Security in the Age of AI

Reynaldo G. is Principal Cybersecurity Architect at Cummins Inc., where he brings a strategic, attacker-aware mindset to protecting global systems. His journey began with a hands-on passion for technology, building computers, fixing malware issues and exploring how networks function. Over time, this evolved into a career spanning consulting and architecture roles across industries. For Reynaldo, cybersecurity isn’t just about protecting data, it’s about safeguarding people, operations and the trust that holds it all together.

Securing Remote Access in a Distributed World

One of the most pressing challenges is the lack of comprehensive visibility across converged IT, OT and IoT environments. Many organizations are still unable to fully identify, classify and monitor assets across their manufacturing footprint. This leaves critical systems exposed to both internal and external threats. Without real-time asset intelligence and contextual telemetry, it becomes nearly impossible to implement effective risk management, threat detection or incident response processes that are timely and reliable.

Another major hurdle is securing remote access in an environment that demands agility but often struggles with consistency and standardization. With increased reliance on third-party vendors, field technicians and digital monitoring tools, traditional VPN models or similar agent-based approaches frequently fall short. These models do not always scale effectively, especially in highly distributed or legacy environments.

Segmentation and policy enforcement are also complicated by the need for constant uptime. AI-driven risks and shifting regulatory expectations further increase complexity.

Risk Management Beyond Compliance

Balancing cybersecurity strategic vision with tactical execution begins by aligning cybersecurity goals to business priorities.

It is critical to understand what the organization is trying to achieve and where the risks lie. This understanding must go beyond compliance and include operational and reputational considerations. The question is not simply “What do we need to secure?” but rather “What can we not afford to lose?” This shift in thinking allows us to assess risk through the lens of potential impact, weighed against the cost of in action.

By fully understanding the organization’s risk tolerance and operational limitations, we can craft security strategies that support rather than hinder progress. This requires a dual-track mindset. One track builds long-term maturity through sound architecture and governance. The other addresses immediate threats with agile, tactical solutions.

“By fully understanding the organization’s risk tolerance and operational limitations, we can craft security strategies that support rather than hinder progress. This requires a dual-track mindset. One track builds long-term maturity through sound architecture and governance. The other addresses immediate threats with agile, tactical solutions.”

Effective communication with executive leadership is essential. When cybersecurity is framed as a business enabler and risk-reduction partner, it is easier to gain support for both urgent actions and long-term strategies.

Driving Executive Alignment Through Industry Proof Points

Being part of Auto-ISAC and similar forums provides a vital industry lens that reaches beyond the boundaries of any single organization. These engagements enable trusted dialogue with peers across the automotive and manufacturing sectors. They offer opportunities to exchange real-world experiences, identify shared challenges, and validate strategies in a collaborative, vendor-neutral environment.

It is one thing to read about trends, but entirely different to learn how peers are implementing security, responding to threats or managing regulatory demands in real-time.

These insights often help accelerate internal decisionmaking and offer proof points that support executive alignment, sharpen strategic thinking, or improve existing initiatives. Nonprofit advisory work also plays a unique role in shaping the profession's future. Whether guiding curriculum development, mentoring emerging professionals, discussing AI ethics, or

supporting community-led projects, this work offers a valuable way to give back.

Most importantly, it ensures that our internal strategies are informed by both business objectives and broader societal evolution.

Embedding Security Early in Innovation

The key is to let business strategy guide security innovation, not the other way around. Every emerging technology, whether it is generative AI or an AI-enhanced use case, must be evaluated through the lens of its business impact and associated risk. The first question should always be: “What problem is this solving, and how does it align with our goals?”

If a new technology improves productivity or efficiency, security should be embedded in that innovation path from the start. It should serve not as a blocker, but as intelligent guardrails that protect value while enabling agility. New technologies should be tested through proof-of-value pilots with defined success criteria. It is vital to understand their functionality and the integration effort they require.

We must assess them based on lifecycle management, team readiness, and threat modeling. Simultaneously, we should phase out outdated tools to maintain a secure, scalable, and effective ecosystem aligned with business outcomes.

Build a Culture That Learns and Adapts

To the next generation of professionals: stay relentlessly curious and develop both systems thinking and the art of storytelling. Do not overlook fundamentals. The tools will evolve and the threats will shift, but your mindset will always be your greatest asset. Your ability to translate a threat, journey, or strategy into a business impact that a C-level executive can understand will set you apart.

Ask “why” often and learn to connect technical events to business outcomes. Develop fluency in AI trends and understand that cybersecurity is not just a technology issue. It is a trust issue, a people issue, and increasingly, a strategic differentiator. Those who thrive will be the ones who translate risk into relevance.

For organizations, treat cybersecurity as a living part of digital transformation. Embed security early, invest in people, and measure success using resilience-focused KPIs. Build a culture where learning from near misses is encouraged. Aim for adaptability.