Ashish Rajan: [00:00:00] The attackers, the bad guys, they're getting better. They're able to now put back doors in. How fast can you get back? Is my data clean? An organization that got hit by ransomware, and it took them 284 days to totally recover. Six months later, the organization got hit again by the same ransomware group.

Well, you wind up just continuing to go back further and further, but the challenge is. How do you know how far to go back to where it's clean data? If your identity is down, you're gonna have to try to figure out, how do we start getting back to that minimum viable discussion? Get over yourself.

Know that your defense tools aren't going to always be there for you. The word resilience has been around a long time in security. Now we're just taking it to the next of when it happens, what are you gonna do

Chris Bevil: A complete. Clean recovery. When was the last time you did a complete clean recovery of your backup systems to understand if your production backup is not corrupted, especially while preparing for something like ransomware.

What does it mean to have programs for recovery that is a complete recovery of the minimum viable [00:01:00] product required for the organization, not the sporadic one that you do across the board? I had a chance to speak to Chris Bevel from Commvault where we spoke about OPS as a concept where. It's about understanding the end-to-end requirement to build cyber resiliency, not just with simple backups, but also recovery capabilities and what does that mean for an enterprise.

Chris also shared some of his personal experience of going through a ransomware impact himself and how it came back. After X number of days, if you know someone who's working on their cloud hybrid environments for what backup and recovery can do as you build your cybersecurity resilience program, this is definitely episode for them.

As always, if you have been listening or watching episodes of podcast for a while and have been finding them helpful, I would really appreciate if you can take a quick second to drop the follow subscribe button, whichever platform you listen or watch your podcast episodes on. We are on all podcast platforms including apple's.

Fortify YouTube on LinkedIn. I also wanted to say thank you to everyone who came in and said hello to us at RSA. It really meant a lot that you'd stopped by and shared the love that you had for the work we do. So thank you so much for doing that. I [00:02:00] really look forward to seeing you all again at another conference too.

I hope you enjoy this conversation with Chris and I'll talk to you soon. Peace. Hello and welcome security podcast. Record Chris with me. Thanks for coming on the show, Chris.

Ashish Rajan: Thanks. Glad to be here. It's, uh, a lot of fun.

Chris Bevil: Maybe to kick things off, if you could share a bit about yourself. Your background as well.

Ashish Rajan: Sure. Yeah. My name's Chris Bevil. Um, I work for Commvault. I am one of our principal cyber resilience and AI strategist here at the organization. I, I think a lot of the people wanna know is I'm also a former CISO. I like to call it a recovering CISO. Uh, you know, 'cause I, I joke a lot of times about recovering CISO 'cause now.

That I'm in a different role. I get the opportunity to go on vacation with my family. I get to do a bunch of stuff. It was great. I played golf on Saturday before I came out. I didn't have to worry about it. Am I gonna get that phone call? Did we not patch? Did we not do something? So that's a little bit about me.

You know what I do?

Chris Bevil: or be at RSA and be pinged for, Hey, by the way, we have an incident leave.

Leave

Ashish Rajan: RSA and Come back over here or something. Exactly. Yeah. I mean, so you come to RFA and then you get the phone call and your whole trip that you [00:03:00] spent the time and money to come and learn. Now all of a sudden you're dealing with something

Chris Bevil: a hundred percent.

Considering you've been in this space for a while and have been a CISO as well, obviously backup and recovery is as old as it gets in terms of tales. I guess, and we were before this with the recording, we were talking about how industry really has a evolved, even though the threats have evolved quite a bit.

I'm curious to your thoughts on where do you find that backup and recovery? The ways we see it today in 2026. How is that different from where it was before and when both of us were doing our day jobs and not coming to RSA potentially, because of an incident. What are you finding as the thing that people missing out or not understanding about backup and recovery today?

Ashish Rajan: Yeah. You know, when you think about when recovery as a whole we, it was all about how do we get our data back and how can we get it back quick? Let's get back up and running. What can we do? And I believe we finally, over the last five years or so, began to make that adjustment to start saying, okay.

This is good, but it's not good enough. It's not where we need to be. So we're beginning to see that industry finally say, okay, we're [00:04:00] going to get hit when we get hit. Now how can we build trust back into where we're trying to go? How can we bring the proof of recovery back in a clean meth, in a clean, logical methodology?

You know, we're starting to think a lot about how can we think about. Resilience. Mm-hmm. And, and really what does that mean to an organization? What's unique though about it is there's still people stuck in the 1990s. Yeah. And they still think that their recovery is all they need. And that's, that's where we're kind of in this kind of in between, you and I both have been in security, you know.

Security guys kind of get what's the word? They, they kind of get stuck in their ways and they get a little arrogant and we've gotta help them move that arrogance and say, this is the new level.

Chris Bevil: And so why is backup not enough? 'cause I think we have organizations spend so much money on periodic backups.

There, there are arguments that happen for our backups gonna be monthly, weekly, because cost impact, everything. So why is it, if I just say that I, [00:05:00] I have backups. Why is there a false sense of security?

Ashish Rajan: Well, I would, I would say, congratulations that you have backups. That's a great start. But what we're, you know, we're really learning is the ba, the attackers, the bad guys, whatever you wanna call it, they're getting better and they're able to now put back doors in.

They're putting this different malicious links, different components. So our world of recovery point, objective and recovery time objective have changed. Now it's. Those things aren't as critically important is my data clean? Is the point of time that I'm gonna restore to clean from any back doors and malicious malware and different things.

And that's a, that's the critical point and that's the difference. Backups are great still. We gotta have them for disaster recovery and operational recovery. But for cyber recovery, backups just aren't enough.

Chris Bevil: And do you find. Are the threats different as well? Is that like for, for example, ransomware.

My thinking over there as you said that I'm like, I think I have my recovery processes down, nailed down. I feel I have, uh, done everything. But after talking to [00:06:00] you about that 2 84 day incident, like lasted, can you share a bit about that as well?

Ashish Rajan: Yeah. So to first part of your question, I, I think that.

What we realize now is the bad guys are moving more laterally through our network. They come in and, and their whole objective really is to get to your backups. If they can get to your backups, then they totally lock you down across the board. Yeah. You can't really do anything, and because of that we have to think differently about what we're doing.

You mentioned the 284 days. That was a, an instant. When I was not at Commvault, I was with another organization and I was an instant commander. But that was an organization that got hit by ransomware and it took them 284 days to totally recover and begin to get their data back up and functioning. Now the, the key takeaway there, and I don't know that we even talked about it when we were in prep, but six months later, the organization got hit again by the same ransomware group, which was the Conti Group.

And that was because what happened was is the restore and everything. This was prior to clean room and, [00:07:00] and really looking to make sure the data was clean. So that malicious factor had that little back door and it, you know, they came knocking again.

Chris Bevil: So don't the traditional, uh, I say if traditional, but the backup strategies that we have followed for decades, they're not enough anymore in terms of recovering.

So you do the 2 84 days incident where have ransomware, right? I maybe actually, maybe worthwhile. 'cause a lot of people may not even understand what ransomware is in that context. So why is my backup if I'm just doing tic backups? Why is that not enough for me to be. Defending easily against Sara Ransomware.

Ashish Rajan: So if you were a CSO and one of my peers, I would probably look at you and go, it's not enough because what, where are you gonna go back and pull from? Mm-hmm. How do you know that the data that is out there, that you've backed up to. Was not maliciously attacked, that they embedded different components in the mix and across the board.

And you're saying, okay, well where's my recovery point? Well, oh, I've got it. I'm gonna go back to here. Will you wind up just continuing to go back further and further. But the challenge is how do you know how far to [00:08:00] go back to where it's clean data? How long did they dwell in your environment?

That's the reason backups really aren't enough because you, you know, we have that 3, 2, 1 methodology. And with the 3, 2, 1, it's, let's have backups. We don't have our backup to our backup. Now let's have an air gap protected copy. A lot of folks still haven't made that move to that air gap protected copy, which, which is indelible, which is means you can't change it and indelible, which you can't delete it.

They're still not going there. But that's really the reason is, you know, backups are great, but how do you know where to store from in a clean methodology?

Chris Bevil: Yeah. 'cause I think maybe I'm opening up a kimono a bit more because I remember the backup recovery that you have to do periodically. You're only doing parts of the recovery anyways.

You know, and I guess in your case, when you explain that I'm going, can I bring the entire organization up? Maybe I can bring up parts of it. I dunno if I can bring the entire organization up. And I guess that's probably crucial in this particular scenario,

Ashish Rajan: right? It is. And, and really it's even taken a step further.

I mean, but now when you have identity and you, you have the dependencies with [00:09:00] applications and different things, you know, immediately we a lot of times thought, oh, I'm up. Let's just go bring up the whole organization. Let's bring the data back. But in the reality, if you go to start bringing the data back, you're now bringing the bad guy in.

So we wanna begin to start thinking about what is the minimum viable things that my organization needs to get the lights back on and let's get back up and running. Because the reality is, and we've talked about it in the past, is this is a board level conversation. Now, it's no longer a conversation where.

It's, you know, did you get us back up and running? The board wants to know, are we safe? How fast are you gonna get us back up and running? Is it gonna happen again? What are we gonna do? And so if you have that ability to have that conversation with them, that's how we kind of transition from backup to a total methodology.

Chris Bevil: So boards understand this now, like, uh, or is it still a transition period for them?

Ashish Rajan: The boards understand that. Do our boards ever understand a lot of things? Um, I think it's depending on how we talk to it, yes, they do understand that they have to start asking those questions. Yeah. But I think more [00:10:00] importantly, it's up to us as security experts to go in and quit having the technical conversations because really.

Recovery was about technical operations and we would go in and, and have conversations with the board about re you know, having backups and recovery. And we would talk about how we're gonna patch and, hey, we patched this many, you know, servers in the last week. We, you know, this is what we did this month, and how many things we caught.

Boards don't want to hear that boards want to hear. How what's the revenue impact to me? Are we safe? How long are we gonna be down? How are we gonna get things? So they're beginning to learn, but we as security experts have to now be able to translate that into more of a business outcome and business objective.

Chris Bevil: Is this where ops fit in?

Ashish Rajan: This is ResOps is a, you know, it's, it's a unique strategy. It's a discip. It's something that Commvault is really, really leaning into and I think we're the leaders of it. Not think I know, but when you think about the fact that with ResOps, what we're looking at as a total discipline, and part of that too is previously you've had the security kinda working in a [00:11:00] silo.

The IT teams working in a silo, maybe clouds working in silos and maybe hr.

Now what we're doing with the ops is we've got to bring everybody together. We can't. Think about the overall component of, ooh, what do I need to do? But we might need everybody working as a team together to then begin to build that cyber resilience and that cyber recovery strategy.

So that you can also test that. And so when that time hits, it's not the chaos that we know. But everything is tested and ready to go, and you're like, okay, I know what my role is, this is what I'm gonna do. And that's how ResOp fits in.

Chris Bevil: Alright. But does that solve, so we've spoken about so far, about how the traditional backup and recovery methodology doesn't stand the test for time.

Ashish Rajan: Mm-hmm.

Chris Bevil: How does ResOp fit into that then? Does it solve that problem?

Ashish Rajan: It's gonna, it's not gonna necessarily solve the problem of helping people change their mentality a little bit. Until we get them to understand it's gonna solve the problem of trust.

Chris Bevil: Mm.

Ashish Rajan: And it's gonna solve the problem of proof.

Because if you begin to test your [00:12:00] methodology, everybody knows what they're going to do when that time comes, which we all know it's gonna come at some point. Um, we can't stop somebody from clicking a malicious link. We can buy all the diff, the links we want, but somebody in the organization's gonna wanna click that Excel spreadsheet that says, Ooh, let's learn everybody's salary in the organization.

Invite the person in. With ResOps, what we're allowing to do is create a discipline that if it's put together and you have owners across the board that know what they're doing. You have a common way of really attacking it so that now we address trust and proof, and that's the things that have not been really addressed before.

Chris Bevil: Interesting. I think, I'm glad you clarified it because people may assume when you say there's, obviously people are assuming a product from Commvault, but Right. You're actually explaining a discipline.

Ashish Rajan: Yes,

Chris Bevil: you are. You're almost asking the leaders to be thinking beyond just. Backup recovery. Having, to your point about the identity components, the network components, and for many people already have a backup recovery plan, like I'll be surprised if enterprise don't already have that.

They have a process defined for it. How does [00:13:00] ResOps fit into that, like an established enterprise?

Ashish Rajan: Yeah, it, what it does is, again, it, it kinda gives them an idea and a way to think about things. So before. If you think about it, an enterprise organization, they're thinking about, okay, I have my instant response plan.

I have this plan, I have this policy and procedure. But have they have they looked at it holistically as a whole? Because if you look at an instant response plan, do you have a cyber recovery plan? Do you have a communications plan? Do you have different plans that work throughout the IR plan's? Great. But that needs to be a holistic plan.

And ResOps gives them the ability. To have that opportunity to have all those plans put in place. It's a discipline where each organization or division in the organization says, okay, I know what I'm gonna do. This is how I'm gonna do it, where I'm gonna do it. And lastly, the most important thing about ResOps is testing and testing with chaos.

And that's, that's where enterprises really have to dig in.

Chris Bevil: What do you mean that's by chaos?

Ashish Rajan: They have got to get together in the boardroom and not just have the one [00:14:00] executive tabletop, you know? 'cause we want to check our compliance. Yes. Hey, insurance, we did our tabletop. Yeah. Or yes, you know, compliance methodology with our tabletop, but get in a room and understand what's going on.

And you have that executive tabletop where the boards and the executives understand. And then you have that tabletop in the technical where you test each of the different systems and it's chaotic and you really want to. Create that chaos so that you know, when it really happens, you're able to come back and really get up.

I mean, I can, you know, tell you a story of, you know, we did a tabletop with a major enterprise organization and it, it was funny what you uncover when they start testing with chaos and the fact that the chairman of the board was in there with us. And a question was, do you ever go outta the country? Do you ever go anywhere?

And there was a particular country you should not go out to without a burner phone or a burner computer,

Chris Bevil: right?

Ashish Rajan: And he was like, I'm sorry, what?

And he was taking his phone, regular phone, company phone and computer to a foreign country that you probably shouldn't [00:15:00] do that. And it's things like that, that you begin to say, okay, well wait.

If he's doing this, what is that introducing? And then when that chaos happens, can everybody know how to work through it?

Chris Bevil: Okay, so it sounds like discipline, but I normally find that you can't lead in charge to drive a program. 'cause it's almost almost like you're having a, a security program being built.

Is it a security program? Is it, is it, who's the owner?

Ashish Rajan: That's a great question. And, and the really, the, it depends, it depends on the organization. And 'cause it's, it's almost like does the CISO report to the CEO? Does the CISO report to the CIO? Does it report to the board, you know, who owns what within the organization?

It's really more about giving each individual, the understanding and working together as a team. You know, together everyone achieves more.

Chris Bevil: Yeah.

Ashish Rajan: So yes, you like to have an owner, probably the CEO should be the owner, right? And ask each group, have you done this? Have you done that? And then that allows them the ability to work together.

But it could be the CISO. It's really whoever understands cyber resilience and [00:16:00] begins to understand this ResOps framework that every division has to work together. It's just not an IT or security problem anymore.

Chris Bevil: Mm-hmm.

Ashish Rajan: It's really whoever can take that ownership there, there's no right or wrong answer there.

Chris Bevil: So most organizations already have say some way of identity security, some way of the network security. 'cause you're almost asking people to kind of bring the. Backup recovery component along, maybe not at the same level, but maybe at a similar level. 'cause it's to your point, is we are not talking from a technology perspective.

We are more talking more from a, Hey, are we out for identity? Are we out for network? Identity obviously is top mind for people because now AI is like everything. So how does identity play a role in ops and is it an important part as well there?

Ashish Rajan: Yeah, I mean, identity, you know, when you, when you think about ad, you start thinking about ra, you start thinking about Okta, now you start throwing in all the different pieces of force level ad.

It plays a significant role because when you start laying it out, it's like what comes first, the data? Does identity come first? You know, does cloud come first? What are [00:17:00] we doing from our dependencies? It all works together. Um, but identity is where the bad guy is really trying to go first. Mm-hmm. And if your identity is down, not only can you not necessarily communicate, but you're gonna have the opportunity to try to figure out, okay, how do we start getting back to that minimum viable discussion that we had on what we were trying to do.

And if we can't get our identity back up, how are we gonna get everything else working? But the reality is that's just one piece of a whole thing. I would probably start with identity and then move from there.

Chris Bevil: I think we were talking about the whole resilience first architecture and, um, how would you describe resilience?

First architecture? 'cause I guess everyone wants to build cyber resiliency. It's a. Program people run, some people have where or can we do bring the capability? But in a conversation that you guys have been talking about building a resilience first security architecture, what does that look like?

Ashish Rajan: Yeah. I think, uh, when you think about it that way it, it's really, we have to begin, we think about the whole, you know, left [00:18:00] of boom and right of boom.

We've gotta begin to start thinking about that rite of boon. So when we start thinking about resilience architecture, we're thinking about, okay, what are the defensive tools that we can have? But now that when that process hits, mm-hmm. When it occurs, what are we doing after the big red button has been hit?

What is our plan? And again, it goes back to what is our instant response plan? Has that been tested? But in that instant response plan, what is the cyber recovery plan? What is our communication plan? So that cyber resilience, I mean, resilient, the word resilience has been around a long time in security.

Now we're just taking it to the next of. When it happens, what are you gonna do to build a plan? And the best way to do that is to start thinking about, do I have an immutable and indelible air gap copy? If I get hit and I'm gonna bring that up, how do I take that into a, you know, an isolated recovery environment and be able to look at that information to say, is this clean?

Can I do this? And then you begin to kind of look at it and think about, you know, what you're doing. I think the most important part of that, really is, is the clean room piece. [00:19:00] We know you gotta have it, air guy.

Chris Bevil: Yeah,

Ashish Rajan: but I heard a story at another conference where somebody had pipe going out to an A GP.

And they could spin up an IRE, which means you know, recovery environment in about two hours. Oh. And they told, it was great, but my question to them was, well, what, how do you know it's clean? And that goes back to what we talked about very early on in our, our conversation of that's the difference between recovery and cyber recovery is, is the data clean?

And where do you start from that point?

Chris Bevil: I love the example is AI impacting the resilience strategy that people are thinking. Or how you should approach it.

Ashish Rajan: It really is. And you know, most organizations, Commvault is one of the organizations. They're really looking at AI and how to bring it in. I think a great way to think about it is AI can see the things that we don't, and so AI's never gonna replace people, but AI is going to help people do their jobs better.

Yeah. And that's how Commvault is really pulling AI into, into the mix. I, you know, I like to use the example, if you think about before AI in the healthcare world, a doctor would have to [00:20:00] visually look. At an x-ray. Mm-hmm. And they might miss a small fracture. Well, AI looks at that and tells the doctor, Hey, there's a small fracture that you may not see now when you switch that over and look at a Commvault or other people utilizing AI as a whole.

Now these alerts that come in that, you know, humans get fatigued, so maybe AI helps pick up an alert. Uh, maybe it picks up an anomaly in detection that we may not have seen. So it plays a major role and really it's, it's helping us. If we use it we gotta think about the attackers know how to use it too.

Chris Bevil: Yeah. And is it making it faster or harden?

Ashish Rajan: I think it's making it faster. I think, you know, when you look at it, and it allows people to make decisions quicker, but it, it allows 'em to utilize AI to give them, help them get to the proof and truth that they're looking for as well.

Because I, I, we are moving also in a world where a lot of people are building AI driven systems like this with the copilot or whatever you want to put that by example. How should CISOs think about recovery and probably add another layer. 'cause we are in [00:21:00] RSA, people are walking on the floors thinking about, Hey, I need to uplift my backup recovery program. How should they approach, say, planning five years is not probably practical today, let's say for the rest of 2026 if I wanna uplift my backup recovery so that it stands a test of time, maybe, maybe even for AI enabled systems as well.

What would your recommendations be to those CISOs for their security program?

Chris Bevil: One, get over yourself and know that your defense tools aren't going to, they're not gonna always be there for you. Yeah.

And begin to really think about the ResOps discipline. Mm-hmm. And what that means to your organization. Begin to think about how do I recover quicker?

Yeah.

Ashish Rajan: Uh, how do I answer the board questions or are we safe? And how do you, how do you show proof? And then obviously, you know, we're here at RSA, come by our booth, talk to people, but, you know, reach out to you reach out to me, we can get people connected with what, whatever organization that that works, you know, best for what they're trying to accomplish.

But I think overall the biggest thing is, is uh, do something. You know, the worst thing we can do is do nothing. And that's a [00:22:00] great way to begin. Because AI's not going anywhere. 'cause if you think back just four or five years ago, we were like, what's this chat GPT thing? Yeah. And now look at where we are with agen AI and, and generative and all the different components.

Chris Bevil: So, uh, as you, you said something there, which made me think how, so if your board does ask, are we resilient? What's the right way to frame that response for a CISO and what kind of metrics should you think about and leaning into your ResOp framework as well?

Ashish Rajan: Yeah, if the, if they said, are we resilient, we would, the answer is yes, and I can show you the proof if you're with the right organization, the right.

Cyber resilient organization, cyber recovery organization, like a Commvault, can show an organization with proof. This is, you know, we can give you examples to show the board, you know, this is how our air gap copy works. This is how our clean room works, so that we know when we get hit, this is what we've defined to do and how we're gonna do it.

The really big thing is also is just tell the board, yes, we can be secure, but you gotta ask for the money.

Chris Bevil: Yeah.

Ashish Rajan: And the metrics are really. [00:23:00] How fast can you get back to mean time to recovery? Uh, and you know, and what that means is how clean is our data. So how do we get back to that minimum viability at the quickest time?

And you do that through a mean time to clean recovery and, and those are the metrics they're looking for. Tell them what this is gonna help you navigate. Even the, the entire. And of course of the whole situation and give them a financial benefit. Tie it back to financials and business objectives.

Chris Bevil: It's a good way to put it as well, because your point at the end of the day, meantime to recovery, but the word you used earlier, which resonated with me, was a clean recovery.

And I think, and for me, that's definitely the key here, where it's not just that I can recover parts of my organization, it's just how can I clearly recover? Pretty much the end time MVP, for lack of better word, for my business to continue working. Great conversation so far and I've already had the technically questions covered.

I've got some fun questions. So we're doing the snack war this time for this.

Ashish Rajan: I've been excited and waiting for this the whole

time. So, I have to tell you, the car favorite has been crocodile and kangaroo with some good [00:24:00] British and Australian snacks. You can feel free to pick any, these are sweeter ones.

They are caramel dodgers and obviously the snacks as well, the lollies. Obviously you had, I would say go for both kangaroo and crocodile.

I was gonna say, yeah. Why? I know you want me to try the crocodile and kangaroo and so what I, what I really like too is the fact that my wife is gonna see this and go, he's so picky.

How is that? I don't think we eat.

Chris Bevil: Maybe that he died.

Ashish Rajan: So there's the, this is the kangaroo

Chris Bevil: that That's the crocodile. Yep.

Ashish Rajan: Yep. And then this will be the crocodile.

Chris Bevil: Which one get which one do

Ashish Rajan: first? We're gonna go with the crocodile first.

Chris Bevil: All right. Does it taste like chi chicken?

Ashish Rajan: It does,

Chris Bevil: isn't it? Oh, maybe I'm planting the idea in other people's head.

'cause I feel like, uh, I had it. I'm like, I'm expecting it to, you know how I said earlier, like,

Ashish Rajan: yeah,

Chris Bevil: if you're growing up in Louis, Louisiana having alligator, you're expecting it to be like. Quite hard and chewy, but I'm like, it's like chicken.

Ashish Rajan: No, that was actually really good.

Chris Bevil: Yeah.

Ashish Rajan: So [00:25:00] I'm very, alright. So this is the kangaroo,

Chris Bevil: right?

Yeah. Yeah.

Ashish Rajan: That's the opposite.

Wait, but it's not good or good opposite in a good way?

No, it's, but it's a little tougher.

Okay. Right, right, right.

But it, it really is good,

Chris Bevil: but, but in a gamey way because a game meet way.

Ashish Rajan: Yeah.

Oh, there you go. But would you, I mean, maybe, uh, I should give you one of the packets.

So if you're enjoying that that much.

I actually, I, I'm telling you, I'm gonna have to go find out where these snacks are. Have you send me some? These are really good.

Chris Bevil: I, I would definitely, I think, I'm pretty sure we have some extra, so I'll definitely share that over

Ashish Rajan: that. I was shocked. That was great.

Thanks for letting me do that. That was awesome.

Chris Bevil: Oh, and now you have, you can take that box off that. Have you tried crocodile? I'm like, yeah, I think I've tried crocodile and the kangaroo. That's a,

Ashish Rajan: I would rather eat crocodile than alligator.

Chris Bevil: Yeah.

Ashish Rajan: We talked about so that,

Chris Bevil: yeah. Yeah. Fan. So about three fun questions.

The first one is, where do you spend most time on when you are not trying to work on backup and recovery strategy problems?

Ashish Rajan: Twofold. Twofold. One, when my family, when they're not going, why are you at home? Get on the golf court. So I have a good friend and we play a lot of golf. We try to get out and if we're not playing, we're watching it.

[00:26:00] But, um, and then I spend a lot of time with my family.

Chris Bevil: Oh, nice. Second question. What is something that you're proud of that is not on your social media?

Ashish Rajan: Uh, wow, that's a great question. I think, uh, the biggest thing I'm proud of is my kids and, you know, and being married 31 years and raising a 29-year-old and a 25-year-old and just, uh, you know, who they've become and, and what they become.

So that, I think that's something you don't see a lot on social media. 'cause we always put, business stuff out there a lot of times. Yeah. I think I would say. Also being, you know, married to my wife for 31 years is pretty awesome.

Chris Bevil: Awesome. Yeah. Final question, what's your favorite cuisine or restaurant that you can share with us?

Ashish Rajan: I probably have to say Cheesecake Factory. And you're probably gonna look at me and go, really?

Chris Bevil: Yeah.

Ashish Rajan: You can keep all the entree stuff. Yeah, but gimme that massive dessert. Opportunity with all the different desserts they have, the cheesecakes, you know, you just, the cakes in of itself, you know, you can't go wrong there.

Chris Bevil: Interesting. And oh, fun fact, I don't think so in the seven years I've been asking this question, the first person to mention Cheesecake Factory, I would always thought [00:27:00] someone will mention here and there. 'cause it's such a popular thing, right? But surprisingly, it was the first one, so,

Ashish Rajan: well. You were expecting me to give you some like steak place or something like that and then I mean, you seemingly, as soon as you ask the question, I can just see the whole cheese put thing.

Right When I walked in I was like, there it is.

Chris Bevil: Awesome. Uh, thank you for sharing that as well. Where can people find out more about ResOps stuff that you guys have building and we can connect with you as well?

Ashish Rajan: Yeah, so they can connect with me on LinkedIn. It's Chris Bevil I link as well. And yeah, it'll be there.

They can also go to commvault.com Uhhuh there's a lot of information there and if they're here at RSAC. Come by the booth. We've got an amazing time. I want you to come by the booth. We've gotta get a picture of you with the wrestling belt.

Chris Bevil: Yeah, yeah.

Ashish Rajan: Um, we've got a great fun demo, so that's a great place as a OL, but commvault.com is awesome.

Reach out to me if you don't know and I can get people in, you know, and reach out to you. You can guide 'em our way.

Chris Bevil: I would love you. That as well.

Ashish Rajan: Thank you so much for coming on the show. Thanks you so much. And thank you for tuning in with all people's studies. Thanks. See you guys.

Chris Bevil: Thank you for listening or watching this episode of Cloud Security Podcast.

This was brought to you by Tech [00:28:00] riot.io. If you are enjoying episodes on cloud security, you can find more episodes like these on Cloud Security Podcast tv, our website, or on social media platforms like YouTube, LinkedIn, and Apples, Spotify, in case you are interested in learning about AI security as well, to check out assistant podcast called AI Security Podcast, which is available on YouTube, LinkedIn, Spotify, apple as well, where we talk.

To other CISOs and practitioners about what's the latest in the world of AI security. Finally, if you're after a newsletter, it just gives you top news and insight from all the experts we talk to at Cloud Security Podcast. You can check that out on cloud security newsletter.com. I'll see you in the next episode, please.

‍