Building a positive security culture in the era of AI

Navigating AI challenges, building security resilience, and embracing innovation

In partnership with

Joining us: Jason Loomis, Chief Information Security Officer at Freshworks

In today's ever-evolving technological landscape, security has become paramount for organisations worldwide. At a special event hosted at Abbey Road Studios, Jason, a seasoned Chief Information Security Officer (CISO) at Freshworks, shared his thoughts on fostering a positive security culture, navigating the challenges posed by artificial intelligence (AI), achieving work-life balance, and anticipating the future of cybersecurity.

Cultivating a positive security culture

A major challenge for CISOs is instilling a positive security culture within their organisations. Jason emphasised that too many CISOs fall into the trap of using fear-driven messaging – warnings of catastrophic consequences if security isn’t prioritised. Instead, he advocates for a positive approach by reframing security as a strategic advantage.

“CISOs should focus on how investing in security can make products stronger, faster, and better than the competition,” Jason explained. Rather than instilling paranoia, fostering an ethos that aligns security priorities with business success allows companies to see security as a catalyst for growth, innovation, and improved customer trust.

The double-edged sword of AI

Artificial intelligence is undeniably transforming the cybersecurity landscape, but its duality presents both opportunities and threats. According to Jason, AI has drastically reduced the time it takes malicious actors to breach organisations—from approximately 72 hours a few years ago, down to just 30 minutes or an hour today.

"The bad guys are leveraging AI," Jason said, adding, "We have to use AI to keep up." For CISOs like him, AI has become an essential tool in their arsenal. Security teams must immerse themselves in these technologies, harnessing AI’s capabilities to proactively identify risks, automate threat detection, and strengthen overall protection efforts.

At Freshworks, Jason encourages his teams to "swim in AI" and leverage it in their daily operations. This commitment highlights how embracing technological advancements is crucial in combating increasingly sophisticated attacks.

Balancing pressure and longevity as a CISO

The high turnover rate among CISOs (averaging 18 months) is evidence of the immense pressure associated with the role. Yet, Jason calls himself a “happy CISO”—a rarity in such a demanding position.

The secret? Understanding that no organisation can achieve absolute security. "Good security would put a company out of business," Jason explained, pointing to the balance between minimising risks and allocating resources wisely. CISOs must learn how to prioritise threats effectively, focusing on the biggest risks while accepting that some level of risk will always exist.

He compared security management to car safety: "Seatbelts, airbags, and advanced braking systems have reduced the likelihood of accidents, but crashes still happen—they’re just less likely." Similarly, the goal for security is mitigation, not elimination.

Anticipating the next 12 months in cybersecurity

Looking ahead, Jason anticipates significant changes in the security landscape but also shares a hopeful outlook. He identified a gap between marketing hype and tangible advancements, particularly regarding AI-driven tools offered by third-party vendors.

"Right now, we're leveraging Freshworks technology to build our own AI tools because what's available in the market just doesn't meet our needs," he stated. Jason hopes that security vendors will step up, providing robust AI-powered products that go beyond surface-level features or marketing fluff.

For organisations like his, the ability to innovate internally allows them to stay ahead of the curve. However, an industry-wide push towards meaningful AI integration could help companies adopt more effective solutions while reducing reliance on custom-built systems.

Closing thoughts

Jason's insights highlight the delicate balancing act required of CISOs today—from creating a positive security culture to navigating AI’s complexities while maintaining personal well-being and professional effectiveness. His experience underscores the importance of focusing on proactive measures, tailored innovation, and a realistic approach to risk management.

As we move closer to a future shaped by AI and heightened cybersecurity threats, Jason's vision for meaningful advancements in security tools remains critical, not only for his organisation but for the broader industry as well. With a thoughtful and strategic mindset, it's possible to achieve both strong security and sustainable leadership.

Want to learn more? Visit the People-First AI Hub today and explore our community filled with insights for staying ahead in the ever-changing world of technology.