Align Information Security

Across conversations with security leaders featured in Feats of Strength, one thing is clear: artificial intelligence is no longer a future consideration. It is actively reshaping how organizations operate and how risk is introduced.But while AI is the catalyst, the story is not about technology alone. It is about leadership. It is about how security leaders are adapting to a faster, more complex environment while still maintaining control and trust.There is also a noticeable shift in how these leaders talk about their role. The conversation has moved beyond tools and threats. It is now centered on decision making, prioritization, and how to guide an organization through change that is happening faster than most teams are built to handle.The following themes reflect what leaders are experiencing today. Not in theory, but in practice.AI Is Now a Core Security PriorityAI has moved beyond experimentation. It is now embedded in how organizations build and compete.Security leaders are no longer asking if AI will impact their programs. They are managing that impact in real time, often while the business is already moving ahead.At Paychex, Bradley Schaufenbuel describes the urgency clearly. “Most businesses see its adoption as essential to their survival,” he sayson page 9 of the April 2026 Feats of Strength Magazine,  “Non-adoption or slow adoption of AI is seen as an existential threat.”This shift is forcing a change in how priorities are set. AI is not replacing other risks, but it is influencing how they are evaluated. Leaders are looking at how AI intersects with existing programs, from data protection to third party risk, and adjusting accordingly.In many cases, AI is also becoming a forcing function. It exposes gaps that may have existed for years but were not as visible. Data classification, access control, and visibility into usage patterns all become more urgent when AI is introduced.The role of the CISO is evolving alongside this shift. AI is not a project to evaluate. It is a capability that must be enabled and secured at the same time. That requires a different mindset, one that is comfortable operating without complete information and making decisions as conditions change.AI Is Already Scaling Security OperationsWhile much of the conversation around AI focuses on risk, leaders are already using it to improve how security operates.The most immediate impact is scale. AI allows teams to handle increasing workloads without adding headcount, while also improving speed and decision making.At Paychex, AI is already embedded in operations. “We are using AI agents to automate alert triage, alert data enrichment, and investigative processes in our security operations center,” Bradley explains on page 8.At Fortitude Re, Elliott Franklin has taken a similar approach. “We have implemented over 100 automated responses and playbooks,” he says on page 12.For Jacob Combs at Tandem Diabetes Care, the value goes beyond automation alone. “Automation has always been here, but now we have context,” he explains on page 16.This shift toward context driven automation is critical. It allows teams to prioritize faster and reduce noise so they can focus on what matters most.It is also changing expectations. What once required multiple analysts and several hours can now happen in minutes. That creates a new baseline for performance. Leaders are not just asking how to improve efficiency. They are asking how to redesign workflows entirely.There is also a cultural shift that comes with this. Teams must learn to trust automation while still maintaining oversight. That balance is not always easy, especially in environments where accountability is high and the cost of mistakes is significant.The leaders who are making progress are the ones who are treating AI as an extension of their team, not as a replacement. They are defining where automation adds value and where human judgment remains essential.Governance Is Becoming an Ongoing DisciplineAs adoption accelerates, governance is no longer a theoretical framework. It is becoming an active discipline that must keep pace with the business.Leaders are building structures that can evolve alongside how AI is used across the organization.At Paychex, this takes the form of a formal governance body. “We assembled an AI Governance Council that includes all lines of defense,” Bradley explains on page 9.Jacob Combs reinforces that governance is not static. “You can’t just set it and forget it,” he says on page 16. “You must manage it into the long term to make sure it’s still functioning and not drifting.”At NETSCOUT, Deb Briggs highlights the reality of keeping pace. “There is an AI governance committee,” she says on page 11, pointing to how quickly these efforts must evolve.What is changing is not just the presence of governance, but how it is applied. Instead of acting as a checkpoint, governance is becoming part of the workflow. It must operate at the same speed as the business, which requires clarity and simplicity.Leaders are also recognizing that governance is not just about policy. It is about visibility and accountability. Understanding where AI is being used, what data it is accessing, and who is responsible for it becomes essential.In many organizations, this is still a work in progress. The pace of adoption often outstrips the ability to govern it. That gap is where risk begins to accumulate.The Business Is Moving Faster Than EverOne of the most consistent themes across leaders is the pace at which the business is moving.AI has lowered the barrier to entry for innovation. Development cycles are faster, and new capabilities are being introduced at scale.At Accela, Fred Bret-Mounet sees this firsthand. “We are getting flooded with new business ideas, new solutions, new internal tools,” he says on page 14.Elliott Franklin captures the pressure this creates. “Many businesses want everything immediately,” he says on page 12.This acceleration is not limited to one part of the organization. It is happening across development, operations, and even business units that previously had limited technical involvement.For security leaders, this creates a fundamental shift. They are no longer reviewing decisions after they are made. They are being asked to participate in them as they happen.This requires a different approach to engagement. It is less about enforcement and more about partnership. Leaders must understand the business context, provide guidance quickly, and help teams move forward without unnecessary friction.The challenge is that speed and control are often in tension. Moving too slowly can create frustration and lead to workarounds. Moving too quickly can introduce risk that is difficult to unwind.Navigating that tension is becoming one of the defining responsibilities of the modern security leader.AI Risk Is Rooted in Data and IdentityWhile AI introduces new capabilities, the underlying risks are familiar. They are rooted in data and identity.As AI systems access and process information at scale, controlling how data is used and who has access becomes critical.Elliott Franklin reinforces this focus. “Identity and access management is an important area to focus on,” he says on page 13.Jacob Combs highlights the speed of the challenge. “As this data starts flying around at superhuman speeds, how are we going to make sure that we’re not losing anything or sending anything out inappropriately?” he asks on page 17.What is changing is not the nature of the problem, but the scale. AI increases the volume of data being processed and the number of systems interacting with it.It also introduces new forms of identity. Machine identities, service accounts, and API driven interactions all expand the attack surface. Managing these identities becomes just as important as managing human users.Leaders are focusing on visibility. They want to know where data is going, how it is being used, and what controls are in place. Without that visibility, it becomes difficult to manage risk effectively.This is where foundational security practices become critical. Data classification, access control, and monitoring are not new concepts, but they take on new importance in an AI-driven environment.Human Risk Is Expanding as the Threat Landscape AcceleratesAI is changing both sides of the security equation. It is making attackers more effective while increasing pressure on defenders.At Paychex, Bradley describes the shift clearly. “Attackers are already leveraging AI to automate their attacks and improve the sophistication of those attacks,” he says on page 8.“AI is also being leveraged to generate deepfakes that are driving up the success rate of phishing and social engineering techniques,” he explains.Kathryn Burgner brings it back to people. “It lowers those barriers,” she says on page 18.What this creates is a more dynamic threat environment. Attacks can be generated faster and at greater scale. They can also be more convincing, making it harder for individuals to detect them.At the same time, defenders are using AI to improve detection and response. Automation helps reduce response times and allows teams to handle more incidents.The challenge is that both sides are improving at the same time. This creates a constant race, where the advantage is not fixed.As a result, leaders are placing more emphasis on human behavior. Training, awareness, and making secure actions easier are becoming critical parts of the strategy.Human risk is no longer a secondary concern. It is central to how organizations think about security.Security Teams Are Evolving, Not ShrinkingDespite concerns about automation, leaders are not reducing their teams. They are redefining how work gets done.AI is taking on repetitive tasks and lower value work, allowing security professionals to focus on higher impact areas.At Everpure, Rick Orloff puts it simply. “If AI is replacing my folks, I have them doing the wrong job,” he says on page 21.Roland Cloutier highlights the shift in structure. “How do I reduce the number of people in my SOC by letting tier one and tier two work be done by AI?” he asks on page 23.At NETSCOUT, Deb Briggs reinforces the intent. “Rather than replacing analysts, the goal is to augment and upskill them,” she says on page 10.This evolution is not just about tools. It is about how teams are organized and how work is defined.Entry level roles may change, and certain tasks may disappear, but the need for skilled professionals remains. In many cases, it becomes even more important.Leaders are investing in their teams, helping them build new skills and adapt to changing expectations. The focus is on growth, not reduction.This reflects a broader shift in the industry. Security is becoming more strategic, and the people within it must evolve accordingly.What Comes NextBefore looking ahead, the patterns across leaders are clear:

Bradley Schaufenbuel has served as Vice President and Chief Information Security Officer at Paychex for over six years, where he leads the company’s global cybersecurity strategy. With a career rooted in financial services and strong security leadership, Bradley brings a pragmatic approach to protecting the business. At Paychex, Bradley operates at the intersection of innovation and risk, helping the organization adopt new technologies such as artificial intelligence while maintaining strong governance and resilience. His leadership reflects a broader shift in the role of the modern CISO, one that requires balancing speed and business enablement in an environment defined by constant change.

Deb Briggs approaches cybersecurity with a practical mindset shaped by experience and scale. As Chief Security Officer at NETSCOUT, she leads security in an environment where visibility and performance are core to both the business and its customers. Her role requires balancing innovation with control, especially as artificial intelligence rapidly changes how organizations operate.Rather than viewing AI as a single initiative, Deb breaks it down into focused, actionable areas. Her approach is grounded in real use cases and an understanding that security teams must evolve just as quickly as the technology itself.

Elliott Franklin leads security at Fortitude Re with a perspective shaped by both technical experience and a deep understanding of the human side of cybersecurity. Elliott is responsible for protecting sensitive data and ensuring resilience in an environment where risk is constant and expectations are high.His approach to security and leadership reflects a broader shift in the role of the CISO. Security is no longer just about controls and compliance. It is about enabling the business, adapting to rapid change, and building programs that can withstand both technical and human pressures.

Fred Bret-Mounet leads security at Accela with a perspective shaped by decades of experience building and evolving security programs across fast-moving technology environments. His leadership reflects a broader shift in the role of the CISO. The challenge is no longer just about managing risk, but about keeping pace with a level of technological acceleration that is fundamentally changing how software is built and secured.

For almost three years, Jacob Combs has led the security program at Tandem Diabetes Care, where his approach to cybersecurity is grounded in pragmatism and adaptability. In an industry defined by constant change, he doesn’t see uncertainty as a new challenge, but as the baseline.Rather than trying to predict every possible threat, Jacob has built his program around the core principle of resilience.He explains, “When I joined, I focused on this idea of resilience. It’s all about our ability to detect, respond, and recover to an attack that occurs. It is still very important today.”For him, that capability is a great safety net, ensuring the organization can withstand what it cannot predict. It also allows the business to move forward with confidence, knowing that even in the face of increasingly complex attacks, they have a strong, resilient security program.