From posture to prioritization: The shift toward unified runtime platforms

In this Help Net Security interview, Rinki Sethi, Chief Security Officer at Upwind, discusses how runtime platforms help CISOs shift from managing tools to managing risk. She encourages CISOs to position runtime as a practical layer for real-time risk reduction, especially when facing legacy constraints.

Looking ahead, she sees security leaders playing a bigger role in shaping infrastructure and innovation, with teams working more closely across functions as tools converge.

What advice would you offer to CISOs who are considering adopting runtime-first platforms but are constrained by legacy tooling or internal resistance?

For CISOs considering a runtime-first approach but facing legacy or organizational resistance, the key is to reframe the conversation around risk reduction and operational visibility. Legacy tools often focus on static configurations and theoretical threats, while runtime platforms offer real-time insight into what’s actually happening in the environment – where risk materializes. Instead of positioning it as a full replacement, CISOs can introduce runtime as a complementary layer that fills critical detection and response gaps. Starting with targeted pilots in high-impact areas can demonstrate value quickly and help build internal momentum for broader adoption.

What types of skills and mindsets do you believe the next generation of cloud security leaders need most, and how are you helping to foster that pipeline?

The next generation of cloud security leaders needs to be deeply strategic. They need to be able to understand how cloud systems work, how they can be abused, automated, and defended in real time. With the rise of AI, the attack surface is expanding rapidly, and the pace of decision-making is accelerating. Future leaders must be fluent in automation, identity architectures, and how to operationalize AI securely.

But mindset matters just as much: curiosity, adaptability, and the ability to navigate ambiguity will be essential. I’m focused on building that pipeline by creating real-world exposure through boardroom preparation, hands-on access to cutting-edge tools, and building communities that give rising talent a front row seat to how modern security strategy gets shaped.

How do you see the integration of CSPM, CWPP, and other components into a single runtime platform affecting how CISOs structure their teams and workflows?

As CSPM, CWPP, and other cloud security components converge into unified runtime platforms, CISOs have a real opportunity to rethink how security teams operate. Instead of siloed teams focused on posture, workload, or incident response, we’re moving toward integrated workflows where context matters more than categories.

Runtime platforms enable continuous visibility and prioritization across identities, workloads, and configurations, so teams can shift from managing tools to managing risk. This convergence encourages more agile, cross-functional teams that align closely with DevOps and platform engineering – reducing handoffs and accelerating response. Ultimately, it changes the CISO’s role from tool integrator to strategic risk orchestrator.

As a founding partner at Lockstep Ventures, how do you go about spotting the next big disruptive force in cybersecurity?

We chose the name Lockstep for a reason: we move in lockstep with our community. That community is built on two core pillars: practitioners and founders. Practitioners are the nucleus of what makes us tick.

As active CISOs ourselves, Lucas Moody and I built Lockstep to reflect the lived experience of those in the trenches – solving real-world problems, anticipating what’s coming next, and identifying the gaps legacy vendors overlook.

Founders are the catalysts of change – the ones with the vision, curiosity, and drive to challenge the status quo. We look for those who pair deep technical insight with relentless execution and a passion for building. Our job is to bring these two communities together to serve as the connective tissue and surface the next wave of investable, disruptive forces in cybersecurity.

Looking five years ahead, how do you see the cloud security landscape changing, and what role should security leaders play in shaping that future?

Five years from now, cloud security will be far more autonomous, identity-driven, and runtime-aware. With the rise of AI and ephemeral infrastructure, traditional perimeter and posture-based models will no longer be sufficient. Security will need to happen continuously, in context, and at the speed of change.

Leaders won’t just secure environments – they’ll shape how infrastructure is built, how AI is governed, and how risk is measured in real time. The most effective CISOs will act as architects of secure innovation – embedding security into engineering, influencing product roadmaps, and ensuring the organization can move fast without losing control.