In today’s rapidly evolving digital landscape, cybersecurity leaders face an overwhelming array of challenges, from understanding the implications of Artificial Intelligence (AI) to aligning security strategies with business goals.
To shed light on these pressing issues, we turn to the insights of Niyati Daftary, a passionate cybersecurity professional with over six years of experience securing digital ecosystems across the banking, finance, insurance, government, and energy sectors. Having transitioned from hands-on application security to a consulting and advisory role, she now helps global enterprises strategize their cybersecurity roadmaps.
You can read the complete transcript of the epiosde here >
In a recent podcast episode, Niyati shared her unique perspective on the intersection of AI and security, the complexities of program management, and how organizations can successfully navigate the noise of modern security trends.
The Day-to-Day Life of a Security Analyst
Niyati’s role requires balancing direct client interaction with deep, focused research.
- Working a permanent remote job, she begins her day by addressing client queries and calls across her applicable time zones.
- The second half of her day is dedicated to researching new technologies and fine-tuning approaches based on the challenges clients face.
- She also collaborates in group research communities, focusing on specific pockets like data security or API security, to discuss ideas and map out research plans for the month.
Moving from consulting for individual clients to advising global leaders has allowed Niyati to identify overarching patterns. For instance, she noted that many organizations in the APAC region approach maturity and Managed Security Service Provider (MSSP) support very differently than those in the US, highlighting the need for tailored, region-specific guidance.
AI in Cybersecurity: Hype vs. Reality
Artificial Intelligence dominates current cybersecurity conversations, bringing a mix of legitimate concerns and premature panic. Niyati notes that the industry is currently overestimating the short-term fears surrounding AI, as threat actors have not yet fully leveraged the attack surface and overall enterprise adoption remains measured.
However, organizations are simultaneously underestimating AI’s long-term supportive impact on security.
- Security Operations Centers (SOC) consume a massive portion of cybersecurity budgets due to heavy staffing and technical requirements.
- AI is poised to automate many L1 and L2 SOC tasks, significantly transforming operational efficiency.
- AI coding agents have also demonstrated a profound ability to rapidly identify bugs within legacy codebases, far outpacing manual human review.
Despite these benefits, Chief Information Security Officers (CISOs) remain hesitant to pilot AI for DevSecOps or SOC automation. This reluctance is heavily tied to data security and privacy regulations. Before adoption can scale, organizations must figure out how to define security’s specific remit in AI governance. This includes establishing approved AI inventories and deciding how to implement emerging frameworks like NIST AI RMF or ISO 42001.
The Core Challenge: Program Management Over Tooling
While it is easy to assume that technology choices dominate a CISO’s day, Niyati reveals that most executive inquiries revolve around program management and strategy.
- Cybersecurity leaders are heavily focused on aligning their security roadmaps with overarching business priorities.
- A major hurdle is demonstrating the value of cybersecurity to the board, as many business units still view security as a blocker rather than a value-creation function.
- CISOs frequently seek peer analytics and industry benchmarks to justify their strategies, asking questions like how peers in the BFSI sector are handling AI adoption or post-quantum cryptography.
- When tool-related questions do arise, they are typically driven by a business mandate for cost optimization, leading to inquiries about tool consolidation and standardization.
Why Generative AI Cannot Replace Strategic Advisory?
With the rise of tools like ChatGPT, some clients question the necessity of traditional analyst advisory. However, GenAI tools often provide generic, high-level lists that lack crucial business context.
Niyati explains that human analysts provide multifaceted value that AI cannot replicate:
- Analysts evaluate whether a specific strategy is actually applicable to a client’s unique organizational structure.
- They assess vendor adoption rates and whether an investment aligns with the organization’s existing budget and priorities.
- Analysts apply logical reasoning and years of established expertise to navigate the nuances of enterprise-specific challenges.
Furthermore, reading a research note is only half the battle. Clients often struggle to translate generalized research into actionable board presentations or budget allocations. Through one-on-one inquiries, analysts help leaders read between the lines, and sometimes even advise over-enthusiastic CISOs to stop initiatives that do not align with industry trajectories.
The Roadmap for Aspiring CISOs
For security professionals aiming for the CISO seat, Niyati outlines a strategic career roadmap:
- Start with a Technical Foundation: Gain hands-on experience or a solid overview of major technology stacks, including IAM, infrastructure security, application security, and SOC.
- Understand the Tools: Working directly with security tools helps you understand practical implementation challenges.
- Expand into GRC: Move into the Governance, Risk, and Compliance (GRC) domain to grasp how audits and regulatory requirements shape security.
- Cultivate Leadership: Lead a small team of 5 to 10 people to build your executive presence, roadmap-building skills, and strategic thinking.
- Consider the BISO Stepping Stone: Becoming a Business Information Security Officer (BISO) provides critical business integration insights, making the eventual transition to CISO significantly smoother.
Cutting Through the Noise
In an industry bombarded with buzzwords like post-quantum cryptography and agentic development, Niyati’s top advice for security leaders is to stop stressing over every new trend.
Instead, leaders should focus on fixing existing foundational gaps, remediating known vulnerabilities, and building a baseline of cyber resilience to ensure business continuity. Technology adoption should strictly follow the organization’s core drivers—whether the business aims to be AI-first, cloud-first, or compliance-first. Ultimately, today’s CISO must prioritize optimizing cyber resilience, maintaining an agile strategy, and acting as a trusted, influential partner to the business.
Recommended Resources for Security Leaders
- Gartner’s Library: An extensive encyclopedia for tracking trends across various IT and security practices.
- CISO Edge Podcast: A podcast that effectively challenges existing foundational cybersecurity concepts.
- Risky Business Podcast: A highly recommended weekly show that delivers the latest tech and security news with a humorous, easily understandable approach.
