In this interview, Ravi Teja speaks about why organisations rushing to deploy AI without a rigorous data foundation are setting themselves up for costly failures and why cybersecurity, far from being a cost line, is the connective tissue that holds every intelligent operation together. He offers a sharply grounded perspective on data fragmentation, the real price of operational blind spots, and what it actually takes to build resilience that scales.
CIO & Leader: Most organisations are already neck-deep in AI pilots. But many are struggling to graduate from pilot to production. What’s the single most under-acknowledged reason for that stall?
Ravi Teja J: The honest answer is that most organisations underestimate what I call the ‘data credibility gap.’ They invest in AI tooling, hire the talent, build the use cases and then the models behave unpredictably in production. When teams dig in, the root cause is almost always the same: the data feeding those models is inconsistent, poorly labelled, incompletely governed, or simply fragmented across environments that have never spoken to each other properly.
AI rewards precision. You can have the most sophisticated model in the market, but if the operational data it is drawing from is riddled with gaps, stale timestamps, or conflicting schemas from legacy integrations, the model will surface conclusions that are either misleading or dangerously incomplete. In cybersecurity, that is not just an embarrassment it is a material risk.
The organisations that are successfully scaling AI in operations are the ones that started with a very disciplined data readiness exercise, before they ever wrote a single line of model code. They asked hard questions: What do we actually observe? What are we missing? Where does our telemetry go dark? it is the foundation everything else rests on.
The organisations that are scaling AI in operations started with a rigorous data readiness exercise, before they wrote a single line of model code.
CIO & Leader: You lead both operations intelligence and cybersecurity under one mandate. In most enterprises, these still live in different towers. What is the strategic case for bringing them together?
Ravi Teja J: The case is not theoretical anymore; it is operational reality. Consider what a modern threat looks like. It does not announce itself through the security perimeter alone. It moves laterally through application layers, exploits misconfigurations in cloud environments, leverages compromised credentials inside business workflows, and camouflages itself within what looks like normal operational noise. If your security team and your ops intelligence function are not sharing a common data plane, you have structural blind spots that adversaries are already exploiting.
When ops intelligence and cybersecurity share the same observability layer, a few things happen that simply cannot happen otherwise. First, the signal-to-noise ratio improves dramatically, because you can contextualise a security alert against what the application or infrastructure was doing operationally at that exact moment. Second, response times compress, because the team investigating the incident already has the full operational picture, not just the security event in isolation. Third, and perhaps most important, you start building predictive postures rather than reactive ones.
If your security team and your ops intelligence function are not sharing a common data plane, you have structural blind spots that adversaries are already exploiting.
CIO & Leader: Enterprises are generating more machine data than ever before. But volume alone does not guarantee value. How do you distinguish signal from noise at scale, especially when AI agents themselves are generating data?
Ravi Teja J: This is one of the defining challenges of the next five years. The expansion of agentic AI means we are entering a phase where machines are not just producing data as a byproduct of human activity, they are generating data as autonomous actors. An AI agent performing a task sequence leaves behind a rich trail of signals: decision logs, API calls, resource consumption patterns, inter-agent communications. If you are not instrumented to capture and interpret that trail, you are flying blind through your own infrastructure.
The way we approach signal quality is through what I call contextual triage. Raw volume is irrelevant. What matters is whether a given data point can tell you something meaningful about state – the state of a system, the state of a transaction, the state of a threat. That requires tagging data at the point of creation with enough metadata to make it questionable in context, not just retrievable in isolation.
Raw data volume is irrelevant. What matters is whether a data point can tell you something meaningful about state and whether you can reach it in time to act.
CIO & Leader: Regulatory pressure in India is intensifying CERT-In timelines, DPDP obligations, sector-specific mandates. How are these changing the way organisations think about their data and security architectures?
Ravi Teja J: Regulation is functioning as an accelerant, and I think that is broadly a positive development even if the short-term compliance pressure is demanding. What regulations like CERT-In’s six-hour incident reporting window and the Digital Personal Data Protection Act are doing is forcing organisations to ask architectural questions they had been deferring. You cannot meet a six-hour reporting SLA if your log aggregation is fragmented, your monitoring coverage has gaps, and your incident response runbooks are still document-based rather than automated.
What we are seeing is a shift from compliance as a checkbox exercise to compliance as an architecture requirement. Security and data governance are now being baked into infrastructure decisions at the design phase, not retrofitted after the fact. That shift, while overdue, is genuinely significant.
There is also a personal accountability dimension that has changed the conversation at the leadership level. When CISOs and senior operations leaders face direct exposure under regulatory frameworks, the discussion around data governance, monitoring investment, and incident preparedness moves from a technical conversation to a board-level priority. That elevation of urgency is changing budget allocations, staffing decisions, and vendor relationships across the industry.
Security and data governance are now being baked into infrastructure decisions at the design phase, not retrofitted after the fact.
CIO & Leader: Legacy infrastructure remains deeply embedded in Indian enterprises, particularly in banking, utilities, and manufacturing. How do you approach operational intelligence and security in environments where modernisation is a decade-long journey?
Ravi Teja J: Legacy is not a problem to be solved; it is a condition to be managed intelligently. The instinct to treat legacy infrastructure as something to be discarded as quickly as possible often leads to either reckless migration decisions or analysis paralysis where nothing changes because the modernisation path looks too expensive. Neither outcome serves the organisation.
Our approach is to establish observability first, regardless of how old the underlying system is. If a core system has been running for twenty years, it may not natively emit modern telemetry formats. But with the right instrumentation layer, you can still extract meaningful operational signals like performance indicators, access patterns, anomaly deviations and feed those into a unified intelligence environment alongside data from your cloud-native workloads.
Security coverage is non-negotiable regardless of system age. Some of the most critical vulnerabilities in enterprise environments are not in cutting-edge infrastructure, they are in systems that have been running so long that nobody remembers exactly what they do or who depends on them. Mapping those dependencies, establishing baseline behaviour, and detecting deviations is exactly the work that ops intelligence needs to own.
Hybrid environments are not a transitional state anymore. They are the permanent reality for most large organisations, and the operational and security frameworks you build need to be designed for that permanence, not for an imagined future state where everything is cloud native.
Hybrid environments are not a transitional state anymore. They are the permanent reality and the frameworks you build must be designed for that permanence.
CIO & Leader: There is a growing conversation about AI being used offensively by attackers, not just defenders. How much of a shift is this representing in how you think about threat models?
Ravi Teja J: It is not a future threat; it is a present one. AI-augmented attacks are already being observed across sectors: more sophisticated phishing campaigns that defeat traditional heuristics, automated vulnerability scanning that operates at a scale and speed no human team can match, and increasingly, adversarial use of generative models to construct convincing synthetic identities and social engineering narratives.
What this means for defenders is that the asymmetry, which already favoured attackers, has sharpened further. Attackers only need to succeed once. Defenders need to succeed continuously. When attackers can automate and iterate their tactics using AI, the cost of their operations drops while the cost of detection rises, unless the defensive side is making equivalent investments in intelligence-led, automated operations.
The response to AI-augmented threats has to be AI-powered defence. Not AI as an augmentation to existing manual workflows, but AI as the primary operating mechanism, with humans supervising at the level of policy and exception rather than executing at the level of every alert. That transition is uncomfortable for organisations accustomed to human-centric security operations, but it is not optional anymore.
The response to AI-augmented threats has to be AI-powered defence.
CIO & Leader: What is your guidance for operations and security leaders trying to justify AI investment to boards that are sceptical of ROI?
Ravi Teja J: Lead with outcomes, not technology. Boards do not need to understand the architecture of a machine learning model; they need to understand what changes in business performance when operational intelligence is mature versus immature. Frame the conversation around concrete, observable outcomes: mean time to detection and response, reduction in unplanned downtime, percentage of threat alerts requiring human triage versus those resolved autonomously, improvement in compliance posture and audit readiness.
The second principle is to design for reuse from the start. The data you collect and instrument for cybersecurity purposes should not sit in a dedicated security silo, it should be structured and governed in a way that makes it accessible for operational analytics, capacity planning, customer experience monitoring, and business continuity use cases. When the same intelligence infrastructure is serving multiple functions, the ROI case becomes substantially easier to make, because you are not asking for cybersecurity budget in isolation, you are proposing a shared intelligence capability that the entire organisation benefits from.
Finally, be honest about the cost of inaction. The risk is not just a future breach, it is the compounding operational inefficiency of running fragmented, siloed tooling at scale, of paying for the same data multiple times across different platforms, and of losing the ability to make fast, confident decisions when the moment demands it. That cost is real, it is measurable, and in my experience, it is far larger than most organisations have calculated.
The cost of inaction is not just a future breach, it is the compounding inefficiency of fragmented tooling, duplicated data costs, and decisions made too slowly.
