From defending tech giants to mentoring the next generation, Rinki Sethi reflects on her journey through cybersecurity’s frontlines — and why the future of digital security must be inclusive, innovative and AI-ready
Rinki Sethi has led security strategy at some of the world’s most influential companies — eBay, Walmart, IBM, Twitter, and now, Upwind Security, where she serves as chief security and strategy officer. Across a career spanning decades, she has helped shape how enterprises think about risk, resilience, and building secure digital ecosystems.
In this in-depth interview, she discusses the evolution of cybersecurity, the rising role of women in tech, and how organisations must prepare for a future shaped by AI and global cyber threats.
Congratulations on your new role at Upwind. You’ve built security infrastructure for companies like eBay, Walmart, and PG&E. What experiences have shaped your approach to cybersecurity leadership?
Thank you — I’m really excited about this new chapter. My approach to cybersecurity has been deeply shaped by the diversity of environments I’ve worked in. When I first started at Pacific Gas and Electric, there wasn’t even a defined CISO role. Security was seen as an operational task rather than a leadership concern. That meant we were building from the ground up — no roadmap, just instinct and collaboration. Then, at eBay, I entered an environment that was at the forefront of online commerce. We were seeing some of the earliest sophisticated cyber threats — phishing, social engineering, account takeovers — and had to learn on the go.
That period taught me that if you’re working in a tech-forward organisation, you can’t treat security as an afterthought. You have to be as innovative as the people building the products — and as fast as the attackers trying to exploit them. Later, at Twitter and IBM, I began to see how large-scale, global infrastructure needed a proactive, intelligence-driven approach to security. Across all these roles, I’ve learnt that leadership isn’t about knowing every technical detail — it’s about building resilient teams, aligning with business strategy, and staying one step ahead.
At Walmart, you were involved in developing a USD 100 million security infrastructure. What was that like?
It was a fascinating and challenging experience. I was working with the e-commerce division — walmart.com — which was in its early growth stage at the time. Unlike the massive security operations we now associate with global retailers, back then, we had a very lean security team. The trigger for building our infrastructure was a breach at Sam’s Club that had implications for payment security. That event pushed PCI compliance to the top of the agenda.
We were operating without the sophisticated tools we take for granted today. There were no AI-driven anti-phishing platforms or automated site takedown services. When phishing sites popped up, we had to manually contact ISPs to bring them down. We were running incident response playbooks manually and doing everything from endpoint security to compliance reporting ourselves.
What I took away from that experience was the importance of agility and collaboration. You don’t need a large team or endless resources to build effective security — you need strong cross-functional partnerships and a deep understanding of where the business is heading.
You started as a software developer. How has that technical foundation shaped your leadership style in cybersecurity?
That background has been absolutely foundational. Early on, I didn’t think I’d end up in cybersecurity. My first impression was that it was all governance and policy — very disconnected from the actual technology. But that changed when I got involved in secure coding initiatives. I started training developers, and instead of traditional classroom-style learning, we encouraged them to hack their own code, find their own vulnerabilities, and fix them.
That hands-on experience transformed how they saw security — it wasn’t just another checklist; it was something creative, impactful, and empowering. That moment changed me too. It made me realise that effective security leadership isn’t just about processes or controls. It’s about culture, empathy, and communication. It’s about understanding your audience — whether they’re developers, executives, or customers — and shaping security in a way that resonates with them.
As a leader, I’ve learned that if you approach cybersecurity purely through enforcement, you’ll struggle. But if you build trust, if you demonstrate how security enables innovation, people will come along for the journey.
India has taken cybersecurity more seriously in recent years, especially after high-profile incidents like the AIIMS ransomware attack. Do you think the country has been behind the curve?
It’s true that high-impact attacks, especially on healthcare and critical infrastructure, have been a wake-up call for many countries — India included. When I was recently in India, I was encouraged to see the amount of innovation happening in both the public and private sectors. There’s a huge pool of talent, and many startups are working on world-class solutions.
But yes, historically, investment in cybersecurity hasn’t always matched the speed of digital adoption. India’s rapid move towards digitisation — from Aadhaar to UPI — has increased the attack surface significantly. Until a few years ago, there was less urgency around protecting these systems. Post-COVID and following major breaches, that urgency has grown.
But it’s important to note this isn’t unique to India. Every country has its own cybersecurity maturity curve. What matters is the momentum we’re seeing now — there’s a growing recognition that cybersecurity is not just an IT problem but a national priority.
You’ve received several accolades, including the ‘One to Watch’ award from CSO Magazine. What do you think has contributed most to your professional recognition?
I think it comes down to impact and consistency. I’ve always believed in giving back — whether that’s through mentorship, education, or advocacy. One of the initiatives I’m most proud of was helping launch the first cybersecurity badges for the Girl Scouts in the US. It introduced thousands of young girls — from kindergarten through to secondary school — to cybersecurity concepts in a hands-on, engaging way. Many of those girls are now pursuing careers in the field.
Awards and recognition are humbling, but what really drives me is the opportunity to make a lasting difference. Whether it’s through building secure platforms or inspiring the next generation, I want my work to ripple out in ways that matter.
More women than ever before are leading in cybersecurity. Do you see this as a meaningful shift?
Yes — and it’s something I’m really proud to be part of. When I started, there were very few women in technical security roles. The industry felt like a boys’ club, and it was hard to see examples of women who were CISOs or security architects, let alone executives. I honestly thought I had already reached the ceiling by becoming an engineer.
But that has changed. Today, we’re seeing women leading global security functions, founding cybersecurity startups, and speaking at the biggest conferences in the world. They’re not just participating — they’re shaping the conversation. Of course, we still have work to do when it comes to representation and inclusivity, but the shift is real, and it’s accelerating.
You were part of the award-winning team at eBay that received SC Magazine’s Team of the Year. What did that recognition mean to you at the time?
That was a really special moment. I was early in my career, and being part of that team helped me understand what high-performing security looked like. Our CISO at the time was visionary — he gave us the freedom to experiment, to try new things, and to focus on solving problems creatively.
Winning that award was validation that we were doing something different — something that worked. It boosted my confidence and gave me a taste of what it means to build a security function that’s both technically strong and strategically aligned with business goals.
You’ve led teams across different geographies and cultures. How do you build a unified security culture in such diverse environments?
Culture isn’t something you can impose from the top. You have to invest time in understanding local contexts — how teams operate, what their challenges are, what motivates them. At the same time, you need strong executive support and a shared global vision.
The key is to build champions within each region — people who understand both the global strategy and the local execution. When you empower those individuals and listen to their input, you can create a culture that’s both consistent and adaptable. It becomes less about compliance and more about shared purpose.
Cybersecurity budgets are often scrutinised. How do you approach making the case for investment?
It’s all about storytelling. If you walk into a boardroom and say “we need more budget”, you won’t get far. But if you frame it in terms of risk — what’s at stake, what the business stands to lose, and how specific investments will protect growth — then it becomes a strategic discussion.
I’ve also found it helpful to come with data, scenarios, and clear prioritisation. Show that you’re not asking for a blank cheque — you’re asking for targeted resources to address specific threats. When leaders see that you’re aligned with the company’s mission and you can speak their language, they listen.
Why don’t cybersecurity companies become as mainstream or well-known as consumer tech brands?
Because they operate behind the curtain. People don’t engage with cybersecurity products directly — they benefit from them silently. The average person doesn’t think about endpoint detection or threat intelligence; they just want to know their data is safe.
But I think that’s starting to shift. As breaches become more public and more personal, there’s growing interest in what goes on behind the scenes. Companies like Upwind are leading that charge by making security real-time, transparent, and tightly integrated with modern infrastructure. I believe the cybersecurity industry is heading towards a moment of greater visibility and broader cultural relevance.
Artificial general intelligence (AGI) is developing fast. What role will it play in cybersecurity?
AGI is already changing the game. We’re seeing AI being used not just defensively, but offensively — attackers are automating social engineering, bypassing defences, and generating malicious code faster than ever before. That raises the stakes for defenders.
Cybersecurity has to evolve with it. We need smarter systems, faster detection, and adaptive responses that can learn and adjust in real time. That’s part of why I joined Upwind — the team here is thinking ahead, building solutions for a world where AI and AGI are the norm, not the exception. We’re not just reacting — we’re designing for the next era of digital protection.
