Interview with Kunal Andhale, Sr. Manager – Infrastructure Security & Automation

This interview is with Kunal Andhale, Sr. Manager – Infrastructure Security & Automation.

Can you tell us about your background and how you became an expert in cybersecurity and AI?

My path into cybersecurity started long before it became my career. Early in life, a family member entered this field and shared real-life implications of cyber threats. It was the first time I saw how cybersecurity isn’t just about technology; it’s about trust, dignity, and protecting people. That moment shaped my entire professional direction.

I started as a Systems Administrator but found myself gravitating toward security engineering and risk management. There was something compelling about the intersection of building things and protecting them. I pursued my CISSP while working on large-scale cybersecurity programs, focusing on:

• Hardening infrastructure
• Improving vulnerability remediation
• Reducing operational friction that gets in the way of secure development

Over the years, my work centered on one challenge: how do you secure systems at enterprise scale without slowing innovation or overwhelming teams? That led me into secure automation, vulnerability lifecycle management, and governance frameworks for highly regulated environments.

Today, I work at a global financial technology leader, leading an engineering team that builds secure-by-design capabilities. My work spans:

• Vulnerability management
• Secure infrastructure automation
• Patch governance
• Building generative AI solutions
• Operational resilience across cloud and containerized environments

It’s high-stakes work, but meaningful because the systems we protect directly impact people’s financial lives. As threats evolved, scale became one of the biggest challenges in cybersecurity, and that’s where AI enters my work. I see it as a force multiplier that helps us detect, analyze, and remediate risks faster, especially in large environments where manual approaches can’t keep pace.

Beyond my day job, service to the cybersecurity community matters to me. I volunteer with ISC² as a scholarship judge, supporting emerging talent, especially those without a clear path into the field. One of my contributions there was helping an NGO develop its first vulnerability disclosure policy, giving them a structured, safe way to receive and act on security findings from researchers. It felt good to help an organization operating in a difficult environment build that kind of foundational security posture.

My mission stays consistent: make cybersecurity accessible, scalable, and impactful so individuals, organizations, and communities can operate with confidence in an increasingly digital world.

What inspired you to pursue a career at the intersection of technology, leadership, and security?

What drew me to the intersection of technology, leadership, and security was realizing that cybersecurity is ultimately about trust, and trust requires more than technical solutions. It requires people, accountability, and leadership that understands both the human and technical dimensions of risk.

Early in my career, I loved building things: writing code, solving engineering problems, and experimenting with new technologies. But a defining moment shifted my focus. A family member started in this field and shared an event surrounding a financial security breach. I learned how a simple lack of safeguards had real emotional and financial consequences. That experience changed how I saw technology. It wasn’t just innovation; it was responsibility.

As I moved deeper into cybersecurity, I realized something important: technology alone can’t solve security problems. You need leadership that can influence culture, build systems responsibly, and make security a shared priority rather than a technical afterthought. Stepping into leadership roles allowed me to take that philosophy further by empowering teams, shaping strategy, and building secure systems at scale.

Today, my work isn’t only about solving technical challenges; it’s about creating clarity, reducing complexity, enabling teams, and ensuring security becomes part of how organizations operate, not a barrier. Along the way, mentorship and community work became part of that mission. Serving as an ISC² scholarship judge and volunteering with CyberPeace Builders, including helping an NGO create its first vulnerability disclosure policy, reminded me that leadership isn’t positional. It’s about using your experience to elevate others and strengthen the broader security ecosystem.

For me, the intersection of technology, leadership, and security isn’t accidental; it’s where impact happens. It’s where innovation meets accountability, and where we ensure technology makes people’s lives safer, not more vulnerable.

Based on your experience, how has the integration of AI in cybersecurity changed the landscape of threat detection and response?

AI has fundamentally changed the speed, scale, and intelligence of cybersecurity. Traditionally, threat detection and response relied heavily on rule-based systems, manual analysis, and human interpretation of logs and alerts. That worked when environments were smaller and attacks were predictable. But today’s threats are adaptive, faster, and increasingly automated; and legacy approaches simply can’t keep pace.

What AI brings to cybersecurity is the ability to analyze massive volumes of data, logs, telemetry, network traffic, and endpoint signals, detecting patterns that would be nearly impossible for a human analyst to identify in real-time. Instead of just matching known signatures, AI models can learn behaviors, spot anomalies, and flag subtle deviations that may indicate zero-days, insider threats, or emerging attack patterns.

On the response side, AI has changed the game even more. Instead of reactive, human-paced remediation, we now have systems capable of prioritizing vulnerabilities based on real exploitability, suggesting mitigation steps, and in some cases autonomously containing or isolating threats before they spread. AI is allowing us to move from “after-the-fact detection” to “real-time defense.” However, the biggest shift isn’t just technical; it’s cultural.

AI has helped bridge the gap between overwhelmed security teams and the pace of modern threats. Analysts are now empowered with intelligent recommendations, automated triage, and contextual insights that reduce fatigue and improve decision quality. Of course, AI isn’t a silver bullet. Adversaries are also using AI to generate phishing content, evade detection, and accelerate attack campaigns.

So we’re entering a world where security becomes a dynamic, continuous contest between defensive and offensive AI. But based on what I’ve seen from enterprise-scale cloud environments to operational security automation, AI is moving cybersecurity from reactive firefighting to proactive resilience. It’s enabling organizations to detect earlier, respond faster, and secure systems at a scale that would be impossible with human effort alone.

Can you share a specific instance where your leadership approach helped overcome a major cybersecurity challenge?

One incident that stands out is when our organization was impacted by a high-severity zero-day Java vulnerability. The challenge wasn’t just the vulnerability itself; it was also the fact that our scanning tools couldn’t generate remediation tickets at the level of granularity required. The scanners identified the issue, but because the detection relied on unique vulnerable file paths, the system wasn’t able to produce individual tickets. This meant we had limited visibility into which applications were affected, where the vulnerable components lived, and whether remediation was actually progressing.

As a leader, I stepped in to close both the technical and operational gaps. I worked with my team to design and build an automation pipeline that reconstructed the scan data and normalized it on a per-path basis. This allowed us to generate accurate, actionable vulnerability records for every affected instance across the environment.

The impact was immediate. By transforming ambiguous scanner output into precise remediation tasks, we improved visibility dramatically and enabled teams to prioritize and fix issues much faster. The new automation improved our vulnerability remediation rate by more than 40%, ensured we met our SLAs, and ultimately reduced our exposure window during a critical zero-day event.

Beyond the technical solution, this incident reinforced the importance of leading through clarity, translating complexity into action, aligning teams quickly, and building tooling that makes security measurable and scalable.

How do you see the role of patch management evolving in an era of increasing AI-driven cyber threats?

Patch management is undergoing a fundamental shift as AI-driven cyber threats become more sophisticated, faster-moving, and increasingly automated. Traditionally, patching has been a reactive, scheduled, and often manual process. But in today’s landscape, where threats can weaponize vulnerabilities within hours, patch management needs to evolve into a proactive, intelligence-driven discipline. I see three major changes:

1. Patch Management Will Become Predictive, Not Reactive.

   AI will allow organizations to forecast which vulnerabilities are most likely to be exploited based on attacker behavior, exploit development patterns, and environmental context. Instead of waiting for CVSS scores or vendor advisories, we’ll prioritize patches using real-time risk signals. This shifts patch management from “patch everything eventually” to “patch the 5% that will stop 95% of risk.”

2. Automation Will Handle the Entire Patch Lifecycle.

   AI-driven orchestration will assist teams in end-to-end patch operations: identifying impacted assets, validating compatibility, sequencing patch rollouts, performing automated testing, and rolling back safely when needed. This eliminates bottlenecks that often come from human decision-making, scaling patching to thousands of systems with minimal manual effort.

3. Continuous Compliance Will Replace Point-in-Time Reporting.

   As AI threats exploit vulnerabilities instantly, organizations can’t rely on monthly or quarterly compliance reports. AI-powered dashboards will provide real-time patch readiness, exposure windows, and SLA adherence, allowing leaders to make risk-based decisions instantly. Ultimately, patch management is evolving from a maintenance task into a strategic, intelligence-driven security function. In an environment where attackers leverage automation and AI, defenders must do the same. The future of patch management will be defined by speed, predictive analytics, and autonomous remediation, reducing the gap between vulnerability discovery and vulnerability resolution to near zero.

What's the most unexpected lesson you've learned about software development while working on cybersecurity projects?

One of the most unexpected lessons I’ve learned is that software development and cybersecurity don’t fail because of technology, but because of assumptions. In traditional software engineering, we often assume components will behave as expected, integrations will follow the contract, and edge cases are rare. However, in cybersecurity work, you learn quickly that attackers specifically target the gaps created by these assumptions. A tiny misconfiguration, an overlooked dependency, or a “this will never happen” scenario becomes the exact entry point for exploitation.

Working on cybersecurity projects taught me that:

1. The smallest design decision can have the largest security impact.

A single default setting or library version, or something developers barely think about, can become the root cause of a critical vulnerability months later.

2. Security exposure grows in the gaps between teams, not within them.

Everyone builds their piece assuming the next group has handled certain controls. Attackers operate in the undefined space where ownership gets blurry.

3. The best developers aren’t the ones who write perfect code; they’re the ones who challenge their own assumptions.

Asking “What if this input isn’t what I expect?” or “What happens when this dependency fails?” turns ordinary code into resilient code.

Ultimately, the unexpected lesson is that cybersecurity isn’t a layer on top of software development; it’s a mindset shift.

This connects directly to one of cybersecurity’s core principles of defense in layers. I learned that no single control—no firewall, scanner, or patch—can protect a system on its own. Resilient software comes from stacking layers of protection: secure coding practices, automated scanning, threat modeling, identity controls, runtime protections, observability, and rapid patching. Each layer assumes the previous one might fail, so the system must still remain defensible. Cybersecurity isn’t a bolt-on feature; it’s a mindset. Thinking like a defender forces you to design software with layered protections, anticipate failures, and build systems that remain secure even when individual components are not.

In your opinion, what's the biggest misconception about AI in cybersecurity that you've encountered among business leaders?

The biggest misconception I see among business leaders is the belief that AI is a plug-and-play solution that will automatically secure their environment.

There’s a growing expectation that adopting AI, whether for threat detection, code analysis, or automation, will instantly replace human judgment or eliminate the complexity of cybersecurity operations.

In reality, AI doesn’t replace security fundamentals; it amplifies them.

Here are the key misunderstandings behind that misconception:

1. AI is only as strong as the data and processes behind it.
2. If asset inventories are incomplete, logging is inconsistent, or patch workflows are broken, AI will simply accelerate the noise. Without good hygiene, AI becomes a very efficient way to surface the wrong problems.
3. AI cannot solve cultural and organizational gaps.
4. Many breaches happen not because threats weren’t detected, but because teams lacked clear ownership, workflows, or response playbooks. AI can highlight issues, but it won’t fix accountability or communication issues.
5. AI requires continuous tuning and strong human oversight.
6. Threat actors evolve rapidly and often use AI themselves. Without ongoing tuning, AI models degrade, generate blind spots, or create false positives that erode trust.
7. AI augments talent; it doesn’t eliminate it.
8. The organizations that benefit most from AI are the ones where security engineers understand how to interpret results, validate outputs, and act on intelligence.

The core misconception is that AI is not a shortcut. It’s a force multiplier—but only when paired with good processes, strong security fundamentals, and the right talent. When leaders understand this, they implement AI not as a magic product, but as an integrated capability that transforms how fast and how effectively their teams can respond to threats.

Can you describe a time when you had to make a difficult decision balancing cybersecurity needs with business operations?

One difficult decision I faced involved balancing the urgency of addressing a critical vulnerability with the operational impact on several high-availability business systems.

We had identified a severe vulnerability in a widely used infrastructure component. Security best practices required us to patch within days. However, several business units relied on that component for revenue-generating workloads, and applying the patch meant service interruptions during peak operating windows. Delaying the patch increased our exposure; patching immediately risked disrupting business operations.

I led the decision-making process by approaching it from both a risk and business impact perspective. Instead of forcing a purely security-driven mandate, I brought together application owners, platform engineers, and the risk team to quantify the actual blast radius: which systems were exposed, what compensating controls existed, and what the operational impact of downtime would be.

Based on this, we created a tiered remediation plan:

• Critical external-facing systems were patched immediately, supported by enhanced monitoring and an on-call response team to quickly address any issues.
• Less-exposed internal systems followed a phased patching schedule, aligned with lower-risk maintenance windows to minimize business disruption.

This decision required pushing back on both sides: explaining to business leadership why delaying all patches wasn’t acceptable, while ensuring the security team understood operational realities and adapted the rollout accordingly. In the end, we closed the vulnerability within our SLA, avoided any customer-facing downtime, and strengthened trust between the security and engineering teams. It reinforced a lesson I carry forward: effective cybersecurity leadership isn’t about saying “no”; it’s about creating risk-informed solutions that protect the business while enabling it to operate.

Looking ahead, what emerging technology or trend do you think will have the most significant impact on cybersecurity leadership in the next five years?

Looking ahead, I believe the most significant impact on cybersecurity leadership will come from the intersection of quantum computing and AI-driven security automation. Both trends are maturing quickly and will reshape how organizations define resilience.

Quantum computing is still emerging, but its implications for cybersecurity are immediate. A sufficiently powerful quantum computer could break widely used cryptographic algorithms like RSA and ECC, undermining everything from secure communications to digital identities.

This means leaders must start preparing now for post-quantum cryptography, conducting cryptographic inventories, planning multi-year migrations, and addressing “harvest now, decrypt later” risks where attackers store encrypted data today to decrypt once quantum capabilities become available. For cybersecurity leaders, quantum readiness shifts from a theoretical discussion to a strategic responsibility.

At the same time, AI is transforming security from reactive to predictive. Over the next five years, AI will autonomously correlate signals across logs, metrics, and traces; automatically scan and patch vulnerable code; and orchestrate guided response workflows at machine speed.

This moves security operations from manual decision-making to intelligent automation, shifting the leader’s role toward setting governance, defining risk thresholds, and ensuring high-integrity data pipelines for AI systems.

The Leadership Imperative

These two forces together mean cybersecurity leadership will require:

• Guiding organizations through quantum-resilient architecture transitions
• Leveraging AI to shrink detection and response windows
• Preparing teams for a hybrid future where humans and AI systems co-defend
• Elevating cybersecurity to a board-level, long-range strategic priority

In short, quantum computing will disrupt the cryptography we depend on today, and AI will redefine how we defend systems. The leaders who succeed will be those who can anticipate these shifts early, modernize their infrastructures, and build organizations that can adapt at machine speed.

Thanks for sharing your knowledge and expertise. Is there anything else you'd like to add?

Thank you for the opportunity to share my perspective. If I leave you with one final thought, it’s that we’re standing at a rare inflection point in cybersecurity, one where AI, automation, and even quantum computing are rewriting the boundaries of what’s possible.

I believe the future of cybersecurity leadership isn’t just about defending systems; it’s about designing a world where trust becomes an intrinsic part of every digital interaction. A world where technology anticipates threats before they emerge, where infrastructure heals itself, and where security empowers innovation instead of slowing it down.

The next decade will challenge us to rethink everything, from how we build software to how we protect global financial ecosystems. But it will also give us an unprecedented chance to create security models that are more intelligent, more adaptive, and more humane.

My vision is for a future where security is not reactive, but regenerative; not a gatekeeper, but an enabler; not an afterthought, but a foundation for how society advances. And I’m excited to help shape that future.