ClearTech Loop: In the Know, On the Move

Fernando Montenegro: Cybersecurity is a Social System

March 3, 2026
Fernando Montenegro Security is a System

Download Transcript (pdf)

Episode Summary

In this episode of the ClearTech Loop podcast, Jo Peterson sits down with Fernando Montenegro, Vice President and Practice Lead, Cybersecurity at The Futurum Group, to talk about what the CISO role looks like right now as generative AI spreads across the enterprise.  

This is not a conversation about adding another security feature. It is about how AI exposes the social structure of an organization: incentives, accountability, influence, and how decisions actually get made.  

Fernando’s core theme is simple: if security shows up late, security becomes the friction everyone blames. If security shows up early with fluency and empathy, security can help shape the rules of the road while the organization is still willing to align.   

“You solve all of this at the design stage, at the initiation stage, not down the line when people want to release the production.”  

— Fernando Montenegro

Three Big Questions

1. How can cybersecurity professionals leverage generative AI to break out of a tools and tech mindset? 

Fernando’s hot take is blunt: “They have to jump into the pool.”  

The point is not rushing AI into mission critical systems. The point is using it enough to understand what it can and cannot do so security leaders can guide decisions credibly, and partner earlier instead of policing at the end.  

2. How do organizations embed security and privacy controls into AI model development without slowing innovation? 

Fernando is equally direct about timing. Security has to show up at initiation and design, not at the release gate. 

“You solve all of this at the design stage, at the initiation stage, not down the line when people want to release the production.”  

This is where the practical work lives: clear data boundaries, clarity on model and vendor choices, lightweight threat modeling early, and a paved path teams can reuse so every AI initiative does not become a brand new policy argument.  

3. How should CISOs think about balancing emerging threats with governance and organizational trust? 

Fernando reframes the question. For modern CISOs, the job is not choosing one side. It is coordinating multiple stakeholders at the same time and keeping trust intact while decisions move faster. 

The capability he calls out is translation: “They are the translator of security issues to non security decision makers.”  

And Jo underlines the reality of what the role has become: “The job is more collaborative. Now, the job is more consultative now.”  

“They are the translator of security issues to non security decision makers.” 

— Fernando Montenegro

What You Will Learn

  • Why AI adoption turns security into an organizational behavior problem, not a tooling problem  
  • Why security credibility comes from fluency and early engagement, not last mile control  
  • How to reduce friction by building a reusable paved path for AI initiatives  
  • How the CISO role becomes a bridge role across executives, legal, engineering, vendors, and regulators  

“The job is more collaborative. Now, the job is more consultative now.”  

— Fernando Montenegro

About the Guest | Fernando Montenegro

Fernando Montenegro is Vice President and Practice Lead, Cybersecurity at The Futurum Group. He is a security technologist with deep experience in cloud security and enterprise security programs, known for analyzing security issues through an economics lens.  

Additional Resources

Listen • Watch • Subscribe