Cybersecurity has become a permanent fixture of enterprise strategy, shaped by steadily rising investment and greater executive attention. Organizational structures have matured, and technical controls have grown more sophisticated. Despite this apparent progress, large-scale incidents continue to expose gaps in cybersecurity. Today, the challenge lies in the difficulty of translating sophisticated tooling into measurable risk reduction. “There’s a peculiar comfort in pretending cybersecurity is working,” says Ankush Chowdhary, Group Chief Information Security Officer at Hoya. “If you squint hard enough, it almost looks like progress. But we’re not solving problems. We’re dressing them up, giving them badges, and promoting them to leadership.”
His critique begins with the way modern security environments are designed and managed. Across enterprises and governments, security stacks have expanded into complex layers of abstraction. Cloud pipelines rely on components few teams can fully audit. Disparate tools are consolidated into platforms that generate more alerts than teams can realistically analyze. At the same time, many defensive assumptions are shaped by procurement processes rather than adversarial behavior.
“We built a glass cathedral on top of a dumpster fire,” Chowdhary says. “Then we handed the fire a microphone and called it leadership.” The outcome is an environment where exposure is driven as much by organizational structure as by technology. Siloed teams, misaligned incentives, and risk reporting that prioritizes reassurance over clarity have made accountability harder to establish, even as complexity continues to grow.
When Process Becomes Theater
If architecture is one fault line, process is another. Over time, frameworks and audits have taken on near-religious status. They are followed meticulously, measured obsessively, and rarely questioned. Chowdhary calls this shift cyber theater. “Frameworks became scripture, tools became relics, and leadership became a priesthood,” he says. Compliance is performed, dashboards are interpreted, and posture is discussed, even as breach reports tell a different story. The rapid adoption of artificial intelligence has intensified this problem. AI is often bolted onto already opaque systems, increasing complexity without improving understanding. “We don’t have an AI strategy,” Chowdhary says. “We have AI superstition.”
The Age of Heroes Is Ending
The industry likes to celebrate individual visionaries and charismatic leaders. Chowdhary believes that model has run its course. “The cyber industry doesn’t need more heroes,” he says. “It needs defectors.” By that, he means practitioners who refuse to defend broken processes simply because they are labeled mature. They burn sacred cows because they recognize cardboard when they see it. They care less about titles and more about truth, showing up with working code rather than polished narratives. “Heretics don’t fit in because the system wasn’t built to survive scrutiny,” he says. “They don’t polish the old model. They tear it down and start over, with discipline, not ego.”
Sovereign cyber teams ship security like software, iterating quickly instead of waiting for universal buy-in. Risk reporting gives way to risk reduction. Bloated org charts are stripped of fictional roles that exist to signal maturity rather than deliver protection. AI, in this model, is treated as an adversarial co-architect. Agents are trained to simulate attacks, challenge assumptions, and even model defection scenarios within systems.
“You don’t let untrained AI agents make decisions you don’t understand,” Chowdhary says. Governance supports action instead of replacing it. At the core are principles that cut through ceremony: do not glorify frameworks over functioning systems; do not confuse theater with control; do not measure success in meetings or vibes. Above all, do not ask permission to fix the system you were hired to protect.
The Stakes of Rebellion
This isn’t disruption for the sake of disruption. It is a response to ossification. As security organizations grow heavier, slower, and more performative, attackers benefit from the gap between confidence and capability. “This isn’t a call to action,” Chowdhary says. “It’s a call to rebellion, the disciplined kind.” The future belongs to those willing to ignore what is broken long enough to build what is not. Conviction, not permission, becomes the differentiator.
Follow Ankush Chowdhary on LinkedIn for more insights.
