Puneet Thapliyal

Puneet Thapliyal

Chief Information Security Officer at Headspace Health

Headspace Health
Share
Headspace Health CISO Puneet Thapliyal on his passion for cybersecurity and the challenges the business faces in protecting users’ health data

Chief Information Security Officer for Headspace Health, Puneet Thapliyal is a seasoned cyber security and networking executive who is responsible for the business’ overall product and IT security as well as member data privacy.

With an undergraduate degree in Computer Science from HBTI, Kanpur, Thapliyal came to the United States in 1999 to study for his Master’s degree in Computer Science from Rensselaer (RPI) in New York.

“My first job out of college was at Oracle, here in Silicon Valley, and then Yahoo, and those were great experiences,” he says. “Along the way, I picked up this passion towards cybersecurity, and re-educated myself in this field.

“Cybersecurity is one of those rare domains where you have to be on your toes all the time. You have to constantly be in a learning mode because the attackers are not sitting still. They're evolving, and we need to be always catching up,” Thapliyal adds. “That's an education challenge that I really like, and that adds to my underlying computer science background as well.”

In 2013, Thapliyal co-founded Trusted Passage, which was one of the first companies to be building what is now called ZTNA, or Zero Trust Network Access solutions. 

“2013 was a little early to be building out that solution,” he says. “The industry was not ready, it required a mind shift change in the technology leadership, and companies to say, okay, there's a new way of doing access controls or access provisioning for your company. 

“In the past decade, thankfully, driven by other parallel initiatives such as Google's Beyond Corp initiative and cloud security alliances, software-defined perimeter initiatives, the market has turned a corner and everyone realises the benefits of building these zero trust architectures, which is a highly popular term inside cybersecurity at the moment,” Thapliyal adds. “Trusted Passage was building that solution. It was a great experience to build something out of nothing and take it to the market to learn all the mechanics of building a company and truly cherish that experience.”

In 2016, Thapliyal joined digital health startup Ginger. “I wanted to be part of a company that has a large impact on the world, and I got introduced to Ginger in 2016,” he says. “When I talked to the founding team, I was very impressed by the vision they had of solving mental healthcare for the whole world. I wanted to be part of the journey, and that was how I got into digital healthcare.

With Ginger merging with Headspace in 2021 to create Headspace Health, as CISO Thapliyal is well aware of the importance of cyber and data security.

“I think the biggest challenge at the moment is what we call the malicious insider problem,” he describes. “Whether we have enough controls inside the company to prevent the peeking and poking of healthcare data is important already, but that will become really important if we have what I call the future celebrity scenario. Let's say a highly popular celebrity publicly starts talking about getting therapy services from Headspace Health. Do we have enough controls inside to prevent people from reaching that patient's data? That's a very futuristic scenario, but we are investing a lot in building the right level of controls and audit capabilities to prevent that.

“The second biggest challenge is too many third parties. So we are a SaaS-first company. We operate in a very heterogeneous environment, where we interact with a lot of third parties on a day-to-day basis. That's a risk that any of them being hacked means our data is breached. That's the second challenge where we want to make sure, like we have a very mature TPRM programme, a continuous security assessment programme. So that's a huge challenge for my role at the moment. 

“I'm a technology cybersecurity person at heart, and so that's what I enjoy a lot. If we can use those skills which I bring to the table, to solve a very challenging problem, which is about the data security of mental healthcare data privacy, then that excites me even more. The combination of two results in delivering highly trustworthy service to our members, that's also very motivating to me.”


Read the full story HERE.

Headspace Health
Headspace Health
Our Partners
Share

Featured Interviews

Featured

Mark Opitz

Group Head of ICT – ACCIONA Australia and New Zealand

ACCIONA Australia Head of ICT Mark Opitz on how the company’s digital transformation journey is revolutionising sustainable infrastructure development

Read More

Rachel Bence

CIO at Queen Mary University of London

Rachel Bence, CIO at Queen Mary University of London, blends her research and IT management expertise to drive digital transformation and inclusivity

Read More
We use a secure-by-design approach, integrating security measures from the inception of service design and rigorously assessing the cybersecurity practices of its supply chain
Rachel Bence
CIO at Queen Mary University of London

Kate Flanagan

Executive General Manager IM & Technology at Roy Hill

Kate Flanagan, Executive General Manager IM & Technology at Roy Hill, details her journey in the mining industry and explains what keeps her motivated

Read More

Theresa Campobasso

Senior Vice President of Strategic Accounts at Exiger

Supply chain risk specialist Theresa Campobasso cut her teeth in the US military

Read More

John Bailey

SVP of Technology & Innovation at AVI-SPL

SVP of Technology & Innovation at AVI-SPL, John Bailey, discusses a career driving innovation in communications and AV technology

Read More

Mark Opitz

Group Head of ICT – ACCIONA Australia and New Zealand

ACCIONA Australia Head of ICT Mark Opitz on how the company’s digital transformation journey is revolutionising sustainable infrastructure development

Read More