=’18211623′ player=’true’]true’]

Download Transcript (pdf)

Episode Summary: Air Traffic Control for AI Security 

For years, CISOs were told to guard the perimeter. Lock down the castle, secure the gates, and keep the bad actors out. That mental model does not work in an AI driven, cloud first world. 

In this ClearTech Loop episode, Jo talks with Deputy CISO Aby Rao about what AI security really looks like when there is no fixed boundary. Aby argues that security leaders need a new mindset. CISOs are no longer castle guards. They are air traffic controllers operating across multiple domains, managing continuous movement, and coordinating risk in real time.  

Together they dig into AI literacy gaps, how to embed responsible AI into development without stalling innovation, and why the modern CISO has to serve as a bridge between fast moving product teams and the governance functions that keep the enterprise out of trouble. 

Three Big Questions for CISOs 

1) How can cybersecurity teams use AI to break out of old tool mindsets and drive real innovation? 

Aby sees this as an inflection point. With no code and low code options, cybersecurity professionals can now build their own systems, workflows, and even identity solutions without writing traditional code. They can design agent driven processes that run on their own data and requirements instead of waiting on vendors and heavy licensing cycles. The upside is freedom. The tradeoff is long term ownership, including maintenance through changing staff and priorities.  

2) How do you embed security and privacy into AI without slowing everything down? 

Before bolting in controls, Aby insists on a more basic question. Do you have the right skills and literacy on the team. If not, you have to reskill before you can credibly claim security by design. If you do, the move is to get security and privacy into the lifecycle early, working side by side with product development so that security by design and privacy by design are real, not slogans. In AI this also includes fairness, transparency, explainability, and safety, all under the broader umbrella of responsible AI. 

3) What is the CISO’s role in bridging AI innovation and governance. 

Aby describes the CISO as a liaison between two camps. On one side are developers, product teams, and data teams. On the other side are legal, privacy, ethics, safety, and audit. The job is to understand the threat landscape in depth, then translate what is happening in development into risk that governance teams can act on. That requires operating across first, second, and third lines of defense and accepting that the title CISO often expands into a broader CIXO role as responsibilities grow. 

What You Will Learn

• How no code and low code tools are changing what security teams can build for themselves 

• Why AI development is outpacing AI literacy and what that means for cyber programs 

• How to make security by design and privacy by design real inside AI projects 

• Why responsible AI must include fairness, transparency, and explainability, not only security and privacy 

• How to think like an air traffic controller instead of a perimeter guard 

• What it means for CISOs to act as a bridge between development and governance, including second and third line functions 

About the Guest: Aby Rao

Aby Rao is a cybersecurity and AI security leader with nearly twenty years of experience across cloud, identity, and responsible AI. As a Deputy CISO, he oversees programs that span identity, operational security, and governance. 

He is a CISOs Connect DC100 honoree, serves on advisory councils for Duke University and AKYLADE, and reviews Trusted AI coursework for the Cloud Security Alliance and Northeastern University. His work focuses on AI security, model governance, and helping organizations turn frameworks such as the NIST AI Risk Management Framework into operational practice.  

Closing Thoughts: Managing the Sky, Not the Walls

AI has erased the comfort of clear boundaries. There is no neat perimeter to defend, only a shifting sky full of APIs, agents, and new threat vectors. The CISOs who will succeed in this environment are the ones who accept the air traffic controller role and lean into it. 

That means investing in AI literacy, embedding responsible AI into the development lifecycle, and taking seriously the bridge role between builders and governors. Security cannot be the gate at the end of the process anymore. It has to be part of the design of the entire airspace. 

See you in the Loop. 

Additional Resources 

• NIST AI Risk Management Framework: https://www.nist.gov/itl/ai-risk-management-framework  

• CSA Trusted AI Course Materials: https://cloudsecurityalliance.org/education 

•  “Pack a Room Full of Governors” https://www.linkedin.com/posts/abyrao_pack-a-room-full-of-governors-standing-activity-7401658932416528384-PFxH/ 

• Previous Episode: AI Safety with Dutch Schwartz: https://cleartechresearch.com/bumpers-not-brakes/  

Key Quotes 

“We have to break out of this castle guard mindset, yeah, and think of us as air traffic controllers, because there is no perimeter anymore.” — Aby Rao  

“Unless you’re a really big company and maybe you have a risk officer… you, as the CISO, become the risk officer.” – Jo Peterson 

“The pace at which AI development is taking place, it has outgrown AI literacy and AI education.” — Aby Rao  

H2 Listen · Watch · Subscribe 

Listen to the full episode ADD LINK 
Watch on YouTube ADD LINK  
Subscribe to ClearTech Loop on LinkedIn https://www.linkedin.com/newsletters/7346174860760416256/ 

See you in the Loop. 
– Jo 

Listen · Watch · Subscribe 

🎧 Listen to the full episode on the player above
📺 Watch on YouTube
📰 Subscribe to ClearTech Loop for more straight-talk from the CISO front lines

See you in the Loop — Jo