Editor’s note: ISACA’s Career Catalyst Stories showcase how members have been supported by ISACA throughout all stages of their careers. Today, we profile Chirag Joshi, founder and CISO, 7 Rules Cyber. Find out more about ISACA membership here.
Chirag Joshi’s best-selling cybersecurity books are reflections of the principles he learned through ISACA.
His ISACA certifications set the tone for what he describes as his business-enablement mindset by delivering trust in technology.
And the global ISACA community supplied continuity and connection as he navigated a major move from the US to Australia.
Joshi’s relationship with ISACA has spanned more than a decade of personal and professional growth, so maybe it is no surprise that he has come to view ISACA less as a professional association and more as a community that has proven transformative throughout his career journey.
“ISACA has been a constant presence throughout my career, offering support at every critical juncture,” Joshi said.
Chirag and ISACA: early career
Joshi joined ISACA around 2011. At the time, he resided in Denver, USA, and was moving from a technically focused engineering role into a more strategic governance function.
Joshi said ISACA certifications – he now has CISA, CISM, CRISC and CDPSE – created momentum for his career to shift in the direction he wanted.
“These certifications were not just about acquiring technical knowledge, they were instrumental in shaping my ability to communicate, lead and influence at the highest levels, qualities that I now bring to my advisory work with boards and executives,” Joshi said.
Joshi also credited ISACA’s Business Model for Information Security (BMIS) with being one of the major “aha moments” early in his career, and the BMIS principles remained a fixture on his whiteboard for months as he worked through complex governance challenges. He then began attending ISACA global conferences, providing a broader perspective that he considers a turning point in his ability to tackle emerging challenges in the industry.
What’s happening now?
Today, Joshi is founder of 7 Rules Cyber, where he provides strategic guidance to boards and executives. He said the lessons he has learned through ISACA remain central to his approach.
“I focus relentlessly on business outcomes without getting lost in technical complexities,” Joshi said. “Through my certifications, conference attendance and other ISACA learning resources, I have come to understand the role of risk management as central to cybersecurity success and recognize the key connection points with assurance, privacy and data governance. This has helped shape the value I provide through 7 Rules Cyber.”
Joshi said his ISACA learnings also factored into a pair of books he has authored: 7 Rules to Influence Behaviour and Win at Cyber Security Awareness (2019) and 7 Rules to Become Exceptional at Cyber Security (2022). The books have been purchased in 11 countries and have been featured in their categories as Amazon Australia best-sellers.
“Both books are a reflection of the principles I learned through ISACA, focusing on aligning security strategies with real-world business objectives,” he said. “Furthermore, my thought leadership series podcast, Art of Cyber Security, that features conversations and insights from experts around the world, has a lot of ISACA risk, human factor and digital trust principles at its core.”
Joshi relocated from Denver to Sydney eight years ago. The motivation was to be closer to family, but he had to leave a successful and stable career to venture into the unknown.
In the immediate aftermath of the move, Joshi did not have many local connections, but he soon became heavily involved with the ISACA Sydney Chapter, where he currently serves as vice president. Joshi said his involvement with the chapter has both widened his network and provided invigorating leadership opportunities.
“I work with leaders across Australia, New Zealand, Southeast Asia, and other regions, collaborating to create opportunities for knowledge-sharing and innovation,” Joshi said. “ISACA’s global community has not only enhanced my own career but also allowed me to contribute meaningfully to the development of others.”
What’s next for Chirag?
Joshi’s profile continues to rise; he has been recognized as winner of the Excellence award at the Australian Cyber Security Awards 2024, where he was named Cyber Security Consultant of the Year. He also has won the CSO30 Award, recognizing the top 30 cyber security leaders in Australia, three straight years, and recently was appointed National Ambassador for Critical Infrastructure for CI-ISAC Australia.
As far as Joshi has come in his career, the dynamic evolution of the digital ecosystem calls for an ongoing commitment to learning. Joshi said ISACA will remain indispensable as he strives to deepen his expertise and leadership.
“ISACA’s resources have always been a key part of my professional development, and as the cybersecurity landscape continues to evolve, I will continue to leverage ISACA’s insights,” he said. “Emerging areas like AI governance, cyber risk quantification, and regulatory changes are becoming increasingly important for the boards and executives I advise. ISACA’s forward-thinking research and frameworks help me stay ahead of these trends, ensuring I provide the best possible guidance to my clients.”
In reflecting upon his trajectory, Joshi said ISACA helped him transition from an individual contributor to an executive leader to, now, a thriving entrepreneur.
He looks forward to creating similar opportunities for others in the coming years through his ever-growing ISACA network.
“The national-level awards I have received and the recognition as a thought leader in cyber security are as much a testament to ISACA’s influence as they are to my personal journey,” he said. “Whether through attending conferences, contributing to the global conversation on security, or mentoring others, ISACA has been an integral part of my success, and I look forward to continuing this journey for many years to come.”
