Nishant Sonkar

Nishant Sonkar’s career reads like the modern blueprint for a security professional who has learned to treat compliance not as paperwork, but as engineering.

Over more than a decade in cybersecurity and risk, Sonkar has built a reputation around a specific kind of work that rarely gets celebrated outside executive briefings: making large organizations demonstrably safer by turning abstract security requirements into repeatable, auditable systems. Today, in a senior security role at Cisco, he operates in a world where scale is unforgiving—global cloud footprints, fast-moving product lines, and an expanding set of regulatory expectations. The consistent thread across his roles is not simply meeting standards like SOC 2 and ISO/IEC 27001, but building the governance machinery that allows those standards to be sustained without constant reinvention.

Colleagues describe this as the difference between “passing an audit” and “operating with control discipline.” Sonkar’s work emphasizes security policy that can be implemented, measured, and proven—especially in cloud environments where traditional perimeter assumptions fail. He has been closely involved in programs that strengthen enterprise controls across major cloud platforms, and he approaches third-party risk as a technical problem as much as an organizational one: reduce ambiguity, codify expectations, and create evidence that survives scrutiny.

What sets Sonkar apart is his insistence on clarity and public knowledge transfer. While many security leaders keep their lessons internal, he has published professional guidance and commentary on how organizations should interpret and plan for standards transitions—such as the industry’s move to ISO/IEC 27001:2022—and what “readiness” should actually look like in practice. He also contributes thought leadership through outlets like the Forbes Technology Council, where his writing focuses on contemporary security realities: governance modernization, compliance sustainability, and how organizations can adopt emerging technologies without eroding trust.

His most practitioner-oriented work is grounded in the premise that compliance programs should scale the way software scales. In publications aimed at security and governance professionals, Sonkar has argued for consolidated, reusable control structures—approaches such as “common control” models that reduce duplication and make assurance more consistent across programs. This is not theory for its own sake; it is an attempt to move organizations away from fragmented checklists and toward systems that continuously verify the security posture they claim to have.

For IICSPA, Sonkar’s record maps cleanly to the Fellow standard: sustained senior-level practice, evidence of leadership beyond a single employer, and visible contributions to the profession’s shared body of knowledge. His work sits at the intersection of ethical responsibility and operational execution—where trust is earned through controls that hold up under pressure, and where security maturity is measured not by intent, but by proof.

Fellowship, in this context, would not be a capstone as much as an amplifier: a platform for Sonkar to expand mentorship, advance standards-driven security practice, and help shape how the industry governs emerging risks—especially in cloud-first and AI-accelerated environments—without losing the fundamentals of accountability and integrity.