Hello, CyberTech community. Welcome to part #31 of the CyberTech Top Voice interview series with Conor Sherman, CISO at Sysdig.
In an era where cyberattacks unfold in minutes and AI is redefining both offense and defense, the role of the modern CISO has evolved beyond protection—it’s about prediction, precision, and trust.
As organizations race to secure their cloud environments, few leaders are shaping the future of real-time defense as decisively as Sysdig’s CISO in Residence, who brings over 15 years of experience leading security strategy across fintech, govtech, and SaaS enterprises.
At a time when visibility, velocity, and verifiability define the new security frontier, Sysdig is championing a new model of agentic AI. It includes innovations that transform detection into guided actions, turning intelligence into autonomy. From the open innovation frameworks like Falco and Stratoshark to runtime analytics that power instantaneous response, Sysdig’s approach represents a shift toward transparent, collaborative, and AI-augmented cybersecurity.
In this exclusive interview, we explore how AI is accelerating the tempo of defense, why runtime is emerging as the new battleground for cloud security, and what CISOs must prioritize in 2025 to build resilient, future-ready programs that can keep pace with threats evolving at machine speed.
Here’s the full interview.
Hi, could you please tell us about your role at Sysdig and how you came to join the company?
As a CISO in Residence at Sysdig, I serve as an Executive Security Advisor, where I bridge customer strategy, product design, and trust. I joined to help organizations translate cloud risk into business outcomes and accelerate how security teams operate in real time.
Over the past 15 years, I’ve led security at fintech, govtech, and SaaS organizations like CLEAR, ezCater, and Updater. Today, to dig a bit deeper, I’m focused on the intersection of AI and cybersecurity, where attacks are faster and less predictable than ever. I work to help organizations embrace an “assume breach” mindset, harnessing the power of AI to detect, investigate, and respond to threats in real time.
Cyberattacks today evolve in minutes rather than days. How can organizations redesign their detection and response frameworks to keep pace with this accelerated threat velocity?
Modern threats unfold in minutes, which means defense must happen at machine speed. Teams have to remove friction between detecting an attack and taking action. That requires them to automate what’s known, pre-authorize containment, and measure how quickly they can go from signal to response.
Modern security programs rely on real-time data and autonomous decision-making, shifting from periodic scans to continuous runtime visibility. Organizations that can detect and respond in minutes – not hours or days – are the ones that will stay ahead of their adversaries.
Recommended CyberTech Interview: CyberTech Top Voice: Interview with Tammy Gollotti, SVP Global Marketing at Hitachi Vantara
What role does real-time visibility truly play in preventing escalation?
Real-time visibility is more than telemetry, it’s actionable truth. It gives teams live context across cloud workloads, applications, and code, allowing them to verify intent and contain threats before they spread. Without it, response becomes a postmortem exercise rather than an active defense strategy.
Put simply: You can’t stop what you can’t see, and data from runtime can help you turn awareness into immediate and precise action.
Sysdig emphasizes Agentic AI — AI that goes beyond alerts to guide action. How is this concept different from traditional AI/ML-based detection, and what are some tangible outcomes you’ve seen from teams adopting this approach?
Agentic AI changes the game by turning detection into guided action. Unlike traditional AI that simply flags anomalies, agentic AI can either take action or generate recommendations that help their human counterparts decide what to do next under defined guardrails.
Some teams have already adopted this approach, and they’ve drastically cut response times and freed up time to focus on higher-order tasks. With Sysdig Sage™, for example, customers have cut their mean time to respond by 76%, shrunk their exposure to critical vulnerabilities from days to minutes, and reclaimed more than 80 hours a week previously spent manually triaging risk.
As AI takes on more decision-making in cloud defense, how can security leaders maintain the right balance between automation and human judgment, especially in high-stakes, fast-moving incidents?
I see automation and human judgment as complementary to each other. AI handles predictable, reversible actions at machine speed, while humans focus on ambiguous, high-impact decisions. And transparency is critical here. Teams will trust automation when they understand how and why decisions are made.
By combining the speed of AI with human expertise, organizations can accelerate and scale their security programs while keeping decision-making transparent, reliable, and accountable.
Recommended CyberTech Interview: CyberTech Top Voice: Interview with Angela Cope, Director of Demand Gen at SoftChoice
Sysdig promotes transparency and community-driven innovation in security logic. In an industry often defined by proprietary tools, how does open innovation enhance trust and accelerate response in real-world environments?
Security shouldn’t be an asymmetrical battle. Attackers share tools and techniques, while defenders often work in silos.
Open innovation, through initiatives like Falco and Stratoshark, enables shared standards and transparent rulesets that the global community can test and improve. This collective intelligence equips defenders to evolve detections just as fast as attackers evolve their tactics, creating stronger and more trustworthy tools. Ultimately, collaboration is key to better security outcomes.
Many enterprises focus on securing configurations and APIs, but Sysdig emphasizes runtime insights. Why is runtime the new battleground for cloud security, and how does real-time data change the defensive posture?
Configuration scanning tells you what should be happening, whereas runtime insights shows you what is happening. When it comes to the cloud, where attacks unfold in minutes and some vulnerabilities can only be caught in production, that distinction is everything.
By anchoring organizational defense around runtime security, teams can detect things like misconfigurations, identity abuse, and anomalous activity as they occur. Not only does focusing on what’s actually in use and running help teams cut through the noise and prioritize real risk, but it also enables better-informed decisions when building applications.
One of the biggest challenges in cloud security is decision latency — the delay between detection and containment. What strategies or technologies are proving most effective in reducing that gap?
Reducing decision latency often starts with better context. When users have full visibility across runtime activity and resources, they can link signals to intent and potential attack paths. And with AI, that process can happen exponentially faster.
Our 2025 Cloud-Native Security and Usage Report found that Sysdig customers are detecting threats in under 5 seconds and initiating response actions within 4 minutes. The combination of runtime telemetry, AI-driven reasoning, and automated workflows is helping businesses improve their security outcomes in very tangible ways.
Recommended CyberTech Interview: CyberTech Top Voice Interview Karen Pakes, VP Marketing and Business Development at Salvador Tech
Given the evolving landscape of agentic AI, open frameworks, and runtime analytics, what should CISOs prioritize in 2025 to build resilient and future-ready security programs?
CISOs should prioritize three things: visibility, velocity, and verifiability. That means investing in systems that deliver real-time insights, automating decisions responsibly, and operating transparently so stakeholders can trust what they do.
Security isn’t about buying more tools. It’s about connecting the right tools intelligently and building resilient processes that can adapt as threats evolve.
No single vendor can cover the full cloud security spectrum. How does Sysdig envision partnerships or integrations with other ecosystem players to deliver faster, more unified threat responses?
Cloud systems are dynamic and distributed, and no single tool or platform can do it all. If anyone tells you otherwise, run.
At Sysdig, our partner ecosystem spans from CSPs and SIEMs to SOARs and SCAs, enabling integrations with the tools that teams already use. Furthermore, through tools like Falco and Stratoshark and the Sysdig Open Source Community, we’re fostering a community-driven ecosystem where detections and responses can be shared and improved collectively.
Security is stronger when it’s driven by a collective front, and Sysdig is committed to leading from the frontlines.
Tag a person from the cybersecurity industry whose answers you would like to see here at the CyberTech Top Voice program:
Three people I’ve learned a lot from lately are Walter Haydock on AI risk and governance; Jason Rebholz on AI security; and Stuart Mitchell on AI and hiring.
Recommended CyberTech Interview: CyberTech Top Voice Interview: Eric Schwake, Director of Cybersecurity Strategy at Salt Security
Thank you, Conor Sherman for speaking to us. We look forward to having you again at our Top Voice programs.
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
