This conversation was a masterclass. Rinki Sethi’s career is a study in growth – from starting out as a security engineer back when “cybersecurity” wasn’t even a mainstream term, to now serving on boards, leading security at major public companies, and helping shape the next generation of security products at Upwind.We covered a lot: how the industry’s evolved (and hasn’t) for women in cyber, why she believes run-time security is the future, how AI is changing both sides of the threat landscape, and what it actually takes to build resilient, high-performing security teams.Rinki brings sharp perspective, no fluff, and the kind of clarity you rarely get in conversations about security. I walked away rethinking more than a few things, and I think you will too.Here’s the full conversation.MSSP Alert: Let’s go back to where it all started. How have things changed for you – from starting out as a security engineer to now sitting on boards and leading security at Upwind?Rinki Sethi: Yeah, it’s interesting. I started as a security engineer right out of college, not really knowing what I was stepping into. Back then, we didn’t call it cybersecurity – it was information or data protection. Fast forward to today, and cybersecurity is everywhere.
At the time, there were very few women in the field, and even fewer in leadership. In my first role, the term CISO barely existed outside banking. A few years later at eBay, I worked with one of the first CISOs outside that space and saw a team with more women than I’d ever seen before. That’s when I realized I could actually build a career in this industry.
About a decade later, I stepped into my first CISO role at an early-stage startup. I was still one of the few in that role and became one of the first Asian women to serve as CISO of a public social media company. I later joined a fintech, started a VC firm, and eventually landed at my favorite cybersecurity company.
MSSP Alert: That’s quite a journey. Do you feel the industry has made real progress in getting more women into cybersecurity, especially leadership?
When I first joined the industry, women made up less than 3%. Now it’s about 25% – progress over two decades, but still far to go. In senior leadership, the drop-off is sharper, around 10% or less. Many women step back when deciding about family, and we still need better ways to support them so they can have both a career and personal life. There’s progress, but the work isn’t done.
MSSP Alert: Let’s shift gears to the threat landscape. AI is now everywhere – in defense and offense. What’s different about this moment in security?
I’ve seen so many transformations happen in my career. I remember the mobile transformation, the cloud transformation, and now this. And I think this is more rapid than any other generational change we’ve seen – around AI. Every leader in any role right now, and every company, is looking at: what do we need to do? One, to be more productive and efficient, but also to innovate faster. Specifically, in security leadership, we’re paving the path right now on how AI adoption needs to happen. We can’t stand in the way of it. It’s less about gatekeeping and more about how do we enable an AI-first world.
We can’t rely on what we’ve used in the past. We need to be deep in the business, actively partnering with product and engineering, thinking about how AI not only introduces risk, but how it can unlock security at scale.
I’m excited that I’m joining a company like Upwind – it’s just a few years old. It’s already built on next-gen thinking and has been a visionary in how to adopt AI to drive innovation.
MSSP Alert: That said, is AI dominating the conversation too much? What else should security leaders be watching closely?
I think AI is one of the biggest topics – but it’s the “how.” When I think about the threat landscape, there are still foundational issues we all worry about.
Identity is a big one. How do we get ahead of what we used to call Zero Trust? How do we govern identity end-to-end? AI is going to help us do this better.
Then there’s vulnerability management. It’s not about finding vulnerabilities – we’ve always had that. It’s about how you go from knowing to actually driving remediation. That’s still a tough problem.
And then cloud. Even though the cloud transformation feels like a decade ago, I’m still talking to companies that are going from on-prem to cloud. They don’t have the talent or the right partners to do it securely. That’s still a problem.
Now with the explosion of data and AI, run-time security is another area we’re shifting toward. Leaders are now thinking differently about cloud security, not just configuration management.
MSSP Alert: You’ve been vocal about “dashboard fatigue.” How is Upwind changing the day-to-day experience for security teams?
Three years ago, when I first heard of Upwind and talked to Amiram, the CEO, it was the first time I heard the word “run-time.” At the time, I was deep in a cloud transformation journey. I was focused on compliance, making sure configs were right and that automation was in place. That required seeing dashboards and reporting on them.
But what I realized is that by the time you’re seeing the dashboard, the attack might’ve already happened. That’s not real-time. True security happens at run-time.
This vision stuck with me. It changed my mindset – and that rarely happens. Upwind was the first company thinking broadly beyond application monitoring and applying that to security.
Now, with the future moving toward agents doing work for us, dashboards become less relevant. The agents need to gather context from your runtime environment and give you what you need to act. That’s the future – and that’s what Upwind is building.
I was one of Upwind’s first customers. I believed in the story early on. Now I get to help shape the product, be the voice of the customer, and build what practitioners have long wanted. It’s fulfilling.
MSSP Alert: There are other players exploring runtime – Sysdig comes to mind. What makes Upwind different?
Upwind has been focused on cybersecurity from day one. The team came from DevOps and built sensors and agents that sit in the environment for full context. They went straight for the hardest part – building lightweight, powerful sensors. That’s rare.
Other vendors started by observing from the outside and working in. We started from inside – where attacks happen – and worked out. So instead of alerting you that a config is wrong and maybe five steps later there’s an attack, we tell you when the attack is happening. Then you fix the root causes.
That’s the difference.
MSSP Alert: Looking at your broader view as an investor and board member – what’s on your radar right now in security?
Everyone I talk to is focused on securing agents – how to manage and secure AI agents doing work on behalf of users.
The question is: will this get built into existing platforms, or will new players emerge? I think every company will need some capability around agent security – permissions, agent-to-agent communication, data sharing, and so on.
That’s the next big thing, and a lot of people are trying to figure it out right now.
MSSP Alert:Let’s talk about partners. From your perspective, what role do security providers and channel partners need to play in driving runtime security adoption?
There’s a shift happening. And honestly, it took even me some convincing to fully understand why runtime security matters. As security leaders, we’re forced to solve for compliance – and that’s fine – but it doesn’t necessarily protect you from attacks.
Runtime security is what prevents incidents. I joined Upwind not just to build the program, but to share this story with CISOs. Some have heard it, some haven’t – but once they do, it clicks. Partners can help drive that shift. They can be the ones helping customers understand why this matters and guide them to the vendors doing it best.
MSSP Alert: How are you aligning Upwind’s technology strategy with business outcomes? How do you measure success?
They brought me in early to build a strong security program at Upwind – one that can scale to large enterprises. I am also helping customers with their strategies, especially how to explain runtime security to their boards. We’re seeing momentum. There’s buzz in the market, and even big public cybersecurity companies are now talking about runtime. But we’ve been championing it for years.
MSSP Alert: You’ve led large teams through major transitions. What’s been the toughest challenge?
Building trust – especially remotely. At Rubrik, I had zero unwanted attrition as our team grew from 30 to 100. That’s rare in security. In my next role, I inherited a burnt-out team that had just gone through a breach. I had to build trust remotely, and that’s hard. You can’t build a high-functioning team without trust.
I also worked on shifting the burden. The security team shouldn’t own all the risk. Other business leaders need to be accountable. Changing that culture was key. And you have to challenge talented people. Nobody wants to be stuck doing monotonous work. You need innovation, fresh thinking, and a culture that doesn’t burn people out.
MSSP Alert:If there’s one message you’d want to send to your peers in cybersecurity, what would it be?
Security is a tough role. We need to rely on the community – not just CISOs or engineers, but vendors and partners too. The companies you bring in should be strategic partners, not just tool providers. They should support you through your journey. That sense of community is becoming more important. I see it in every conversation I have.
