In at present’s quickly evolving risk panorama, runtime safety has turn into a crucial frontier in cloud-native protection. To assist speed up innovation on this area, Upwind has appointed veteran cybersecurity chief Rinki Sethi as its new Chief Safety Officer. With a confirmed observe file at organizations like Twitter, IBM, and Rubrik, Rinki brings deep experience in constructing scalable, resilient safety applications for a few of the world’s most advanced digital environments.
On this dialog with CloudTweaks, Rinki discusses her resolution to hitch Upwind, the corporate’s daring imaginative and prescient for remodeling runtime safety, and the challenges and alternatives she sees shaping the way forward for cybersecurity. From empowering DevSecOps groups with real-time visibility to redefining risk response on the infrastructure layer, her insights mirror each strategic foresight and a realistic method to securing fashionable cloud environments.
You’ve held senior safety roles at main organizations like Twitter, Palo Alto Networks, and Walmart. What are some key classes from these experiences that you simply’re bringing into your function as CSO at Upwind?
Having led safety at a few of the largest organizations on the earth, I perceive the true, day-to-day challenges safety groups face, from managing cloud environments to responding to quickly evolving threats with restricted assets. A key lesson I’ve discovered is that safety instruments have to be each highly effective and straightforward to make use of. In the event that they don’t combine easily into workflows, they received’t get used.
After 20 years as a buyer of a few of the most progressive cybersecurity corporations, I do know what nice merchandise appear to be – and what gaps nonetheless exist. At Upwind, I’m excited to deliver that perspective into the product growth course of. I’m thrilled to hitch a crew that’s dedicated to constructing a world-class product that dominates the market.
Having labored on each the practitioner and board ranges, how does this twin perspective affect your method to cybersecurity management?
Having been a practitioner (reporting to the board) and being on each personal and public boards, I’ve developed a well-rounded perspective on cybersecurity management. Being part of board-level discussions gave me a broader enterprise lens, serving to me turn into a simpler safety chief by studying the best way to body safety dangers in phrases that matter to the enterprise.
On the flipside, bringing cybersecurity experience to the boardroom has helped me information board members in understanding how to consider safety – what inquiries to ask, what good safety appears like, and the best way to prioritize danger. That have has influenced how I lead my groups, significantly relating to speaking with executives and boards. I concentrate on ensuring we’re not simply technically correct, but additionally clear, concise, and aligned with enterprise priorities.
What challenges have you ever confronted in constructing and scaling safety applications at massive enterprises, and the way do you see these challenges evolving in at present’s cloud-first atmosphere?
Scaling safety has all the time meant combating fragmentation of groups, instruments, and priorities. In massive enterprises, that fragmentation is already important, however in a cloud-first atmosphere, it multiplies. Completely different groups could also be deploying throughout totally different environments utilizing totally different tooling, which makes sustaining a cohesive safety posture more and more tough.
The problem at present is now not nearly visibility. Now, it’s about reducing via the noise. Safety groups are drowning in alerts, and the true danger is getting misplaced within the quantity they obtain. To maintain up, we have to shift from static, control-based fashions to dynamic, runtime-driven approaches that may function on the velocity and scale of the cloud.
As a longtime advocate for ladies in cybersecurity, what progress have you ever seen, and what nonetheless must be performed to encourage extra range and inclusion within the area?
We’ve made actual progress. There’s extra visibility, neighborhood, and help for ladies in cybersecurity than ever earlier than. Increasingly ladies have been inspired to enter the sector and felt a way of belonging as soon as they’re in it.
However whereas entry-level illustration has improved, it nonetheless thins out on the management degree. That’s the place we have to focus our power subsequent. It’s not nearly constructing pipelines – it’s about constructing pathways. This implies creating buildings that help profession development, in addition to difficult the assumptions and biases – each systemic and unstated – that stop range from translating into fairness.
How has your background in data safety engineering formed your views on the talents and mindset wanted for future safety professionals?
Beginning out as an engineer gave me a deep respect for the complexity of real-world programs. I discovered that nothing is as clear because the structure diagram, and that safety has to account for the way programs truly behave, not how we want they might. This taught me that safety isn’t about chasing perfection: it’s about constructing resilient programs that may fail gracefully.
My background has additionally formed how I take into consideration expertise. I’ve discovered to worth curiosity over credentials and creativity over checklists. The very best safety professionals I’ve labored with aren’t essentially those with essentially the most certifications – they’re those who ask the suitable questions, discover edge circumstances, and suppose each like builders and breakers. As safety grows extra advanced, the flexibility to collaborate throughout disciplines and remedy issues at scale will turn into more and more helpful.
What rising cybersecurity developments are you most enthusiastic about, and which do you suppose organizations must be paying extra consideration to?
I’m most excited in regards to the shift towards runtime safety and attacker-centric protection. Probably the most significant innovation at present is occurring on the level of execution – inside workloads, id programs, and information flows – the place assaults truly unfold, not simply the place we assume they could.
What makes this shift so highly effective is that it permits us to detect malicious habits because it’s occurring, and to cease threats earlier than they flip into incidents. As an alternative of relying solely on static controls or chasing each single theoretical vulnerability, we are able to use real-time information to concentrate on precise habits and intent.
This isn’t nearly quicker response time – it’s about stopping issues earlier than they escalate. By grounding safety in runtime context and attacker habits, we achieve the precision and velocity wanted to behave earlier than danger turns into injury. That’s the place I see the way forward for efficient safety heading, and the place I believe extra organizations must be centered.
How do you envision the function of runtime safety evolving within the subsequent few years as cloud environments turn into extra advanced?
Runtime safety will turn into the muse of contemporary safety applications, not only a complement. As cloud environments develop extra advanced, with more and more ephemeral, AI-driven, and agentic workloads, conventional pre-runtime controls received’t scale. Static scanning and predefined insurance policies can’t sustain with programs which can be consistently altering, auto-generating code, or making autonomous selections.
On this panorama, safety will must be embedded instantly into the runtime atmosphere: contextual, steady, and real-time. It received’t be sufficient to research dangers after deployment – they have to be noticed, detected, and responded to as programs run.
With cloud-native architectures quickly rising, what are the largest safety gaps you see that corporations typically overlook?
A key safety hole is the disconnect between what’s deployed and what’s truly working. Many corporations concentrate on securing configurations however lack real-time visibility into execution paths, privileged actions, and lateral motion. Attackers exploit this blind spot, shifting undetected inside environments. Closing this hole requires shifting from static configuration administration to steady, real-time habits monitoring that detects threats as they occur.
How do you suppose developments in AI and automation will affect cybersecurity methods and protection mechanisms going ahead?
Firms should rethink their cybersecurity applications to leverage totally AI’s potential to drive each effectiveness and productiveness. People who fail to take action will completely fall behind. AI represents each a problem and a chance in cybersecurity.
On the one hand, attackers are already utilizing AI to scale refined social engineering campaigns and evade conventional defenses, making threats extra advanced and more durable to detect. Alternatively, defenders can use AI to sort out key ache factors resembling alert fatigue by automating triage and prioritization, simulating superior threats to enhance readiness, and rushing up incident response. Harnessing AI successfully will probably be foundational for constructing resilient, adaptive protection mechanisms that may cope with rising threats.
What recommendation would you give safety leaders who’re making ready their groups for the quickly altering risk panorama and know-how improvements?
To arrange their groups for the quickly altering risk panorama and fixed know-how innovation, they have to prioritize adaptability over rigidity. The tempo of change within the cybersecurity area implies that no fastened method will keep related for lengthy.
Constructing groups that may study shortly, pivot in response to new threats, and experiment with new concepts is crucial. Encouraging a tradition of curiosity and adaptability is crucial as a way to keep forward. It’s equally necessary to spend money on ongoing coaching for innovation and collaboration – as a result of the threats of tomorrow received’t look ahead to us to catch up.
By Randy Ferguson
