Be it technological or digital, every armour has a crack or a vulnerability. When it comes to cybersecurity, there was a time when these cracks and vulnerabilities formed a specific void that few saw, forget did something about it. When Sachhin Gajjaer founded Sattrix Information Security in 2013, the same was the case with Indian enterprises. They treated cybersecurity as a checkbox compliance exercise rather than a strategic business imperative. “I mean, the void I witnessed was twofold: companies were spending lakhs on fancy security products but had no clue how to actually use them effectively, and 24/7 threat monitoring was this luxury only multinationals could afford. I thought to myself, why shouldn’t a mid-sized Indian manufacturer or a growing fintech have access to the same world-class protection as a Fortune 500 company?” That’s what drove Sachhin to build their Managed SOC services at Sattrix.
“Fast forward a decade, and honestly, we’ve come so far beyond that initial vision,” he adds. “We’re not just providing security services anymore, but we’re helping organizations architect their entire digital resilience strategy.” With NewEvol, their dynamic threat defense system platform, and the company’s presence across the US, SEA, EU, and Middle East, Sachhin says, “We’re proving something I’ve always believed that Indian innovation can lead globally, not just follow.”
An Era of Ever-Advancing Threat
Today, we are living in such times where AI-driven threats and quantum computing risks are no longer theoretical. Everyone must be concerned about the many dangerous misconceptions Indian business leaders still have about their digital defense. Pointing out one of the most critical, Sachhin says, “What scares me most when I walk into boardrooms today is that CEOs still think cybersecurity is something their IT team handles, not a business survival issue. I’ve literally heard leaders say, ‘We have a firewall and antivirus, we’re covered.’ I’m thinking, do you realize AI automated attackers are evolving their tactics faster than your signature-based systems can even detect them?” That is the most dangerous misconception. The harsh truth is that one ransomware attack can wipe out everything you’ve built, adds Sachhin, your brand reputation, customer trust, and years of operational excellence, just gone in hours.
“What keeps me up at night isn’t how sophisticated these threats are; it’s seeing smart business leaders being dangerously complacent.” They don’t realize they’re up against adversaries with nation-state backing and AI automation. The quantum computing era isn’t some future scenario. It’s happening now. If you’re still relying on perimeter defense in 2026, you’re basically locking your front door while leaving every window wide open, he warns.
Becoming a ‘Boardroom Advisor’ for Global Enterprises
Sattrix’s journey from a renowned managed security service vendor to a global organization’s strategic partner is commendable. Sachhin shares that the turning point for them was realizing they needed to stop talking in technical jargon and start speaking the language of business impact. “We literally stopped selling ‘SOC-hours’ and began showing CFOs and boards exactly how we reduce their cyber insurance premiums, accelerate compliance certifications, and quantify actual risk reduction in rupees and dollars.”
Three major shifts made this transformation possible. First, they built NewEvol, which doesn’t just send alerts but gives predictive intelligence; it tells you what’s coming, not just what happened. Second, Sattrix embedded account managers who can translate ‘critical vulnerability in Apache Struts’ into ‘here’s your financial and reputational exposure if exploited.’
Third, adds Sachhin that they engage at the board level with security posture reviews and strategic recommendations tied to their business goals, not just technical metrics. “Today, our clients don’t call us to fix firewalls. They bring us in when they’re planning international expansions, M&A activity, or digital transformation. That shift from being a service vendor to a strategic advisor, that’s what I’m most proud of,” he smiles.
The ‘Make in India’ Global Vision
Though Sachhin successfully expanded Sattrix across SEA, the US, and the ME regions, he says that he has always been bothered by how the world sees India as just a back office for cybersecurity operations. India has never lacked technical capability or talent. It has Wipro, Infosys, and TCS managing critical IT infrastructure for the world’s largest enterprises, he adds. “What we’ve lacked are visionary leaders and technologists willing to build proprietary products that compete globally, not just deliver services. We’re changing that story with NewEvol, our dynamic threat defense platform that goes head-to-head with any global SIEM solution out there.” In fact, their Delaware and Dubai offices are battlegrounds where they’re proving that Fortune 500 companies and Gulf enterprises will choose Indian-engineered intelligence over established Western platforms when given a fair comparison.
Now this isn’t just about Sattrix’s growth; “It’s about our country’s vision of digital self-reliance and showing the world, we can build indigenous solutions that solve global problems. We compete on innovation quality and speed, not price undercutting.” When an American CISO chooses Sattrix, they’re not outsourcing to save costs; they’re accessing cutting-edge cybersecurity intelligence that happens to be engineered in Ahmedabad. That narrative shift from ‘India services the world’ to ‘India innovates for the world,’ embodies the true spirit of ‘Make in India’, building world-class products on Indian soil that set global standards, states Sachhin.
From AI vs. Human Intelligence (HI) to AI&HI
This is the age where human intelligence is pitted against artificial intelligence. Yet, as though Sattrix leveraged cutting-edge tech, Sachhin says that his fundamental belief is that humans created AI, so ultimately it depends on how intelligently you utilize it. AI is incredible at processing millions of security events per second and spotting patterns no human ever could. But it’s only as good as what you feed it and how you deploy it. “I see AI as a powerful assistant, a force multiplier, not a replacement for human judgment.”
Sophisticated attackers know how to exploit the gap between what AI recognizes as patterns and what requires real contextual judgment. And here human analysts become absolutely irreplaceable.
Sattrix’s platform, NewEvol, uses machine learning to cut through the noise and surface genuine threats, while its ‘1see continuous compliance offering’ protects organizations under DPDP, GDPR, and privacy regulations. “But then our certified analysts make the tough calls. Is that lateral network movement a legitimate admin doing their job, or is it stolen credentials? Is that data transfer a scheduled backup, or is someone stealing intellectual property? We’ve built what I call a ‘centaur model.’ AI handles the scale and velocity; humans bring wisdom, intuition, and context. The real magic isn’t choosing between AI or humans, but it’s orchestrating them together into something far more powerful than either could be alone, reveals Sachhin.
Democratization of Security
Democratizing cybersecurity is another mission of Sattrix. Traditionally, elite cybersecurity was reserved for the Fortune 500. Breaking that convention, Sattrix has been guided by Sachhin to provide enterprise-grade security to the mid-market and SME sectors, ensuring that India’s economic backbone remains protected. As he puts it, “This is personal for me because India’s economic strength isn’t just the Tatas and Reliances.” It’s the thousands of mid-market manufacturers, healthcare providers, and financial firms that face the same cyber threats but don’t have ₹5 crore security budgets. Sachhin adds proudly, “We’ve democratized access through our SOCaaS model, which eliminates that massive upfront capital expense of building your own security operations center.” A mid-sized pharmaceutical company or textile exporter can now get 24/7 monitoring, threat intelligence, and incident response for a predictable monthly fee instead of hiring an entire security team they can’t afford or find. Sattrix’s pricing scales with complexity, not just company size. It is not forcing smaller businesses into bloated enterprise packages they don’t need. Beyond just affordability, Sachhin ensured they’ve made everything simple; businesses without CISOs can actually understand their security posture through dashboards that speak in business language, not tech jargon. And the reality check is that cybercriminals don’t care if you’re a ₹500 crore company or a ₹5000 crore company. “So why should access to world-class defense depend on your size?” asks Sachhin, further ensuring it does not.
Navigating the DPDP Act
Also, India’s Digital Personal Data Protection Act is now in full force. Sachhin believes that the DPDP Act completely changed the game. Suddenly, cybersecurity has become a legal and governance crisis with penalties up to ₹250 crore. He informs that most organizations he talks to are genuinely overwhelmed trying to figure out data flow mapping, consent management, and breach notification timelines. What they’ve done at Sattrix is integrate compliance directly into their security architecture instead of treating it as a separate checklist exercise. “We help clients implement the technical controls such as encryption, access management, and monitoring while simultaneously building the audit trails that regulators actually want to see.”
Their approach is very practical, adds Sachhin. They conduct data protection impact assessments to identify your high-risk activities, deploy systems that track consent lifecycle and data subject rights, and create incident response playbooks that ensure you meet DPDP notification deadlines. But what worries him is that the Act doesn’t give SMEs a pass on penalties. A small business can face the same business-ending fines as a large enterprise. “We’re making sure they don’t get destroyed because they didn’t understand the technical requirements,” he assures.
A Digital Realm of ‘Zero-Trust’ Reality
Then there is ‘zero-trust’ digital reality. The perimeter is gone. As Sachhin says, the old castle and moat security model is dead. Zero-Trust isn’t some new trend or product you buy and install. This philosophy has existed from the beginning in military and defense operations where trust is never assumed, and a threat can come from anywhere, he explains. “What we’ve done at Sattrix is embed this wartime mindset across every layer: identity, devices, networks, data.”
The fundamental shift for them was accepting that breach is inevitable, so they’ve re-engineered their entire operations to assume compromise from day one. Every access request, every transaction, every activity gets verified regardless of where it originates. Their platform, NewEvol, continuously monitors behavioral patterns and flags anomalies even when credentials look legitimate. They’ve deployed micro-segmentation so attackers can’t move laterally even if they breach one entry point. “But honestly, the biggest challenge wasn’t technology. It was retraining our analysts’ entire thinking. We had to shift from ‘protect the perimeter’ to ‘verify every identity constantly.” In this model, trust isn’t a state, but it’s earned dynamically, every single time, reveals Sachhin.
The War Room Leadership
Cybersecurity is an industry of high-pressure’ war rooms.’ Thus, stating his personal leadership philosophy, Sachhin says, “I’ve learned that in the chaos of an active breach, panic spreads like wildfire, but so does calm. My philosophy boils down to three things: radical transparency, decisive action, and treating every incident as a learning opportunity, never a blame game. When a client’s systems are compromised, they don’t need me to sugarcoat things or give false hope. They need brutal honesty about how bad it is, clear steps to contain it, and realistic timelines for recovery.” Sachhin has drilled this into his 24/7 SOC teams. Every breach is a chance to learn and improve, not to point fingers. “Our war room protocols prioritize proven playbooks over hero tactics, but we also empower our analysts to escalate judgment calls without worrying about being wrong.”
Sachhin personally jumps on critical incident calls not to micromanage but to absorb the client pressure so his technical team can focus on remediation. The calmness everyone sees comes from preparation. He adds that they run tabletop exercises simulating nightmare scenarios regularly, so when the real thing hits, it’s muscle memory taking over. You can’t teach precision under fire in a classroom. You build it through training, rehearsal, and cultural reinforcement, he insists.
Scaling Talent and Integrity
One major issue, according to Sachhin, is that India has brilliant engineers, but cybersecurity requires a hunter’s instinct that you don’t learn from textbooks. “Our scouting goes beyond just cybersecurity graduates because we actively recruit ethical hackers, curious system administrators, and even software developers who naturally think like adversaries. We’ve built an internal ‘Cyber Academy’ that puts promising candidates through intensive bootcamps on SIEM, threat hunting, and incident response using real-world attack simulations, not just theory.”
But here’s the thing about retention in this brutal talent war: money alone doesn’t cut it. People stay when they have purpose, growth opportunities, and recognition. “We’ve created clear career pathways where junior analysts can see themselves progressing to senior threat hunters and eventually SOC architects.”
Furthermore, Sachhin informs that they sponsor certifications, structure mentorship, and make growth tangible. Integrity is absolutely non-negotiable, he emphasizes. “We do rigorous background checks and publicly celebrate ethical behavior. Most importantly, we give our team access to cutting-edge tools and challenging real-world environments where they’re actually defending businesses, not just staring at dashboards. And that intellectual stimulation, that’s what keeps elite talent engaged.”
The Entrepreneurial Pivot
The most defining decision in Sattrix’s journey was taking the company public through the IPO. It was a bold move, reveals Sachhin, adding, “Opening up our financials, operations, and strategy to public scrutiny while taking on fiduciary responsibilities to shareholders.” It was all about making a statement. Many people questioned the decision ‘Why would you go public as a cybersecurity services company in a market skeptical of Indian tech IPOs?’ But Sachhin believed deeply that going public would force them to institutionalize world-class processes, bring in governance discipline, and access capital markets to fuel our aggressive expansion into the Global market.
It was about proving that Indian cybersecurity companies can build transparent, scalable, publicly-traded enterprises that compete globally. That decision defined everything that came after. “The IPO gave us instant credibility with Fortune 500 clients, enabled our ‘1see platform’ development, attracted top-tier talent, and positioned Sattrix as a serious innovator on the global stage.” It was bold, calculated moves; if not playing it safe, it can separate category leaders from participants.
Ensuring an Indian Cyber-secured Global Horizon
Looking across the 2030 horizon, Sachhin says that when he thinks about legacy, he hopes people will look back and say, ‘Sachhin proved India could be the world’s cybersecurity innovation hub, not just its operations center.’ He wants Sattrix and NewEvol, and of course, the upcoming innovations studied in business schools as case studies of how an Ahmedabad-based visionary entrepreneur built a combination of AI and cyber platform that competed with and beat Silicon Valley incumbents.
“Beyond business success, I hope we’ve democratized enterprise-grade security for thousands of mid-market Indian companies who would’ve been sitting ducks otherwise.” On a human level, he wants to have created a cybersecurity talent ecosystem, hundreds of analysts, threat hunters, and security architects trained at Sattrix that have gone on to lead security across industries, elevating India’s entire defense posture. “The real measure of impact for me is whether we’ve fundamentally shifted how the world perceives Indian cybersecurity capabilities from ‘India services cybersecurity’ to ‘India engineers’ cybersecurity intelligence.’ That narrative transformation would be a legacy worth leaving.”