariest thing? Not really seeing what’s happening. Businesses running both on-premises and cloud often end up with patchwork tools. If your SOC (Security Operations Center) can’t track movement between your data center and, say, AWS or Azure, you’ve got a blind spot. Attackers love those.
• Skills Gap & Alert Overload: The cloud spits out a mountain of logs and alerts. Most legacy teams just can’t keep up. Without some kind AI-powered SOAR (Security Orchestration, Automation, and Response) to help manage the flood, your team gets buried—missing the real threats buried in all that noise.

Strategic Blunders: Forgetting Why You’re Moving

The biggest mistake? Treating cloud migration like it’s simply a technical upgrade, not a full-on business transformation.

• No Exit Plan: Leaning too much on one cloud provider’s tools without thinking about how to get your data out can trap you. You end up stuck—vendor lock-in—making it a nightmare to switch providers or go multi-cloud if your business changes in 2026 or later.

In the end, cloud isn’t just different tech. It’s a new way of thinking, planning, and running security and operations. Miss that, and you’re just dragging old problems into a new world.

 

Q3. Given how cloud-targeted attacks and identity-based intrusions are surging, which layers (IAM, configuration management, endpoint security, monitoring) do you believe deserve the most attention when designing a modern MSS offering?

By 2025, the security game has completely changed. That old idea of a secure “perimeter” is gone—now, attackers go straight for identities, and misconfigurations are their favourite way in.

If I had to build a solid Managed Security Services (MSS) offering right now, here’s how I’d stack my priorities:

Identity & Access Management (IAM): The New Front Line

This is where you win or lose. Attacks that target identities—think token theft, weird login patterns like “impossible travel”—are everywhere.

MFA isn’t enough anymore. We need Adaptive Authentication that pays attention to things like whether the device’s healthy, if someone’s logging in from across the world in ten minutes, or if their behaviour suddenly changes.

Entitlement Management (CIEM) matters, too. You need to see all those “shadow” permissions—service accounts or users with way more access than they really need. Over-privileged accounts are just accidents waiting to happen.

Configuration Management: Fixing People Problems

Most cloud breaches don’t come from fancy hacks. They come from someone messing up a setting—like leaving an S3 bucket open or letting a security group stay exposed.

Continuous Posture Management (CSPM) is mandatory. It catches real-time “configuration drift”—when someone makes a change outside the usual process and accidentally opens a door.

And don’t forget Infrastructure as Code (IaC) scanning. You’ve got to catch security issues in the code, before anything even gets built.

Monitoring & Detection: Smarter, Not Louder

Old-school monitoring just throws alerts when something happens—and you drown in noise.

Identity Threat Detection & Response (ITDR) is smarter. It watches what users do after they log in. Are they suddenly pulling huge data snapshots, or hitting strange APIs from outside the country?

Unified Visibility connects everything together. MSS needs to connect cloud-native logs like CloudTrail and GuardDuty with on-prem telemetry, so attackers can’t sneak around inside your environment.

Endpoint Security: The Cloud’s Weakest Link

Even if you’re all-in on cloud, the devices your team uses are still a big risk.

That’s why you need Endpoint Security plugged into an Extended Detection and Response (XDR) strategy. If a developer’s laptop gets hit by an infostealer, your MSS should instantly kill their cloud session tokens, no hesitation.

My Take on Where to Focus

If you’re building MSS right now, put 60% of your effort into IAM and Configuration Management. These two layers cut down your attack surface the most. Use the other 40% for beefed-up Monitoring (ITDR), so you can catch the sneaky threats that get overlooked.

 

Q4. Emerging frameworks like Continuous Threat/Exposure Management (CTEM/CEM) and Zero-Trust Architecture are gaining traction. From a managed-services provider’s lens, how practical are these to implement while still offering cost-effective services to mid-sized or offshore clients?

In my view, Zero-Trust Architecture (ZTA) and Continuous Threat Exposure Management (CTEM) as absolute essentials—not just for giant corporations, but especially for mid-sized and offshore clients. These folks don’t have big security teams or endless budgets, so old-school, all-encompassing defences just don’t work for them.

Here’s the thing: You don’t need to fix everything. You fix what matters.

Zero-Trust doesn’t mean ripping out all your hardware and starting from scratch. That’s the biggest fear I hear from mid-sized clients. In reality, ZTA is more of a mindset—you can build it up, step by step.

If you shift the focus from expensive firewalls and VPNs (the network layer) to identity and application layers—think Cloud-native IAM and SSO—you spend less on hardware. So yes, you save money.

For offshore delivery centers, ZTA is a game changer. Instead of trusting a whole branch office network, we zero in on securing each user’s connection. That means people can work from anywhere, and you don’t need to drop cash on top-of-the-line branch office security gear.

Now, let’s talk about CTEM. Traditional vulnerability management? It’s endless busywork. Scanners spit out 10,000 bugs, and the team barely has time to patch 100. CTEM gets rid of that chaos by focusing on what’s actually exploitable.

With CTEM, we don’t scare clients by throwing a scary number of “Critical” vulnerabilities at them, just because a generic score says so. Instead, we point out the handful that really matter—the ones that could actually lead to a breach of their most important assets.

For my offshore teams, this is huge. My engineers aren’t wasting time patching low-risk stuff. We put their effort where it counts—on exposures we know are real threats. It keeps our costs down, and clients end up a lot safer.

Optimizing Budget vs. Security for the Mid-Market

To optimize spending and security for the mid-market, I focus on a strategy that moves away from the "buy everything" approach toward one cantered on high-impact, risk-based prioritization. Through employing automation and AI-powered tools for breach simulation, I can replace frequent, expensive manual penetration tests with continuous, cost-effective validation. I advocate for a phased adoption model—starting with fundamental Zero-Trust pillars like identity management and MFA—which secures the most common attack vectors without requiring a massive upfront capital investment. Furthermore, by utilizing a Global Shared SOC model, I provide these clients access to elite security architects and sophisticated tooling that would otherwise be out of reach, effectively delivering enterprise-grade protection at a mid-market price point.

My view

In 2025, the "cost" of not implementing these frameworks is far higher than the implementation itself. A single ransomware breach can bankrupt a mid-sized firm. By using ZTA and CTEM, I am essentially offering them "Enterprise-grade security on a mid-market budget" by being smarter about where we spend our technical effort.

 

Q5. As someone who has evaluated 20+ remote-management tools and built service models, what criteria do you prioritize to trade-off between security robustness, tool-chain complexity, scalability and cost when recommending solutions to clients?

After digging through more than 20 RMM (Remote Monitoring and Management) tools, one thing stands out: the “best” tool isn’t the one stacked with the most features. It’s the one that actually fits into a client’s daily operation without opening up new security gaps.
When I give advice, I break things down across four main areas:

Security: Zero Trust or Bust 

By 2025, I won’t even consider any tool that doesn’t support Zero Trust right out of the box.

• MFA and Identity: The tool has to connect directly with whatever Identity Provider the client uses—like Azure AD/Entra ID or Okta. If someone gets their account disabled, their access to the management tool needs to vanish immediately.
• Audit Trails: I want real, unchangeable logs. Every remote session, every command—recorded and locked so no one can quietly edit their mistakes. This isn’t just about compliance; it’s about understanding what happened when things go sideways.

Simplicity: One Dashboard, Not Five 
Too many companies get stuck with “tool sprawl”—bouncing between five apps just to fix one issue.

• All-in-One: I look for platforms that bring RMM, PSA, and security (EDR/XDR) into a single window.
• Automation: The scripting engine needs to be powerful yet simple. I should be able to write a script once and roll it out to thousands of devices with a click. If it’s complicated or locked behind weird proprietary stuff, it just slows us down when every second counts.

Scalability: Grow Without the Pain 

For clients with global teams or offshore sites, the system must scale up without piling on manual work.

• Multi-Tenancy: This is absolutely essential for MSSPs. We have to manage dozens of clients from one console, but their data and networks need to stay completely separate.
• Global Reach: I always check where the management servers live. If I’m trying to fix a site in Singapore from a server in London, lag can make remote troubleshooting a nightmare.

Cost: Look Past the Sticker Price 

I always focus on the true Total Cost of Ownership, not just the price tag.

• Per-Tech vs. Per-Endpoint: For mid-sized clients, charging per technician usually saves money compared to per-endpoint pricing. They can add more devices without watching their security bill explode.
• Hidden Costs: Sometimes a “cheap” tool costs more because you need two engineers just to keep it running. I’d rather pay for a well-built, automated platform that takes care of itself.

In the end, it’s never just about features. It’s about how the tool fits into actual work—securely, simply, and without blowing up the budget.

 

Q6. With the global shortage of skilled cybersecurity professionals (especially for cloud, SOC and MDR roles), how should MSS providers and offshore-delivery centres adapt — in terms of automation, processes, training or business model — to maintain quality while scaling?

The global talent shortage is hitting hard—by 2025, we’re looking at more than 4.8 million open jobs. To keep up, MSSPs and offshore delivery centers can’t just throw more people at the problem. It’s time to shift gears from labour-heavy models to something smarter: automation-first, skill-focused teams.
Here’s how I’d tackle this, based on what I’ve seen work across four main areas:

Automation: Bringing in AI SOC and SOAR

Let’s be honest analysts shouldn’t waste their time on endless, repetitive tasks. With AI-driven SOC co-pilots, you can slash alert triage times by 90%. I always look for tools that can tell the difference between background noise and real threats on their own. That way, analysts only spend about 6–10% of their time chasing false positives.

For containment, we need to stop relying on someone being awake across the world to act. Modern playbooks should automatically isolate infected endpoints or lock down compromised accounts the moment they spot trouble—no more waiting around for manual intervention.

Processes: Moving to CTEM and DevSecOps

Old-school, reactive monitoring just eats up headcount. With Continuous Threat Exposure Management (CTEM), the focus shifts. Instead of patching everything, you zero in on the few attack paths that really matter. Suddenly, a smaller team can make a much bigger impact.

And when you treat security as code—building checks right into the CI/CD pipeline—you catch misconfigurations before they ever hit the cloud. That takes a huge load off the SOC later.

Training: Building Specialists, Not Generalists

The days when you could get by with “Level 1” log readers are gone. Now, teams need cloud security architects and threat hunters. I push for targeted certifications—stuff like ISC2 Cloud Security Architecture or focused AI security certs—instead of broad, generic degrees.

Upskilling the people you already have works better and costs less than trying to find that mythical “unicorn” hire. For example, you can teach a network engineer cloud security faster than you can find someone new. I put a lot of emphasis on “prompt engineering” for security, showing analysts how to use LLMs to dig through code and logs more efficiently.

Business Model: Shifting to Value Over Headcount

The old FTE pricing model is fading fast—it punishes efficiency. I recommend outcome-based pricing instead. Clients pay for results, like how quickly you contain threats, not for how many people you have sitting at desks. This pushes providers to automate and deliver real value.

And finally, a hybrid-shore approach works best. Offshore teams handle the nuts and bolts—engineering, automation, all the heavy lifting. Meanwhile, a small, highly skilled nearshore or onshore group focuses on strategy and building solid client partnerships.

That’s how you get ahead of the talent crunch and deliver better security.

 

Q7. If you were advising investors or board-level stakeholders on where to place bets in managed-security and remote-infrastructure services over the next 5 years, which service models, technologies or market segments would you prioritise for long-term growth and resilience?

If I were talking to a board or institutional investors, I’d tell them: we’re not just managing infrastructure like a utility anymore. We’re heading for something bigger—“Resilience-as-a-Service.” Over the next five years, everything shifts. AI is everywhere, hybrid-cloud setups keep getting more tangled, and global rules around data are only getting tougher. Here’s where I’d put money and focus for real, lasting growth:

High-Growth Tech Segments

• Managed Detection & Response (MDR) and MXDR: Security is exploding here. This space is growing crazy fast—think 22-28% every year until 2030. Back the companies that don’t care where the data comes from (endpoint, cloud, identity) and can lock down threats automatically. That’s where the future’s heading.
• Cloud-Native Security (CSPM & CWPP): With more companies going hybrid-cloud, the old “castle and moat” idea is dead. Now, “Configuration is the Perimeter.” Cloud Security Posture Management isn’t just a tool—it’s table stakes. It’s turning into a must-have managed service, not just something you buy and forget about.

New Service Models

• The “AI-Native” SOC: The old model—big teams sitting in a Security Operations Center—doesn’t add up anymore. I’d bet on providers who lead with AI-driven incident response and automated workflows. They’ll see higher margins because they grow revenue without having to hire a small army.
• FinOps + SecOps Integration: Managing remote infrastructure isn’t just about keeping it running. It’s about squeezing out every bit of efficiency. There’s a big gap right now for “Managed FinOps”—services that constantly tune cloud setups for both security and cost. That’s a sweet spot nobody’s really owning yet.
• Continuous Threat Exposure Management (CTEM): Forget occasional pen tests. The mid-market wants 24/7 exposure management now. This isn’t just another project—it’s recurring revenue, month after month. That’s a much better business than one-off gigs.

My Strategic "Bet" for Investors

If you want resilience, look for "Platform-Agnostic" providers. The winners won't be those tied to a single vendor (like just AWS or just Microsoft), but those who can orchestrate security and operations across the "messy middle"—the hybrid environments where most global enterprises will live for the next decade.