.svg)
Somewhere along the relatively brief timeline of need-it-yesterday enterprise AI adoption, the role of CIOs and CISOs was forced to silently evolve. The biggest emerging threat to company health isn't just a foreign adversary or sophisticated new exploit. Those are table stakes. The new undeniable risk is a lack of AI innovation.
For CISOs specifically, cybersecurity has traditionally been sold from a defensive crouch, with leaders using fear, uncertainty, and doubt as leverage for budget and influence. But this approach has turned many security departments into roadblocks to progress, stifling the very innovation they are meant to enable.
Aysha Khan, the dual CIO and CISO at AI-driven customer data platform Treasure Data, spoke with us to discuss her hybrid role as enabler and protector. Recognized as the Cybersecurity Leader of the Year, Khan has spent over two decades challenging the industry's default posture. Her mission, forged by watching many leadership styles she vowed never to emulate, is to transform security into a function of pure enablement. For Khan, the path to unlocking growth in the AI era begins with a radical reframing of security’s entire purpose.
Security as acceleration: Khan’s philosophy is built on a simple but powerful formula that turns the traditional model on its head. It’s a vision she believes is the only way forward in an age where speed is paramount. "Security to me equals acceleration with equal parts velocity and trust," Khan said. "And trust directly feeds into revenue and business resiliency."
The martyr CISO: This philosophy was born from a career spent pushing back against what she calls the "Martyr CISO"—a leader who isolates their function and creates a bottleneck. "A lot of the CISOs act like martyrs," she explained. "They take all the responsibility and make unilateral decisions because they don't tell the business the real value or why it matters to them. So they make cybersecurity a technology problem, not a business problem." This martyrdom, she argues, is rooted in a flawed approach to influence. "Many cybersecurity leaders sell security as a fear tactic," Khan said. "I didn't wanna be that leader."
Just as this new model of security-as-enabler takes hold, the world has been upended by AI. Yet where many see only risk, Khan sees opportunity, feeling like a "kid in a candy store" facing immense possibilities. The key, she argues, is to stop treating security and innovation as separate pursuits. "We're not going to talk about innovation and security separately," she declared. "We're going to talk about secure innovation day in, day out."
Pursuers vs. game-changers: Executing on "secure innovation" begins with a foundational question she poses to every leadership team: "What is your AI ambition?" The goal is to get everyone "singing from the same song sheet" before a single tool is deployed. From there, Khan framed the strategy as a choice: will the company be "Productivity Pursuers," using AI for internal efficiency, or "Game-Changers," building AI into the core product?
