Meet the Experts
Aparna Achanta: Architecting Resilient Futures
Aparna brings over a decade of experience in securing U.S. federal agencies like the FDA and VA. She specializes in Zero Trust architecture, AI-driven security for SaaS and multi-cloud platforms, and operational cybersecurity strategy. Her accolades include the Titan Business Award and being named to Modern Healthcare’s 40 Under 40 in 2025.
Aparna is also a seasoned author, having contributed thought leadership articles to outlets such as Forbes, including pieces like “Embracing AI to Build Resilience Against AI Attacks” and “Securing Low-Code/No-Code Development Platforms”, where she addresses the intersection of AI security, data protection, and enterprise governance.
Tarnveer Singh FBCS FCIIS: A CISO’s Wisdom, An Author’s Voice
Tarnveer is an award-winning CISO with two decades of experience across security and architecture domains. He is currently CISO at The Exeter insurance and the Director of Security and Compliance at Cyber Wisdom Ltd. He is a thought leader known for blending strategic, ethical, and psychological perspectives on cybersecurity.
He has authored several seminal books, including:
- Artificial Intelligence and Ethics: A Field Guide for Stakeholders
- The Psychology of Cybersecurity: Hacking and the Human Mind
- Digital Resilience, Cybersecurity and Supply Chains
- Finance Transformation: Leadership on Digital Transformation and Disruptive Innovation
- Cybersecurity, Psychology and People Hacking
Tarnveer’s books are recognized for raising awareness on topics ranging from AI risk and people hacking to digital resilience, and are widely considered essential reading for cybersecurity professionals. He is a Fellow of both the British Computer Society and the Chartered Institute of Information Security.
The Interview: Voices on the Vanguard of Cybersecurity
On the Origins of Collaboration
Interviewer: Aparna, what sparked your collaboration with Tarnveer?
Aparna: We both saw the fragmentation in cybersecurity knowledge—technical silos missing ethical, human, or strategic perspectives. Our expertise is complementary. By uniting, we can bridge the gap between the “how” and the “why” of cybersecurity.
Interviewer: What will your joint articles aim to deliver?
Aparna: Actionable guidance. We’ll cover AI security, cloud governance, Zero Trust, and more. We want to elevate both awareness and implementation.
Interviewer: Tarnveer, how do you envision this partnership enhancing the current cybersecurity discourse?
Tarnveer: AI security and ethics and the emerging cyber threat landscape require us to raise awareness and change our approach. Cybersecurity has often lacked fresh perspectives including a focus on the human element, a deeper understanding of how habits influence security behavior, and a more holistic view of cybersecurity threats, including disinformation and insider threats. The talent shortage and the need for diversity and inclusion in the cybersecurity workforce are significant areas where perspectives are lacking.
The Threat of Malicious AI
Interviewer: Aparna, what are some of the most pressing AI-driven security threats today?
Aparna: Some of the most pressing AI-driven security threats today include AI-powered phishing, deepfakes, and voice cloning, which make social engineering attacks more convincing and harder to detect. Adversarial attacks like data poisoning and model evasion threaten the integrity of machine learning systems, while prompt injection and model inversion expose new vulnerabilities in generative AI.
Interviewer: What risks do AI systems themselves pose?
Aparna: Threats like data poisoning and model tampering. Shadow AI—unauthorized use of AI—also creates major blind spots. AI is also being exploited to scale misinformation campaigns and automate cyberattacks, highlighting the urgent need for stronger safeguards around AI development and deployment.
Interviewer: What practical steps can organizations take?
Aparna: Start with strong identity management and data encryption. Address AI-driven security threats by embedding AI risk management into their cybersecurity governance, securing the entire AI lifecycle from data to deployment, and implementing strict access controls and logging for AI systems. Regular monitoring for adversarial behavior, prompt injection, and model drift is essential, as is red teaming to identify vulnerabilities.
Interviewer: Tarnveer, how do ethical concerns in AI deployment intersect with daily cybersecurity challenges?
Tarnveer: As a CISO I see ethical concerns in AI deployment intersect with cybersecurity raising questions about privacy, fairness, accountability, and potential misuse of AI technologies in both defensive and offensive roles. AI algorithms can inherit biases from the data they are trained on, leading to unfair or discriminatory outcomes including in cybersecurity applications themselves, especially when detecting or responding to threats.
As AI systems become more autonomous, it becomes harder to determine accountability for their actions, including false positives, false negatives, or even unintentional facilitation of compromises.
AI can be used for malicious purposes, such as developing advanced phishing schemes, exploiting security vulnerabilities, or even creating AI-powered cyberattacks. The use of AI in cybersecurity can automate tasks that were previously handled by human experts, potentially leading to displacement and raising questions about the impact on the workforce and cybersecurity culture.
Organizations need to establish robust AI governance frameworks to deal with complexity and ethical dilemmas.
Implementing Zero Trust in the Real World
Interviewer: Aparna, how does Zero Trust improve data security in complex environments?
Aparna: It enforces continuous authentication and least privilege access. Micro-segmentation limits breach impacts. In multi-cloud and SaaS, it helps apply consistent policies.
Interviewer: What are some implementation challenges?
Aparna: Identity federation and policy silos are big hurdles. Automation and unified visibility are crucial to success.
Interviewer: Tarnveer, how should enterprises rethink supply chain risks in this interconnected age?
Tarnveer: In the digital age, enterprises should consider adopting a proactive, data-driven approach. This includes enhancing visibility and control across the entire supply chain, implementing robust cybersecurity measures, and fostering collaboration with partners to build a more resilient and sustainable supply network.
Fostering a Culture of Security
Interviewer: Aparna, how can organizations build better security awareness?
Aparna: Move beyond checkbox training. Use microlearning, role-based scenarios, and gamification. Simulations and security champions help too.
Interviewer: What’s your advice for governing LCNC platforms and Shadow IT?
Aparna: Create clear policies, apply Zero Trust, and continuously monitor. Support innovation with secure enablement. A centralized governance model, supported by a federated approach, ensures oversight while empowering business units. Continuous monitoring, automated compliance tools, and user training are essential to maintain visibility and promote secure, responsible use across the enterprise.
Interviewer: Tarnveer, what psychological traps consistently expose organizations to risk?
Tarnveer: Psychological traps such as social engineering attacks exploit human vulnerabilities. Phishing is a classic social engineering technique where attackers impersonate legitimate entities (like banks or IT support) in emails or messages to trick recipients into revealing sensitive information, such as usernames, passwords, or credit card details. Attacks like phishing, often prey on trust and urgency, luring individuals into revealing sensitive information or clicking malicious links. Other traps include pretexting, where attackers fabricate scenarios to gain trust, and quid pro quo, where they offer rewards in exchange for compromising actions.
Navigating Cloud Governance
Interviewer: Aparna, what governance pillars must enterprises prioritize?
Aparna: Identity governance, data classification, policy enforcement, vendor risk management, and unified analytics. CSA’s Zero Trust pillars are an excellent guide.
Interviewer: Tarnveer, what are the key enablers and barriers for secure digital transformation in finance?
Tarnveer: Key enablers include embracing emerging technologies like AI, data, empowered employees, agile processes, aligned cross-functional teams, and strategic leadership with a bold, clearly defined vision. Barriers include outdated systems, workforce resistance, siloed departments, and reactive leadership.
Looking Ahead
Interviewer: Aparna, what can readers expect from your upcoming article series?
Aparna: Deep dives into AI security, Zero Trust, cloud governance, data protection, and security awareness. We aim to blend strategic insight with practical application.
Interviewer: Tarnveer, what final message would you share with cybersecurity professionals and business leaders?
Tarnveer: We cannot achieve sustainable innovation without digital resilience. Cybersecurity is not just a technical issue; it’s a critical business imperative. It requires a collaborative effort, with professionals providing expertise and leaders driving strategic decisions and prioritizing resources.
Final Thoughts
This collaboration between Aparna Achanta and Tarnveer Singh arrives at a pivotal moment for global cybersecurity. As threats grow more sophisticated, the need for clarity, strategy, and responsible innovation has never been more urgent. Their upcoming articles promise to deliver just that—a balanced blend of actionable insight and visionary thinking. By uniting technical depth with human-centric awareness, Aparna and Tarnveer are not only informing the cybersecurity community—they are helping shape its future.
