I've dealt with Indian companies for security sales and I'd say the newer generation of companies like Razorpay (YC W15) are decent at SecOps, but the older and more established companies suck at it and will continue to suck at it until there is a tangible regulatory incentive to enhance security postures.

It also appears to be a side effect of compensation - why would mid-career security professional want to earn ₹15 LPA TC working for a legacy corporation if they have the skills to land at a security MNC that can afford to pay ₹35-50 LPA in TC.

Ofc, it's us foreign investors who are able to afford those higher TCs ;) - especially if we can convert someone who was mid-career in the US but had to return to India due to family or visa issues.

It reminds me of how the Israeli security scene was 10-15 years ago, with similar problems around compensation and brain drain to MNC offices.