Dan Bradbury, Head of Product, UpGuard, chats about key cybersecurity solutions, best practices for cybersecurity teams and more in this CIO Interview:
Tell us about yourself and your role at UpGuard.
I’m the Chief Product Officer at UpGuard, where I lead the team responsible for shaping and building our products. I’ve spent over 20 years in tech, working across software and financial services, and I’ve always enjoyed solving complex problems and creating tools that make a real difference to how companies protect themselves.
What key cybersecurity solution implementation challenges would you highlight in this Q&A?
One of the biggest challenges security teams face is turning data into action. Security tools are great at collecting mountains of information, but sifting through to find what matters can slow teams down. With resources always stretched, teams need to spend more time actually strengthening defenses.
A more emerging challenge is getting real value from AI. AI can deliver productivity gains, but only when it’s treated as a tool, not a magic bullet. Some solutions automate too narrowly or introduce high error rates, which can end up creating more work than they save. The key is using AI to meaningfully automate tasks while ensuring teams retain oversight and apply critical judgment to what the technology delivers.
If teams adopt AI solutions with high error rates or ones that only solve narrow problems, they may end up creating more work than they save. The key is using AI to meaningfully automate tasks while keeping human oversight front and center.
Also Read: CIO Influence Interview with Dan Mountstephen, Senior Vice President – APJ, Saviynt
How can modern security teams better protect the brands and organizations they work with?
Modern security teams aren’t just protecting systems; they are protecting the brand itself while making sure the business can move forward. As companies embrace AI and other emerging technologies, security teams must enable innovation without opening the door to unnecessary risks. That means striking the right balance between speed and control, ensuring new tools are rolled out without putting sensitive data at risk. The key to this is strong data governance, ensuring AI and other technologies can be used safely without exposing critical information.
Managing data wisely is just as important as securing it. Holding onto unnecessary data only adds complexity, so teams should focus on storing what’s essential. But security isn’t just about what happens inside a company, it extends across the entire supply chain. A business is only as secure as the vendors it relies on, which means looking beyond direct suppliers to assess fourth- and even nth-party vendors to understand who else is handling sensitive data. The key is constant assessment and action: finding weak spots in vendor security and fixing them early. That’s how teams can strengthen the entire data ecosystem and stay ahead of supply chain risks.
Cybersecurity operations are evolving—where do you see this heading with new technology?
Despite the boom over the last two years, we’re still in the early days of putting generative AI to work for real productivity gains. While it’s called generative AI for its ability to create responses, the remarkable ability we take for granted is how good it is at reading text, images and more. Today’s models can process over 100k tokens, meaning they can process entire books at once. Using this technology to rewrite emails in a ‘more polite tone’ is just scratching the surface compared to its ability to answer questions based on the vast pool of public code and documentation ever produced.
For security operations, this shift opens up both new possibilities and new threats. Tasks that require reading large amounts of text – whether it’s security audits, product documentation, or legal notices – will become significantly faster. Security has always been closely tied to privacy; in many ways, security is just the technical implementation of legal privacy requirements. But today, the process is slowed down by the sheer effort required to read and interpret policy documents. Generative AI changes that. By making it easier to process and understand complex governance materials, security teams will be able to align their technical objectives with broader compliance goals far more efficiently.
What should security teams consider as they integrate AI to enhance their threat detection?
The most important thing to remember when integrating AI is that all the same fundamental rules of software security still apply. Who owns the asset? What model is being used? What environments will it operate in? What data is being processed, and how sensitive is it? Answering these standard IT asset management questions naturally leads to AI-specific considerations. What weaknesses or biases does a given model have? How do we properly sanitize the data going in and out? These questions aren’t new; whether it’s SQL injection or prompt injection, sanitizing inputs is always practiced.
That said, AI isn’t here to replace security professionals. Like any tool, it can help speed up tasks and reduce the burden of repetitive work, but the responsibility for decision-making still lies with the person using it. Just as AI can draft code for a developer but still needs human review, security teams need to verify AI outputs and apply critical thinking to what the technology provides. AI is an accelerator, but it’s not ready to take the wheel on its own.
AI also brings data leakage risks, especially when models are operated by third parties. The first step in mitigating this is understanding what data is being processed and what sanitization
measures are in place. This not only reduces risk but also clarifies the residual risk the business is ultimately accepting.
Also Read:Â CIO Influence Interview with Seva Vayner, Product Director of Edge Cloud and Edge AI at Gcore
Before we wrap up, what are five daily best practices you’d recommend for cybersecurity teams?
Time box your news check-in. Every day brings new vulnerabilities, threat campaigns, data breaches, and security tools. You can’t afford to be a day late on a major zero-day, but you also can’t chase down a proof-of-concept for a random WordPress plugin exploit. Give it 30 minutes, get what you need, and move on.
Talk to people outside security. The biggest shifts in cybersecurity often come from outside it. AI in cybersecurity, for example, wouldn’t exist without years of computer science research on NLP. Staying connected with experts in other fields will keep you ahead of the curve.
Ask for help. Benjamin Franklin said if you need a big favor from someone, ask them for a small favor first. Turns out that it isn’t just an old trick – it’s a proven psychological effect (it’s now called the Benjamin Franklin effect). Security teams will inevitably need cooperation from others, so start building those relationships early.
Get the right tools for the job. By investing in solutions that sharpen your focus, streamline your efforts, and prioritise what’s important, you can build resilience proactively. In the long run, the right toolset can make your team faster and more cost-efficient.
Take a walk. Burnout is everywhere in security. Walking outside does more than burn a few calories; it gives your eyes a break from the screen, lets your brain reset, and helps your circadian rhythm recalibrate with natural sunlight.
[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]
Daniel Bradbury is the Chief Product Officer at UpGuard. UpGuard uses first and third-party cybersecurity ratings to improve your security posture.
UpGuard is a comprehensive cyber risk solution that combines third-party security ratings, vendor questionnaires, and threat intelligence capabilities to help businesses manage and improve their security posture.
