CyberTech Top Voice Interview with Doug Kersten, CISO at Appfire

In an era where cyber incidents can halt operations, erase market value, and trigger executive accountability overnight, cybersecurity is rapidly evolving from a technical discipline into a core pillar of enterprise risk management.

Recent attacks—from the MOVEit supply chain breach to the operational disruption at MGM Resorts—have revealed a stark reality: cyber resilience is no longer just the responsibility of IT security teams. It is a business continuity mandate that demands board-level oversight, cross-functional governance, and deeper visibility into the interconnected SaaS ecosystems that power modern enterprises.

As organizations grapple with AI-driven software development risks, identity-layer compromises, and increasingly sophisticated ransomware campaigns targeting cloud collaboration platforms, the role of the Chief Information Security Officer (CISO) is undergoing a fundamental transformation—from operational defender to strategic risk advisor within the C-suite.

In this CyberTech Insights executive interview, hosted by Sudipto Ghosh, we explore how leading security thinkers are reframing cyber resilience as an enterprise-wide discipline. The conversation examines governance frameworks for systemic SaaS risk, the evolving philosophy of Zero Trust, the governance challenges of AI-driven security automation, and how CISOs can align cybersecurity investments with board-level priorities around uptime, revenue protection, and organizational resilience.

Together, these insights reveal a critical shift underway: cybersecurity is no longer about defending infrastructure—it is about generating the intelligence and governance structures that enable enterprises to operate securely in an increasingly volatile digital environment.

Here’s the full interview with Doug Kersten.

After ransomware attacks like MOVEit and MGM disrupted enterprise operations globally, how should boards begin treating cyber resilience as a business continuity mandate rather than an IT security responsibility?

Many organizations still treat security as a technical function rather than a business one. That approach has quickly become outdated. Boards should expect clear visibility into what systems and data exist, who owns them, and how they are protected. Most large-scale disruptions reveal weak visibility, disconnected processes, or poor accountability between teams. Cyber resilience improves when security is embedded into daily operations, including vendor decisions, system changes, and new technology deployments. When ownership and coordination are defined in advance, responses are faster, and the business continuity impact is reduced. Security must operate as part of business continuity, not adjacent to it, and ensure it is business-oriented, not IT-oriented.

Recommended CyberTech Interview: CyberTech Top Voice Interview with Brian Wenngatz, CEO of Xurrent

In light of recent breaches stemming from third-party software dependencies, what governance frameworks should organizations implement to manage systemic risk across increasingly interconnected SaaS ecosystems?

Systemic risk increases when organizations lack clarity about where data lives, who has access to it, and who is responsible for protecting it. Every new tool, vendor, or AI system should go through a coordinated process involving IT, security, legal, and procurement. When teams move forward independently, confusion follows. Organizations that lead in this area maintain an accurate understanding of their environments. They track what systems and data exist, confirm ownership, and define clear rules for access and protection. That level of discipline reduces exposure across interconnected SaaS ecosystems. Governance works when accountability is explicit and consistently applied. ISO frameworks, such as ISO 27001, are especially good governance frameworks for addressing vendor risk.

As AI-generated code has already begun introducing production-level vulnerabilities in enterprise environments, where do you believe the CISO’s accountability begins—and ends—when AI-driven risk enters the software lifecycle?

AI-generated code does not change the fundamentals of secure development. Security must be embedded at every stage of the lifecycle. “Shifting left” remains essential. Integrating security early helps identify vulnerabilities before they become costly issues in production. With AI, small missteps, such as exposing sensitive data or failing to define usage boundaries, can scale quickly. The CISO’s responsibility is to establish guardrails: secure development standards, review processes, and clear expectations for how AI tools are used. Execution remains a shared responsibility across engineering and product teams. Security provides the structure that ensures innovation does not outpace control. While AI may introduce vulnerabilities, it is also very good at remediating vulnerabilities, and with the right rules in place, code can actually become more secure.

Following high-profile identity-layer compromises that allowed attackers to bypass traditional perimeter defenses, is Zero Trust still a technical architecture—or has it evolved into an enterprise-wide risk management philosophy?

Zero Trust requires more than technical implementation. It depends on clarity, verification, and accountability. Organizations need continuous visibility into who has access to what, how that access is granted, and how it is monitored. Identity-layer incidents often reveal gaps in ownership and oversight rather than gaps in tooling. When access governance is embedded into onboarding, role changes, vendor integrations, and routine reviews, Zero Trust becomes part of daily operations. That operational discipline is what makes the model effective. Thinking of it this way, Zero Trust naturally flows into enterprise risk management and acts as another tool in the toolshed.

Recommended CyberTech Interview: CyberTech Top Voice Interview with John Marshall, CEO at Userful

With ransomware groups now targeting enterprise collaboration platforms and workflow applications, how should CISOs reframe cloud-native security investments to align with board-level risk tolerance and revenue protection goals?

Collaboration and workflow platforms are central to daily operations, meaning that disruption directly affects productivity and revenue. With this in mind, cloud security investments should focus on visibility, strong reporting channels, and containment capabilities. The harder it is to report a potential breach, the slower the response becomes. Once reported, effective containment reduces exposure and limits the blast radius. Reducing impact requires practiced response processes and clear escalation paths. Boards understand operational continuity and the importance of focusing on cloud security. They are willing to invest in strong cloud native tools, and the trend is moving that way aggressively. Framing security investments in terms of maintaining uptime and protecting trust aligns technical controls with business outcomes.

As cyber incidents increasingly lead to executive accountability and reputational fallout, how is the modern CISO role evolving from operational defender to strategic risk advisor within the C-suite?

Security cannot function as a siloed technical discipline. In today’s technical landscape, it must operate as a business function. The modern CISO helps the organization understand where risk exists, who owns it, and how decisions are made around it. Many incidents begin when teams move forward with new tools or changes without coordination. Preventing that requires alignment before deployment, not just response afterward. As security becomes embedded into daily operations, the CISO plays a central role in reinforcing clarity, accountability, and cross-functional coordination at the executive level. AI drives this even further. If a CISO continues to focus exclusively on operations, they will be surprised when AI quickly moves into that space and jeopardizes their job. Becoming a strategic risk advisor is somewhere a CISO must go; it is not a choice.

With AI-driven threat detection platforms now making real-time risk decisions, what governance models must enterprises implement to ensure automation does not outpace executive accountability?

AI and automation are already improving response times, but they remain a moving target; governance must evolve alongside them. A practical model used to be to allow analysts to review and approve AI-recommended actions before expanding automation. However, as the underlying AI architecture is becoming aggressively automated, the right solution is a strong focus on AI governance. If a CISO is not bringing AI Governance under its oversight, the CISO may see its security role absorbed by other parts of the organization. It’s critical to treat aspects of AI like a human team member. Without that mindset, you will end up with gaps in your security model and potentially allow AI to run amok.

Recommended CyberTech Interview: CyberTech Top Voice Interview with Bobby Ford, Chief Strategy & Experience Officer at Doppel

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com