CIO Voices

Insights from Harvey Nash CIO Voices Cybersecurity isn’t just a technical concern anymore. It’s a leadership challenge, a business enabler, and, frankly, a nightly stressor for many executives. Harvey Nash’s CIO Voices, our monthly spotlight series, brings together tech leaders shaping the digital future, and this month we delve into what truly means to lead in the age of cyber threats. But first, a thank you to our contributors - Chris Logan VP Information Security at DCU - Digital Federal Credit Union, Darren Remblence CISO at 8x8, Sammy Basu CISO at Careful Security, Roberto Galdamez CISO at Kovack Financial Network, and Roberto Rubiano CISO at Osigu. Their candid insights highlight how leaders are navigating risk, embracing AI, and turning cybersecurity from a checkbox into a strategic advantage. So, what does cybersecurity as a leadership imperative really look like? Let’s unpack it. What Keeps Board Up at Night: Evolving Threats and Boardroom Concerns Let’s start with the obvious: what keeps tech leaders awake at night? For Roberto Galdamez, it’s the rise of AI-driven threats and a constantly evolving regulatory landscape. “Compliance is a given,” he notes, “but what truly matters to the board are resilience, trust, and reputation.” Meanwhile, Roberto Rubiano offers a surprising perspective: he sleeps well because he accepts what he can’t control. “I can only manage the risk and communicate what’s critical to C-level management,” he says. This isn’t complacency, it’s clarity. Rubiano also warns about the risks of developers using AI tools to generate code - by-coding practices. These innovations offer speed but carry hidden risks, demanding ongoing awareness and vigilance. Sammy Basu echoes a nuanced point “Cybersecurity is an evolving puzzle. Endpoint security, firewalls, compliance certifications are essential, but their effectiveness depends on ongoing assessment and evaluation.” Here’s the thing: cybersecurity today is like steering a ship through unpredictable waters. You can’t control the waves, but with the right preparations, you can navigate safely. Moving Beyond Compliance: Cybersecurity as a Strategic Business Driver Traditionally, cybersecurity was seen as a “tick-box” exercise mainly to satisfy ISO certifications, audit reports, compliance checklists. Today, leaders like Darren Remblence and Chris Logan insist that it must go deeper. “It’s about embedding cybersecurity into business strategy,” Darren says, emphasizing that risk management and regulatory compliance can also enable growth. Rubiano provides a tangible example: when explaining ransomware risk to the board, he translates technical threats into financial terms. “If a ransomware attack could cost $3 million, spending $500,000 on prevention becomes an easy conversation,” he explains. It’s simple, relatable, and effective; suddenly cybersecurity is not a cost center, but a strategic investment. Similarly, Sammy Basu highlights a holistic approach. Compliance isn’t an end in itself; it’s a lever to drive operational discipline, client trust, and growth. The takeaway? Cybersecurity becomes a business differentiator when leaders speak in the language that boards understand. The Art of Communication: Speaking Cyber in Business Let’s be honest, technical jargon rarely resonates with non-technical executives. That’s why clear communication is critical. Roberto Galdamez avoids referencing technical terms like common vulnerabilities and exposures (CVEs) or endpoint detection and response (EDR) alerts when speaking with the C-suite. Instead, he talks about financial penalties, downtime costs, and reputational impact. Rubiano takes a similar approach, relying on business impact analysis. “If you get too technical, you lose them. Talk in terms they understand,” he says. Chris Logan adds another layer: contextual storytelling. By sharing real-world incidents, like breaches in similar companies, he makes risks tangible and relatable. Leaders can more clearly visualize the impact of lost clients, interrupted operations, damaged reputation. Here’s the subtle emotional cue: trust is built not through fear, but clarity. You don’t need to terrify your board with the infinite ways things can go wrong. You need them to see the stakes and act decisively. AI: The Double-Edged Sword in Cyber Defense AI is a game-changer for both attackers and defenders. Leaders across our discussions highlighted its dual role. Roberto Rubiano is particularly cautious about “by-coding” practices, emphasizing data-level protection as the most critical priority. “Identity and threat detection matter, yes, but if the data itself is exposed, no layer of perimeter defense is enough.” Meanwhile, Roberto Galdamez explains that AI helps defenders too. “AI-driven analytics for anomaly detection and insider risk are embedded in a defense-in-depth model,” he says. Identity is now the new perimeter, and AI can help monitor it efficiently. Sammy Basu offers practical guidance, “Enforce policies at the browser or endpoint level, train employees on AI usage, and ensure corporate accounts are used for company-sensitive data. Without these, even the best AI tools can be a vulnerability.” Here’s the thing, you can build higher walls, but the real defense is protecting what’s inside the vault. Data-level awareness, identity safeguards, and human training together form the best line for defense. Investing in Resilience: Priorities for the Year Ahead So where are leaders actually investing? The consensus is clear: visibility, identity management and secure development practices. Rubiano is laser-focused on observability at the product level. Tools for static and dynamic analysis, secure SDLC practices, and vendor collaboration are critical. “If you can measure it, you can manage it,” he says. Basu, Remblence, and Logan emphasize continuous monitoring and proactive defenses, whether that’s endpoint security, AI oversight, or supply chain risk management. Vendor accountability is also a priority. “Outsourcing doesn’t mean outsourcing responsibility,” Galdamez notes, recalling the SolarWinds incident as a cautionary tale. In short, resilience isn’t about buying the latest tool. It’s about integrated strategy, multi-layered defenses, and trusted partnerships. Leadership Under Fire: Learning from Real-World Experience Theory is one thing; practice is another. Rubiano shares a striking anecdote from a past logistics project where management wanted cheaper, less secure ID cards, but through proactive controls and validations, his team mitigated risk without halting operations. Basu tells similar stories, proactive monitoring and full-service support often prevent incidents before they happen. These examples highlight a subtle truth: cybersecurity leadership often means making calculated trade-offs under real constraints. Budget, operations, and risk tolerance all play a role. Chris Logan notes “Leadership under fire requires balancing innovation with protection. It’s a delicate dance, but the best leaders know that perfect security is a myth, strategic preparation and continuous improvement are the real defenses.” The Evolving Imperative Today’s cybersecurity leaders must blend strategy, communication, technology, and human judgment. As AI-driven threats and vendor dependencies grow, leaders like Logan, Remblence, Basu, Galdamez, and Rubiano demonstrate that the role of a tech executive has never been more dynamic or more critical. Thank you again to all our contributors for sharing insights that are as practical as they are inspiring. Next month, we’ll explore “Building Resilient Tech Teams in Hybrid Work.” Because in today’s world, resilience isn’t just about systems and data, it’s about the people who power them. Stay tuned.

The AI Wave in IT Leadership This month feature of Harvey Nash’s CIO Voices, a series where we spotlight the perspectives of technology leaders shaping the digital future. CIOs, CTOs, and senior decision-makers bring their unfiltered views to the table perspectives forged in real boardrooms, data centers, and innovation labs. This month, our focus is on a topic that has dominated board agendas and coffee-break conversations alike: Artificial Intelligence in IT Strategy. Three leaders we connected with, Steven Wolk (CTO, PC Richardson & Son), Ramesh Lekshmynarayanan (Managing Partner, Green Catapult), and David Williamson (ex CIO, Abzena) joined this conversation, and each offered thoughtful reflections that go far beyond hype. Their experiences highlight both the possibilities and paradoxes of AI adoption. And honestly, if you’ve ever wondered whether AI is really transforming IT or simply creating more noise, their insights will resonate. Let’s step inside their world and unpack how AI is reshaping IT strategy. AI as the New Interwoven Thread One of the strongest themes that emerged is that AI is no longer viewed as a “bolt-on” technology. It is becoming a central component of IT strategy. Steven put it plainly: “AI is woven into everything we’re doing, from customer interactions to operational processes. It’s not an add-on, it’s a lens we look through when we think about strategy.” Instead of asking where AI can be applied, organizations are beginning to ask how AI should influence the way they define and approach problems. That marks a clear shift in mindset. Ramesh echoed this perspective, noting that “AI isn’t just a tool we deploy; it’s becoming part of our organizational DNA.” His point underscores that AI has moved beyond experimentation into core operations. David added another angle: “AI is changing how we think about efficiency and scale,” he shared. For him, the focus is on reducing the pressure on IT as a cost center and repositioning it as a driver of capability. Here’s the reality: Tech leaders who still treat AI as a side project risk falling behind. The organizations that integrate AI into their strategies as a foundational capability are the ones best positioned to compete. Unlocking New Value Of course, strategy isn’t just about and philosophy. At some point, boards and executives will ask: Where’s the value? Steven didn’t hesitate on that front: “AI allows us to automate repetitive tasks and enhance decision-making. It’s about freeing up our people to focus on higher-value work.” Efficiency is the most immediate, tangible win. But Ramesh framed value differently. “AI’s real power lies in creating personalized customer experiences at scale.” That’s not about saving money that’s about making money. It’s about shifting from reactive IT to proactive growth. David struck a middle ground, describing how “Predictive capabilities allow IT to be proactive rather than reactive.” That shift is significant. While IT has long carried the weight of keeping systems running and resolving issues, AI opens the door to something different, anticipating challenges before they surface and steering the organization ahead of disruption. Now, here’s the contradiction: some leaders push AI for efficiency, others for innovation. Both are true, and both can co-exist. It depends on the lens you choose. Imagine AI like a Swiss Army knife. For some, the value is in the corkscrew (customer personalization). For others, it’s the blade (cost efficiency). The key is knowing which tool matters most to your organization and when. The Paradox of Risk Opportunity never comes without risk, and the leaders didn’t shy away from naming the obstacles. Steven zeroed in on governance: “The challenge is not just deploying AI but making sure it’s trusted from data ethics to decision transparency.” AI without trust is like medicine without regulation: powerful but dangerous. Ramesh offered a different tension. “We want to move quickly, but we also need to ensure responsible use. That balance is hard to strike.” This is the paradox CIOs feel most acutely the pressure to sprint ahead while knowing the ground isn’t fully stable. David highlighted the organizational side: “The biggest challenge isn’t the tech itself, it’s the skills gap and whether the organization is ready.” That’s a reminder that tools are only as strong as the hands that use them. Here’s the contradiction worth noting: AI feels both inevitable and unready. Everyone knows it’s the future, but no one feels completely prepared. And maybe that’s okay. The reality with disruptive technology is that it rarely arrives with a neat instruction manual, you learn by doing. People at the Center For all the talk about machines, the conversation consistently came back to people. David reminded us of the importance of change management and communication: “The biggest challenge would be change management and clear communication on the ‘why’ matters more than the tech itself.” It’s not the algorithm that wins trust; it’s the story leaders tell about why it matters. Change management and people management aren’t side tasks, they are the real work of adoption. Steven emphasized augmentation: “AI should be an augmenter, not a replacement. The goal is to give our people superpowers, not take away their purpose.” That word, superpowers, it captures the emotional heartbeat of AI adoption. Ramesh grounded his response in culture: “We’re investing heavily in re-skilling and making sure the culture is ready to embrace AI.” Technology may be fast, but culture is slow. And if CIOs don’t lead the cultural shift, the tools will outpace the people. This people-first reality is also echoed in the Digital Leadership Report. Despite AI’s rapid spread, more than half of organizations are not yet upskilling their teams on generative AI. The ones making targeted investments in AI literacy and re-skilling are reporting smoother adoption and faster ROI, proof that culture and capability are just as critical as code. So, the big question for every CIO is: Are you preparing your people to drive smarter, or are you hoping the car will just drive itself? The Road Ahead Looking forward, the leaders painted a vision of AI not as a shiny gadget but as a long-term mindset. Ramesh offered a bigger-picture take: “We’re looking at an industry-wide redefinition of IT leadership itself.” That’s not just about AI, but about what it means to be a CIO in an AI-first world. It’s about evolving from technologist to strategist, from enabler to innovator. Steven’s perspective: “AI will be a seamless part of IT’s Strategy. We won’t even talk about it as a separate thing anymore.” In other words, the best AI will be invisible, like the plumbing in your house. You only notice it when it breaks. David tied it all back to business value: “AI will shift IT from being seen as a support function to being recognized as a strategic growth engine.” That’s the kind of reframing that gets CEOs to sit up and listen. Honestly, if there’s one thread running through all these visions, it’s this: AI is less about tools and more about philosophy. It’s not what we use, but how we think. And maybe that’s the ultimate marker of maturity. When you stop asking, Should we use AI?, and start asking, What would we be without it?, you’ve crossed the line from experimentation to inevitability. Navigating with Purpose AI is no longer the future of IT strategy, it’s the present. But it’s a present wrapped in contradictions: efficient yet risky, empowering yet unsettling, inevitable yet unready. If there’s one throughline between the insights shared here and the findings of the Digital Leadership Report, it’s this: AI is moving from experimentation to enterprise-wide productivity. Leaders who treat AI as a strategic enabler embedding it into workflows, aligning it with business outcomes, and preparing people to embrace it are already pulling ahead. What unites the perspectives of Steven, Ramesh, and David is a recognition that AI isn’t just about systems. It’s about people, culture, trust, and the courage to lead amid uncertainty. Let’s thank them for their contributions. Thought leadership isn’t just about having the answers; it’s about being willing to share the messy middle the experiments, the challenges, the risks. These CIOs did exactly that. A note to our readers: reflect for a moment. What role do you want AI to play in your IT strategy? Are you treating it like a side project, or are you ready to make it part of your DNA? Stay tuned — next month’s CIO Voices will dive into another pressing theme: Cybersecurity. If AI is the fuel of modern IT, then cybersecurity is the guardrail keeping us on the road. You won’t want to miss it.