The company also highlighted the limitations of traditional PAM models relying on static policies and manual processes, often lacking crucial context and leading to excessive permissions and security vulnerabilities. Their 2024 Identity Security Insights report indicated that 68% of respondents are seeking AI-driven improvements in risk-based access control.

“Today’s hybrid, multi-cloud environments have led to an explosion of human and non-human identities, creating complex access workflows and rampant privilege sprawl. To tackle this, organizations require dynamic policies that can intelligently enforce the principle of least privilege across their identity stack. With the AI-driven CIEM module in PAM360, IT security teams can now generate intelligent least privilege policies, proactively flag risky entitlements and automate remediation, helping enterprises close critical identity security gaps before they’re exploited,” said Ramanathan Kannabiran, director of product management at ManageEngine.

Addressing this need, PAM360’s Cloud Infrastructure Entitlement Management (CIEM) module now incorporates AI-generated least privilege policies, automated remediation of shadow admin risks, and real-time access and session summaries. These AI-powered capabilities enable organizations to proactively combat access sprawl and misconfigurations in hybrid environments with minimal manual intervention.

ManageEngine also addressed the inefficiencies and potential security gaps associated with business workflows using RPA and script-based automation that often rely on manual access provisioning. Modern IT teams require dynamic controls to streamline on-demand access within these automated workflows and bolster overall security.

According to Kannabiran, “Privileged task automation in PAM360 eliminates the need for administrators to manually grant and revoke necessary access privileges for every automated routine. Access is provisioned just in time, based on the task context, and revoked automatically once the task ends. This not only preserves admin bandwidth, but also reduces the risk of privilege misuse caused by excessive or standing access.”

Leveraging Zoho’s Qntrl, PAM360 now offers native automation capabilities, eliminating the need for third-party tools. This deep integration within the Zoho ecosystem allows for seamless orchestration of privileged access workflows, enhancing efficiency without compromising security. PAM360 streamlines vendor access with automated onboarding and offboarding, provisions temporary, just-in-time access with granular, time-bound controls, and ensures secure, hands-free transfer of privileged data – delivering speed, consistency, and reduced risk across the organization.

What do you see as the most critical emerging cybersecurity threats in 2025, and how should organizations prepare for them?
Emerging technologies like AI and ML are disruptors leading to the rise of cyberattacks. AI-powered attacks are increasingly affecting businesses via phishing scams, ransomware attacks, malware attacks, and endpoint vulnerability exploitation. Organisations need to move beyond traditional defences to mitigate this risk. By investing in proactive measures, like penetration testing to uncover vulnerabilities, and using purple team exercises to simulate real-world attacks, organisations can improve their threat detection and response.

With threats targeting both on-premises systems and cloud environments, it’s crucial to secure all digital fronts. Companies must also run tailored incident response drills to stay ready for fast-moving threats. Ultimately, building a strong, adaptive cybersecurity strategy that accounts for AI-driven attacks is essential to protect digital assets and stay resilient in the face of evolving cyber risks.

How is the rise of AI and quantum computing reshaping the cybersecurity landscape, and what risks do they introduce?
As much as it is being hailed for making our lives easy, AI has also become a powerful ally for digital miscreants. In particular, threat actors are using generative AI (GenAI) to create highly convincing phishing emails, fake websites, and deepfakes for deceiving users and stealing their information. Threat actors are also using GenAI to develop sophisticated malware that bypasses traditional security defences.

Similarly, quantum computing is a double-edged sword. These powerful machines are capable of rendering traditional encryption methods obsolete, especially public key cryptography, as what once took a traditional computer years to decode RSA-2048 (a widely used encryption algorithm) takes a quantum computer a matter of seconds or minutes to decode.

How do you predict ransomware tactics will evolve in the near future, and what proactive measures should businesses take?
Threat actors are using AI to develop sophisticated, highly accurate ransomware that not only widens the reach of the attack but increases the impact on its victims. And this issue will only get worse as threat actors evolve their use of AI to carry out these attacks, drastically altering the threat landscape.

Businesses can adopt several key strategies to defend against ransomware attacks effectively. These include improving employee awareness and periodic training, restricting user access by implementing a Zero Trust approach and multi-factor authentication, taking regular data backups, keeping systems updated, and configuring the firewall to filter out suspicious activities and network segmentation to limit the spread of malware.

How does regulatory compliance (like UAE’s Data Protection Law or Saudi’s NCA requirements) impact cybersecurity strategies for regional businesses?
Governments across the region, led by the UAE and Saudi Arabia, have taken it upon themselves to enforce a safe and resilient cyberspace. This is in line with the region’s ongoing efforts to promote digital innovation, thereby delivering better services for people and driving faster economic growth. Compliance mandates, like Saudi Arabia’s and the UAE’s PDPL, play a major role in setting various polices, standards, and guidelines to safeguard the IT infrastructure in the respective countries. By incorporating these controls in their cybersecurity strategies, regional businesses can improve their security posture and protect their sensitive data. Failure to do so not only makes them vulnerable to cyberattacks, but invites substantial fines, legal action, and loss of operating license.

Can you explain ManageEngine’s “unified security” approach and how it simplifies cybersecurity for enterprises?
With over 20 years of experience in observing the changing IT landscape and building highly scalable and integrable solutions, ManageEngine recognises there is no single path to cyber resilience for enterprises. To stay ahead of both established and emerging threats, there is a need to take a holistic approach wherein identities, endpoints, and network infrastructure are all properly secured and governed. ManageEngine’s AI-powered cybersecurity solutions, all of which have been built from ground-up, effectively ensure this. They also help enterprises comply with the most important cybersecurity frameworks and data privacy regulations like the GDPR and the PDPL.

How does ManageEngine leverage AI to enhance phishing simulations and employee training?
For over a decade, we have been researching emerging technologies, resulting in the development of our own in-house AI based on contextual intelligence. We understand AI’s importance in detecting and mitigating cyberattacks. Our AI capabilities can be leveraged for a variety of security use cases, such as ransomware protection, anomaly detection, data exfiltration, and preventing insider access abuse.

Most phishing attacks are carried out via email, which lures an individual to download malware that enables the attacker to breach the user’s system and network. By relying on AI, our solutions can flag potential phishing attempts by continuously analysing emails and websites. This will enable security administrators to prioritise such threats and mitigate their impact.

What key messages or solutions are you highlighting at GISEC this year?
At GISEC this year, our focus is on encouraging organisations to adopt unified security for an evolving threat landscape, as those that don’t are left vulnerable to today’s sophisticated threats. In an environment where threats are becoming more sophisticated and persistent, reliance on fragmented tools and siloed data is no longer sustainable. We are advocating for a shift toward integrated, intelligence-driven security architectures that enable organisations to anticipate, identify, and mitigate threats before they escalate.

At GISEC, we are demonstrating how a unified security model fosters resilience, agility, and operational efficiency—foundations that are critical for modern enterprise security leadership. We’ll be showcasing our cybersecurity suite, including SIEM, IAM, and PAM solutions—alongside the latest advancements in AI technology that are shaping the future of cyber defense.

How does GISEC help your company engage with the Middle Eastern cybersecurity market?
GISEC provides an opportunity to engage directly with the Middle Eastern cybersecurity market by showcasing our innovative solutions in a region that is rapidly evolving its security strategies. Through GISEC, we are able to demonstrate how adaptive, AI-driven defense mechanisms can empower organisations to transition from reactive to proactive security models. This aligns perfectly with the region’s growing focus on building resilient infrastructures in response to increasingly sophisticated cyberthreats.

The event allows us to collaborate on fostering a culture of cybersecurity resilience that not only addresses immediate threats but also anticipates future risks. By participating in GISEC, we gain deeper insights into regional needs, enhance brand visibility, and strengthen our partnerships across the Middle East.

How would you describe the current cybersecurity threat landscape in the Middle East?
The cybersecurity threat landscape in the Middle East is evolving rapidly, reflecting the region’s critical infrastructure and geopolitical importance. As of 2025, the primary challenge facing organisations in the Middle East extends beyond traditional threat vectors, with an increasing shift towards more advanced, AI-driven threats. These include highly sophisticated phishing campaigns and ransomware attacks, which are poised to become more targeted and difficult to detect.

This indicates not just an escalation of existing threats but a significant shift in the very nature of cyber warfare. The convergence of cutting-edge technologies and strategic regional vulnerabilities makes the Middle East a focal point for emerging cyberthreats, demanding a more dynamic and proactive cybersecurity strategy. In response, organisations must adopt next generation defence mechanisms that can anticipate and neutralise these sophisticated risks before they cause damage.

What are the most pressing cyber threats facing businesses in the region today?
Some of the key recent cybersecurity-related threats in the Middle East have been:

1. Ransomware attacks: High-profile cybersecurity attacks are occurring across industry verticals (e.g., oil and gas, BFSI, and healthcare).
2. AI-driven cyberthreats: The rapid adoption of AI and machine learning (ML) capabilities across industry verticals is empowering cyberattackers with newer forms of AI-driven attacks, leading to theft and loss of sensitive data due to ransomware.
3. Phishing attacks: Phishing attacks have been on the rise, with AI-powered phishing making scam attempts tougher to detect.
4. Cloud vulnerabilities: Cloud adoption has been increasing in the Middle East; this has led to an increased risk of cloud vulnerabilities, as misconfigurations in storage, exposed APIs, and weak IAM policies can lead to further cyber risk.

How do cultural or regulatory differences impact cybersecurity strategies in the Middle East compared to other regions?
Each region will have its own unique challenges and needs to address, especially on the cybersecurity front. The Middle East has been largely affected by spiking AI-powered cyberattacks and ransomware scams that have resulted in huge business losses. In a region that employs emerging technologies like AI and ML, it is also important for organisations to upgrade and enhance their cybersecurity postures with the latest tech to counter such threats.

In addition to this, each region will have its own regulations to adhere to since compliance regulations vary with location. At ManageEngine, we actively ensure that our customers are compliant with local regulations through our suite of IT solutions and also focus on the needs of each region by prioritising cybersecurity needs, like those in the Middle East.

How do your company’s products and services address the specific threats faced by regional businesses?
ManageEngine offers a comprehensive suite of IT solutions that enables regional organisations to stay secured and work without operational delays. Our cybersecurity suite of solutions comprises solutions that cater to the core domains of IAM, SIEM, and PAM, amongst others. Our cybersecurity solutions help organisations meet the cybersecurity demands of today and ensure their data privacy concerns are taken care of.

We also enable regional organisations to meet industry standards and adhere to regional compliance mandates (e.g., the GDPR, HIPAA, and the PCI DSS) to ensure that data privacy and regulatory requirements are met. Apart from this, we also ensure continuous monitoring of the IT environment to address and mitigate cyber breaches to enable rapid incident response and prompt resolution of threats. On top of all of this, customisation is key to our model—it allows us to address the evolving threat landscape while offering flexibility and adaptability for each of our customers’ unique needs.

What advice would you give to regional businesses looking to strengthen their cybersecurity posture in 2025?
The cybersecurity landscape has been rapidly evolving with an expanding threat landscape only accelerated by the evolution of emerging technologies such as AI and ML. It is important for regional businesses to secure themselves both on-premises and in the cloud since bad actors exploit endpoint vulnerabilities, cloud loopholes, and outdated cyber infrastructure with AI-powered cyberattacks. Regional businesses should prioritise deploying an overarching cybersecurity strategy that enables them to secure their digital assets to ensure they can ward off ransomware attacks and manoeuvre through cyberthreats.

How is generative AI being utilised to enhance cybersecurity measures today?
Generative AI is redefining cybersecurity’s future, transforming defenses from reactive to predictive. By simulating threats, auto-remediating incidents, and decoding attacker tactics, it empowers organisations to stay ahead of adversaries. Yet, its true power lies in harmonising human expertise with machine speed—augmenting analysts to focus on strategic risks, not routine alerts. As AI-generated attacks surge, the same technology becomes a double-edged sword, demanding ethical frameworks to prevent misuse.

Forward-thinking leaders must prioritise adaptive AI ecosystems that learn in real time while safeguarding trust. The next frontier isn’t just about stopping threats but fostering resilience through innovation, collaboration, and responsible AI governance. Cybersecurity’s evolution hinges on this balance.

What potential risks does generative AI introduce in the cybersecurity landscape, such as AI-driven cyberattacks?
Generative AI, while a powerful defender, also brings in sophisticated threats. While empowering defenses, it supercharges attacks: AI-crafted deepfakes erode trust, hyper-personalised phishing bypasses filters, and self-mutating malware evades detection. Adversaries leverage AI to automate exploitation, democratising sophisticated attacks for low-skilled threat actors.

Worse, AI models themselves become targets—poisoned training data or adversarial inputs can corrupt defensive systems. This arms race erodes the asymmetrical defenders once relied on. Leaders must confront the paradox: the tools fortifying security also weaponise threats. Mitigation hinges on AI-augmented threat hunting, adversarial testing of models, and global collaboration to govern AI’s ethical use. Proactive resilience, not just reaction, is the new imperative.

How can organisations leverage generative AI for proactive threat detection and response?
Generative AI enables organisations to shift from reactive to anticipatory cybersecurity by synthesising intelligence and automating precision. By training models on historical and synthetic threat data, AI identifies subtle attack patterns—like zero-day exploits or insider risks—before they escalate. Real-time behavioral analysis flags anomalies in user activity or network traffic, while AI-driven simulations stress-test defenses against evolving adversarial tactics (e.g., AI-generated phishing lures).

Automated playbooks powered generative-AI tools, instantly quarantine threats and patch vulnerabilities, slashing response times. Crucially, generative AI augments human teams—curating actionable insights from noise—enabling analysts to prioritise high-impact risks. The key lies in ethical, explainable AI frameworks that balance autonomy with oversight, fostering trust in machine-augmented defense.

What ethical concerns arise when using generative AI in cybersecurity, and how can they be addressed?
Ethical AI in cybersecurity isn’t just about security; it’s about building a future where security and rights coexist. The ethical frontier of generative AI in cybersecurity demands rigorous introspection, particularly regarding data provenance. The AI’s very efficacy hinges on the data it consumes, a double-edged sword. What type of datasets are ethically sound, and what would constitute a privacy minefield?

We must move beyond mere technical accuracy and embrace ethical precision. Training AI on sensitive, personally identifiable information, or data reflecting historical biases, risks perpetuating and amplifying societal inequalities within security systems. This demands a paradigm shift: prioritising anonymised, representative datasets, and rigorously auditing training data for potential biases.

What challenges do cybersecurity teams face when integrating generative AI tools into their workflows?
Integrating generative AI into cybersecurity workflows presents a formidable challenge: balancing innovation with operational integrity. The crux of the issue lies in the accuracy of AI-driven remediation. Inaccurate detection breeds false positives, overwhelming SOCs and eroding analyst trust. More critically, flawed remediation suggestions risk catastrophic configuration changes, impacting employee experience and potentially crippling critical infrastructure.

Imagine AI incorrectly disabling a crucial user account or altering vital system configurations. This necessitates a paradigm shift: AI as an augmentation, not an automation, tool. Rigorous testing, human-in-the-loop protocols, and granular control are paramount. We must avoid the allure of fully automated remediation instead of focusing on AI as a powerful analytical tool that empowers human decision-making. The future of AI in cybersecurity hinges on cautious integration, prioritising accuracy and control to prevent unintended consequences.

Are there any notable examples of generative AI successfully preventing or mitigating cyberattacks?
While the vision of AI autonomously repelling cyberattacks captivates, the reality remains a journey, not a destination. We’ve achieved a pivotal advancement: AI’s prowess in threat detection. However, the full spectrum of AI-driven mitigation remains largely theoretical, confined to controlled environments and phased deployments. Enterprises are cautiously navigating this landscape, recognising the potential but wary of the unknown.

We stand at the cusp of a paradigm shift, where AI’s predictive capabilities could preemptively neutralise threats. Yet, true realisation requires meticulous testing and controlled integration. The focus must shift from isolated detection to a holistic, AI-powered security ecosystem. The future holds immense promises, but responsible innovation demands a measured approach, acknowledging that the AI-driven cybersecurity revolution is still in its nascent stages.

How do you see generative AI evolving in the cybersecurity domain over the next few years?
The trajectory of generative AI in cybersecurity points towards a significant evolution, primarily aimed at alleviating the chronic resource shortage plaguing Security Operations Centers (SOCs). We’re witnessing a shift from reactive to proactive security, where AI’s extensive training and Retrieval Augmented Generation (RAG) capabilities will dramatically reduce incident investigation times. By seamlessly integrating data from disparate ecosystems, AI will provide enriched, contextualised insights, empowering analysts to make faster, more informed decisions.

This evolution will not be about replacing human analysts but about augmenting their capabilities. AI will become a powerful force multiplier, automating mundane tasks and freeing up human experts to focus on complex, strategic threats. We’ll see AI evolving into a sophisticated threat intelligence platform, capable of predicting and preempting attacks rather than merely reacting to them. The future of cybersecurity will be defined by a collaborative partnership between human intelligence and AI’s analytical prowess.

What role does human oversight (HITL) play in ensuring generative AI systems are effectively managing cybersecurity threats?
In the dynamic realm of cybersecurity, generative AI serves as a powerful ally, but its efficacy is fundamentally dependent on human oversight. AI excels at processing vast datasets, identifying anomalies, and automating routine tasks. However, it lacks the nuanced understanding of context, ethical considerations, and strategic adaptability that human analysts possess.

HITL ensures that AI-generated alerts are validated, false positives are filtered, and complex threats are accurately assessed. It’s the critical bridge between algorithmic precision and human intuition, ensuring AI remains a tool, not a replacement, for strategic security. Furthermore, human oversight is vital for mitigating bias in AI models and adapting to the ever-evolving threat landscape, ensuring ethical and effective AI deployment

How can smaller organisations with limited budgets incorporate generative AI for cybersecurity?
For resource-constrained organisations, AI cybersecurity isn’t a luxury, but a strategic imperative. The key lies in intelligent deployment. Embrace MSSPs as force multipliers, gaining access to sophisticated AI defences without prohibitive capital expenditure. Prioritise targeted AI applications, focusing on high-return areas like phishing and anomaly detection, thus maximising impact with finite resources.

Democratise AI access through open-source tools and AI-infused security platforms. Crucially, cultivate an AI-literate workforce. Investing in targeted education ensures these tools are leveraged effectively, transforming potential into tangible security gains. This isn’t about mere adoption; it’s about strategic empowerment, turning budgetary constraints into a catalyst for innovative security.

What best practices would you recommend for implementing generative AI tools while minimising risks?
To truly unlock generative AI’s cybersecurity potential, we must build a fortified framework, not merely deploy tools. Foundational to this is rigorous data governance, ensuring AI’s intelligence is built on pristine, unbiased data. Continuous model vigilance is non-negotiable; constant monitoring and evaluation are essential to preempt performance drift and bias.

Human-in-the-loop protocols are the linchpin, guaranteeing that critical decisions remain anchored in human wisdom. Proactive risk assessments and relentless security testing transform vulnerabilities into strengths. Transparency, woven into the AI’s decision-making fabric, builds trust. Clear policies and procedures, coupled with a commitment to staying at the forefront of AI evolution, ensure adaptability in a rapidly changing threat landscape. This holistic approach empowers organisations to harness AI’s transformative power, not as a gamble, but as a strategic, risk-mitigated advantage.

ManageEngine’s leadership believes this shift empowers enterprises, system integrators (SIs) and managed security service providers (MSSPs) to combat evolving threats on their own terms, turning SIEM from a cost center into a strategic asset. Log360’s evolution into a robust security platform began last year with key enhancements, laying the foundation for future innovation. These enhancements included proactive threat intelligence through dark web monitoring powered by Constella Intelligence, investigation triad capabilities for faster alert analysis via enriched security events and an enhanced correlation engine for complex threat detection.

“A platform isn’t defined by just what it does today, but by what it enables tomorrow. With Log360 evolving as a platform, we’re empowering customers and partners to innovate on top of our foundation, whether integrating cutting-edge AI models or niche compliance frameworks. This ecosystem-driven approach turns security from a cost center into a strategic enabler,” says Manikandan Thangaraj, vice president at ManageEngine.

Key highlights of ManageEngine’s Unified Security Platform:

1. Unified visibility, zero complexity: Make it easier for teams to identify, investigate and respond to threats. Log360 facilitates the consolidation of disparate security data into a single, unified view, eliminating the need to juggle multiple tools and dashboards.
2. Customizations at scale: Enable customizations at scale through API-driven integrations that empower MSSPs, SIs and enterprises to address unique challenges, optimize their security workflows and go beyond standard roadmaps.
3. Accelerated innovation: Enable swift integration of AI, machine learning, and other advanced technologies with the platform architecture. This not only keeps Log360 at the forefront of security but also ensures enterprises benefit from the swift adoption of latest advancements in threat detection and response.
4. A perfect sharing ecosystem: Facilitate industry-specific threat intelligence sharing, enabling smaller teams to benefit from the collective knowledge of the community. ManageEngine’s Marketplace democratizes access to valuable expertise and improves incident response effectiveness by making extensions and data connectors publicly available.
5. Compliance agility: Leverage Log360’s developer ecosystem to enable rapid updates, addressing new regulations and revisions to existing mandates as they arise. This eliminates the delays associated with traditional vendor upgrades.

Looking ahead, ManageEngine will expand Log360’s platform capabilities by growing its partner and developer ecosystem with industry-specific extensions, integrating advanced AI and ML tools for predictive security and fostering community-driven security innovation. As an initial step towards this direction, ManageEngine has entered into a partnership with Sacumen, a firm specializing in the development of cybersecurity product engineering and services.

“Our partnership with ManageEngine reflects our shared vision: empowering enterprises with comprehensive and integrated security solutions. Sacumen’s contribution lies in building the crucial bridges—the connectors—that allow Log360 to seamlessly interact with the broader security ecosystem, maximizing its value for customers,” says Nitesh Sinha, CEO and founder of Sacumen. “ManageEngine’s platform approach coupled with Sacumen’s expertise in connector development breaks down the data silos, providing unified visibility and streamlined integration, empowering enterprises to move beyond reactive security and embrace a proactive, data-driven defense.”

Log360 is available as both on-premises and cloud deployments. The cloud version, Log360 Cloud, is available in four editions—Basic, Standard, Professional, and MSSP. The Basic edition starts at $300 per year with 75GB of default storage and 90-days search retention. The on-premises deployment starts at $1,540.

ITIL continues to be the most widely recognized ITSM best practice standard globally, guiding organizations focused on streamlining their service delivery workflows. PeopleCert’s ATV program verifies the ITIL alignment of IT service management vendors by undertaking a comprehensive assessment of the tool’s functionality and the ITIL proficiency of staff engaged in functions like development, sales and implementation on the vendor’s side. ManageEngine’s position in the ATV program signifies the organization’s proficiency in the ITSM domain and its expertise in building a service management platform that is closely aligned with ITIL. This empowers customers to design and implement industry-recommended best practice workflows right out of the box on the ServiceDesk Plus platform.

Dmitry Isaychenko, portfolio director at PeopleCert, added, “Businesses trust ITIL for success. For them, ITIL is not just a brand but a source of proven best practices. Claims of ITIL adherence raise their expectations regarding the quality of implementations. This is why PeopleCert launched the ATV accreditation program. Today, we are delighted to welcome ManageEngine as an ITIL-accredited tool vendor. Together, we can help customers make more informed decisions when selecting ITSM tools and planning long-term investments in their implementations.”

This certification marks ServiceDesk Plus’ ITIL alignment for 14 practices, which include Change Enablement, Deployment Management, Incident Management, IT Asset Management, Knowledge Management, Measurement and Reporting, Monitoring & Event Management, Problem Management, Release Management, Service Catalogue Management, Service Configuration Management, Service Financial Management, Service Level Management and Service Request Management.

Currently, ManageEngine has been onboarded as a Silver-level member with plans to move up the tiers by certifying more ManageEngine staff in the coming year. “We are excited to partner with PeopleCert and join their ITIL-ATV program. This partnership reaffirms our commitment to building a best-in-class service management platform that adheres to industry best practices,” said Kumaravel Ramakrishnan, director of technology at ManageEngine. “For over 20 years, ServiceDesk Plus has been empowering customers to streamline service delivery for IT and other business teams. We will further this with deep investments in cutting-edge tech like AI to deliver transformative value to customers and prospects. ServiceDesk Plus will continue to evolve as an intelligent service management platform that aligns with industry best practices, providing transformational business outcomes to enterprise IT teams.”

ServiceDesk Plus is available across three editions: Standard, Professional, and Enterprise. The Standard edition starts at $13 per technician per month.

Can you share your journey into the security world? What inspired you to pursue a career in this field?
I started my journey as an intern and later transitioned into an AI engineering role. What drew me to the field of security was its unique challenge—defense must be 100% accurate, while an attacker only needs one successful attempt out of 100. That single successful attack can render the 99 successful defenses ineffective. This complexity and high-stakes environment captivated me and inspired me to pursue a career in security.

What were some of the biggest challenges you faced as a woman, and how did you overcome them?
The biggest barrier I faced in my career was overcoming self-doubt. Early on, I often questioned whether my approach to solving problems was the right one, sometimes over analysing every step. In AI, there’s rarely one clear path to follow; multiple models and techniques can be used to address the same problem. There were times when I felt a certain approach was the right engineering solution but still grappled with the fear that I might be wrong. What if the path I chose didn’t work? What if I wasted time and looked incapable? Those doubts were always there.

Over time, I realised that it’s not about always being right but about embracing the process of exploration. It’s okay to take a path that doesn’t lead to immediate success, as long as you can explain why you chose it. Even if an approach doesn’t work out, the learnings from those failures are invaluable—they often help inform the next steps. For example, out of 10 approaches, I may end up choosing the ninth, but the lessons learned from the previous eight will contribute in some way to the success of that approach.

I also feel obliged to the company culture, which has played a big part in helping me overcome these challenges. In our company, the focus is on how you approach a problem and what you learn along the way, rather than simply delivering a result. The management truly understands that not every path will yield success right away, but the knowledge gained is never wasted. The technical freedom I have here to explore new ideas is invaluable, and I don’t think I would have this kind of support anywhere else. This culture has been key in helping me grow and build the confidence to push through self-doubt.

How do you describe your leadership style, and how has it evolved over time?
My leadership has evolved to become more centered around the people I work with. Initially, the focus was more on the technical aspects, but over time, I’ve realised that success isn’t just about accomplishing tasks, it’s about fostering an environment where learning is enjoyable, growth is supported, and everyone feels valued. I believe each person brings unique strengths to the table, and as I’ve gained experience, I’ve shifted to a more people-centric approach. Now, I prioritise tailoring work and processes to suit individuals rather than forcing people to adapt to rigid processes.

What strategies do you use to motivate and empower your team?
To motivate and empower my team, I focus on fostering a culture of learning and resilience. Coming from a research background, I understand that not every approach will yield immediate results, and setbacks are part of the process. When an idea doesn’t work out, I remind my team that no effort is ever wasted—there’s always valuable learning that can be applied elsewhere. By framing challenges as opportunities for growth and emphasising the importance of experimentation, I ensure my team members stay motivated and confident in their ability to innovate and succeed.

Have you had any mentors or role models who have significantly influenced your career? How did they impact your journey?
Sheryl Sandberg has been a huge inspiration to me. Her leadership in the tech industry, her advocacy for women through Lean In, and her tireless efforts for workplace inclusion and equality are qualities I deeply admire. Personally, I connect with her message on a profound level. In my own experience, particularly with the women I mentor—including those in the MARUPADI program, a career-relaunch boot camp offered by Zoho Schools of Learning—I’ve noticed a pattern.

Many of the women I work with, who report to me, tend to hesitate even when they know the answer. This hesitation often stems from an underlying fear of judgment or making mistakes, leading to self-doubt. I don’t observe this level of hesitation as often in men. Sheryl’s insights, especially in her book Lean In, have inspired me to help women overcome these barriers and empower them to embrace their potential with confidence.

What advice would you give to young women aspiring to enter the security world?
My advice to young women looking to start a career in tech is to stay inquisitive and continuously update yourself, as this is a field that evolves rapidly. It’s crucial not to buy into the idea that tech is only for men—there is space for everyone, and your voice matters. Reaching out to colleagues and seeking mentorship can make a huge difference in your journey.

I remember when I was an intern and I had an insightful conversation with a manager in the pantry—one of those casual, water-cooler moments. I was working on a feature and wanted to understand how it impacted the customer, so I asked them for their perspective. They shared some valuable advice: what sets an engineer apart is the willingness to go beyond just writing code and pushing it out. They recommended that I always strive to understand the customer’s experience, not just the technical side of things. That advice has been a game-changer for me, and I’ve followed it ever since. It has truly made a difference in my career, and I’m grateful for it.

Can you highlight some of your proudest achievements in your career so far?
My proudest achievement to date has been successfully deploying AI models into production and managing the massive scale of requests for it each month. This required not only technical expertise but also a deep understanding of the business context to ensure the models provided real value to customers. A standout project for me was collaborating with Site24x7, ManageEngine’s full-stack monitoring solution, where we implemented anomaly detection and forecasting in its monitoring systems. This was during a period when AI wasn’t as widely discussed as it is today. The scale was immense, reaching billions of requests per month.

Hence, we had to innovate and build infrastructure from the ground up, ensuring we met customer expectations, such as 99% uptime guarantees. One of the most rewarding part of this journey was seeing the final product in action, especially when it made a tangible impact on our customers. For example, customers were able to use AI to identify causes of issues, and hearing their positive feedback made the entire effort worth it. It’s one thing to develop a model, but to see it actually being used in real time, solving problems, and benefiting users was the true reward. That sense of gratification is what I hold most dear.

How do you manage work-life balance, and what tips do you have for other women striving to achieve this balance?
For me, work-life balance comes naturally when you enjoy what you do. Work doesn’t feel like a burden, and it’s easier to manage everything without feeling overwhelmed. My advice to other women is to find work you’re passionate about and take time for yourself. Find out what works for you and what makes you happy in both work and life.

How did the industry and your company fare in 2024, and what were the key highlights?
In 2024, the industry saw notable technological advancements aimed at addressing evolving business needs. Organizations shifted away from outdated practices, embracing innovative solutions to strengthen their market position. As technology continues to rapidly evolve, companies have become more proactive in evaluating all aspects of their operations to ensure they contribute to overall growth. These efforts reflect a broader industry trend of adapting to newer technologies and optimizing business strategies to stay competitive and achieve long-term success.

What opportunities do you foresee for 2025, and how do you plan to leverage them?
The rise of emergent technologies like AI and ML capabilities has only seen more traction in 2024, and the initial investments into these technologies will see more output and returns in 2025. Likewise, 2024 has also been a year wherein the threat landscape has evolved with cyber criminals making use of AI capabilities to their best benefit, resulting in a higher count of cyberattacks this past year with AI-driven threats, enhanced phishing and hacking threats causing a sense of worry amongst organisations. 2025 will be a year for AI in cybersecurity with organisations set to invest more into AI capabilities in cyber defences to strengthen their cyberspace against such emerging cyber threats.

What major challenges did you encounter in 2024, and how did you address them?
Cybersecurity has been the keyword for 2024. With the rise in cyberattacks in the region, the onus has been upgrading our suite of products to counter the next-gen cyber threats, which have been powered by emergent technologies. Our priority has always been towards securing the cyberspace of organisations and that remains a top priority going into 2025. AI as technology has proved its worth as well as been a thorn in the way cyber-attacks being enhanced with this technology. We have been adding to our cybersecurity capabilities with the latest AI/ML capabilities to empower organisations against the ever-evolving cyber threats that we see in the region.

Which emerging technologies do you believe will be in high demand in 2025, and why?
AI technology has seen rapid adoption in 2024, and the same could be expected in 2025. Organisations have been investing in AI capabilities with a drive towards automation. Much of the earlier investments have been beginning to show results. However, with the rapid adoption of new technology also comes the threat of the technology being leveraged for cyberattacks. Thus, we can expect organisations to invest in AI in cybersecurity to enhance and secure their cyberspace.

What will be your primary focus areas and strategic priorities for 2025?
The region has been one of the pioneers and leaders in the adoption of AI technology, which has only accelerated the pace of digital transformation. We aim to be part of the same journey by enabling organisations to achieve their business goals and objectives through our suite of solutions. We will be prioritizing enhancing our suite of solutions with emergent technologies by incorporating AI/ML capabilities to better equip organisations to achieve their business objectives.

Check out the GITEX 2024 Special Edition: https://arabianreseller.com/oct2024

Wondering what shadow IT is? Shadow IT refers to the use of software and hardware tools or services by employees without the knowledge of the organization’s IT department.

The use of shadow IT tools has been a topic of discussion for years, with each company having its stance. Using these tools is often more about personal preference than anything else, and the same applies to how companies handle them. Most people lean toward shadow IT because official IT software tools often do not offer features that cater to individual preferences.

Some commonly used tools that fall under shadow IT include project management tools like Trello and Notion, messenger apps like WhatsApp, and file transfer apps like WeTransfer and Dropbox. The common factor? They’re all easy to access and use. However, with the rise of GenAI, everyone’s new shadow IT tool is ChatGPT.

The problems
I’m sure you already know the main issues that make companies dislike shadow IT tools: privacy and security.

Let’s look at ChatGPT. The use of ChatGPT isn’t regulated in most organizations, and many companies are still at a crossroads regarding GenAI tools. There’s a risk of employees unintentionally sharing sensitive information, leading to data leaks. This could include intellectual property, like code used to build applications, or personal information such as phone number, email address, house address, and more.

Whatever the sensitive information may be, it’s not safe to share it with tools like ChatGPT. Threat actors are constantly trying to breach systems, especially widely used tools like ChatGPT, where there’s much to gain. There’s still an obvious vulnerability here despite companies providing best practices to employees.

Another problem with shadow IT tools is that they restrict collaboration. If one team member uses a cool, new project management app to track progress and others use a different tool, it’s difficult to stay on the same page. For example, design and development teams often work together on the same project, such as designing web pages.

If the design team uses one project management tool and the development team another, how can they collaborate and work in sync to meet deadlines? It creates unnecessary friction. This is why organizations provide the same, approved project management tools for everyone. While using different tools might boost individual productivity, it can cause productivity issues within the project as a whole.

From a financial standpoint, companies pay for business tools that their employees use. If employees start using free online tools instead, the money spent on approved tools for a user who uses a shadow IT tool instead becomes a loss for the company.

Additionally, when organizations approve software solutions, those tools are vetted by a team of professionals and comply with the laws and regulations that the company must follow. However, we can’t be sure those tools are compliant when employees download apps on an ad-hoc basis, and employees usually don’t check for these things when they download or use shadow IT apps.

The good
Shadow IT tools are awesome. We all agree on that. The tools organizations give us, or approve, are often outdated. They’ve been around in the tech landscape for years (for good reasons, of course), but as technology advances, we don’t want to be tied to old tools that lack new features, which could make our work easier.

Restricting access to apps doesn’t feel great. We all work differently and have unique preferences. Using shadow IT tools that we like makes us feel more productive, and empowered, and allows for individuality in the workplace. When we use tools we love, we tend to be more efficient compared to when we’re stuck using approved, traditional tools that may lack the features we need.

The verdict
Shadow IT comes with many advantages, and dismissing it solely because of the risks isn’t wise. If we think about it, all tools carry some degree of risk. It’s up to us to be educated and understand how to use them securely and efficiently while benefiting the team and the company we work for. Shadow IT tools might benefit you individually, but what’s more important is to look at the bigger picture and ensure that your teamwork doesn’t get affected because of this.

Speaking of the financial loss that a company incurs while giving out tools that an employee may not need, what can be done instead is that organizations can avoid giving all the tools that an employee might need. Even if it’s a tool that employees may need regularly, us a request-based system so that employees reach out to get a paid tool by the company only if they need it and want to use it. This eliminates the unnecessary cost incurred by the company when an employee is provided with paid tools by default but chooses to use a shadow IT tool instead.

At first glance, shadow IT might seem like a problem, but with employee education and empowerment, it doesn’t have to be. Restricting shadow IT tools is easy, but educating employees is key.

ManageEngine is a company that believes in employee-driven innovation and encourages its employees to be aware of secure cybersecurity practices while allowing room for individuality. To learn more about ManageEngine and its offerings that allow you to have a secure and efficient IT infrastructure, click here.