In a domain still striving for gender parity, Dr. Priyanka Sunder (PD) stands as a compelling example of what two decades of purpose-driven leadership looks like. A multi-award-winning cybersecurity strategist, she has built her career at the intersection of governance, risk, and compliance — navigating Big 4 advisory boardrooms, global regulatory frameworks, and complex digital transformations across nine countries. As Co-founder of CHRIO SecureMojo and a National Cyber Security Scholar, Dr. Sunder brings rare depth to conversations around GRC, cloud security, and enterprise resilience. Her recognitions — including Cybersecurity Leader of the Year 2025, Top CISO 2023 (BFSI), and Global 200 Women Power Leader — reflect not just technical expertise, but a leadership philosophy rooted in empathy, continuous learning, and servant leadership. On the occasion of International Women's Day, we sat down with Dr. Sunder to talk about how cybersecurity governance has evolved, what it takes to build a real security culture inside organizations, and what she would tell women who are just starting out in this field. Read full interview below:

Dr Priyanka Sunder (PD) Interview on Cybersecurity, GRC & Leadership

TCE: On the occasion of International Women's Day, how do you see the role of women evolving in cybersecurity leadership and governance?

Dr. Priyanka Sunder (PD): Women bring unique perspectives that enrich strategy and problem-solving — empathy, patience, determination, and attention to detail are not just soft skills but critical enablers of effective cybersecurity. These qualities help uncover root causes, ensure logical closures of risk remediations, and strengthen decision-making. By turning challenges into opportunities and stepping beyond comfort zones, we build cross-functional skills, foster a One Team culture, and position cybersecurity as a true business enabler. Women leaders excel at servant and situational leadership, building the trust and collaboration that unite teams around common organizational goals — inspiring the next generation to see cybersecurity not just as a career, but as a calling.

TCE: How have you seen GRC evolve in helping organizations manage today's complex threat landscape?

Dr. Priyanka Sunder (PD): When I started as an Information Security Analyst 20 years ago, organizations treated compliance as a "check in the box" exercise. It took over a decade for the shift toward recognizing that cyber hygiene is a fundamental pillar of enterprise resilience. Today, companies understand that compliance is not a one-time effort — it's a moving target. The question is no longer "have you been compromised?" but "how prepared are we, and how fast can we recover?" GRC now plays a critical role through periodic maturity assessments, Information Security scorecards, integrated business continuity testing, and third-party risk management. A strong cybersecurity training and awareness framework — which can reduce 90% of risks from human error — is equally central to that mission.

TCE: How can organizations align multiple compliance frameworks like NIST, ISO 27001, RBI, MAS TRM, and GDPR without impacting operational agility?

Dr. Priyanka Sunder (PD): Throughout my career, I've emphasized secure code development, secure configurations, and hardening baselines as foundational drivers for safely adopting emerging technologies like AI, OT, and cloud. These form the pillars of Security by Design — driving operational excellence while keeping Information Security agile and enabling collective transformation.

TCE: What are the most critical controls organizations should prioritize when securing cloud environments?

Dr. Priyanka Sunder (PD): In the shared responsibility model, organizations must prioritize mitigating vendor dependency, ensuring data localization for jurisdictional compliance, maintaining robust backup strategies, preventing security misconfigurations across containers and storage, and implementing strong key management practices. A phased migration approach, combined with proactively addressing these challenges, helps organizations strengthen cloud security while ensuring smoother transitions.

TCE: What practical strategies can organizations adopt to build a stronger security culture?

Dr. Priyanka Sunder (PD): Strong leadership commitment is the foundation. When management consistently models secure behaviour — using multi-factor authentication, reporting suspicious activity — it signals that cybersecurity is a shared responsibility, not just an IT function. Training must be continuous, engaging, and role-tailored: bite-sized learning, phishing simulations, secure coding workshops, and fraud prevention sessions help employees internalize security practically. Appointing "security champions" within departments fosters collective influence, and employees should feel safe reporting mistakes without fear of blame. Together, leadership buy-in, engaging training, and employee empowerment transform staff into the organization's strongest line of defence.

TCE: What are the most common risk management gaps you observe across enterprises today?

Dr. Priyanka Sunder (PD): Drawing from five years in Big 4 IT Advisory and over a decade in financial services, the most critical gaps I've observed are: absence of robust GRC solutions for effective risk and compliance management, lack of integrated patch management for real-time visibility and timely remediation, and inadequate cybersecurity awareness among employees, vendors, and customers. Other recurring gaps include weak change management, cloud security, access controls, and endpoint security.

TCE: How can cybersecurity leaders better communicate risk posture and investment priorities to executive stakeholders?

Dr. Priyanka Sunder (PD): Business leaders understand numbers and focus on the big picture, so it's imperative to speak their language. Present risk mitigations, GRC benefits, and cybersecurity impacts — financial losses, reputational damage, customer attrition, service disruptions — in quantifiable terms. Quantitative risk assessment models and GRC solutions can articulate the financial impact of control gaps, measurable ROIs, and periodic KRIs and KPIs, giving senior management clear assurance of cybersecurity's true value and supporting informed decision-making.

TCE: What advice would you give aspiring women professionals building careers in GRC and cybersecurity?

Dr. Priyanka Sunder (PD): Turning challenges into opportunities has been a defining theme for me — overcoming bias in the early years, managing burnout during peak career phases, and achieving breakthroughs in recent years. These experiences reinforced my belief that growth can be both intrinsic and extrinsic, lateral and linear. Stepping outside comfort zones fosters cross-functional skill development and cultivates a strong One Team culture. Continuous learning has been central to my own journey, and I encourage women professionals to leverage that same mindset to build resilient, long-term careers in cybersecurity.

What if the biggest vulnerability in your security system isn't a line of code — it's a person? That's the question driving one of cybersecurity's most compelling thinkers today. In this exclusive Dr. Sheeba Armoogum interview, we sit down with the Associate Professor in Cybersecurity at the University of Mauritius — a researcher, author, and strategist whose work spans AI-driven threat detection, digital forensics, cyberpsychology, and quantum security.

With over two decades of experience across academia, research, and industry, Dr. Sheeba Armoogum has built a reputation for asking the questions others overlook.

What happens to your digital identity after you die? Why do technically sound systems still get breached? And why does cybersecurity still struggle to include the very diversity of thinking it desperately needs?

Her recently published book, Digital Afterlife: A Global Framework for Law, Technology and Victim Justice, is already reshaping conversations around digital legacy and governance, a field most security professionals haven't even begun to map.

From the psychology behind cyberattacks to ethical AI design, from mentoring the next generation of women in cybersecurity to building systems that are not just intelligent but accountable — Dr. Sheeba Armoogum doesn't just defend networks. She defends trust.

Read on full Dr. Sheeba Armoogum interview:

Dr. Sheeba Armoogum Interview on Women, Leadership, and Structural Change

TCE: You have worked across academia, research, and industry for over two decades. What first inspired you to pursue cybersecurity, and how has your journey evolved over the years?

Dr. Sheeba Armoogum: My journey into cybersecurity did not begin with a grand plan. It started with curiosity — an urge to understand how systems think, respond, and connect to the world. This fascination also led me to a realisation: as we became more interconnected, our vulnerability increased. I saw how easily systems could be compromised and how breaches affected not just data but people's finances, privacy, and sense of security. Cybersecurity transformed from a technical field into a deeply human concern. My doctoral research marked a significant turning point. It encouraged me to rethink not only how we block known threats but also how to build systems that can adapt, learn, and evolve. As my work progressed, I explored how AI could detect patterns humans might overlook, how digital forensics could protect justice, how cyberpsychology could explain why people become victims of manipulation, and how quantum cybersecurity could redefine what 'secure' truly means. Today, I no longer see cybersecurity merely as protecting infrastructure. I consider it as safeguarding trust.

TCE: Cybersecurity is constantly evolving with AI, quantum technologies, and digital forensics. Which emerging area do you believe will most reshape the future of cyber defense?

Dr. Sheeba Armoogum: Artificial Intelligence will transform cyber defense in ways we're only beginning to understand. Historically, security has been reactive: an attack occurs, a signature is created, and a patch is released. We are now shifting towards an era where systems must anticipate threats proactively. What excites me is the ability of AI-driven systems to detect subtle behavioural changes — minor anomalies potentially indicating an early breach before any damage occurs. At the same time, I remain cautious. When AI systems operate as black boxes, making decisions that even their creators can't fully explain, we face a different kind of vulnerability. Security architectures should be intelligent, yet also auditable, transparent, and ethically aligned. I envision systems that safeguard not only networks but also public confidence. Ultimately, cyber defence revolves around maintaining trust within a digital society.

TCE: As a global advocate for innovation and research, what are the biggest challenges women still face in cybersecurity, especially in leadership and technical research roles?

Dr. Sheeba Armoogum: While progress is visible, it is not yet deeply rooted structurally. More women are joining the field, but just entering the profession doesn't equate to having influence. Many women begin in operational or support roles, but fewer hold positions in advanced areas like algorithmic research, secure systems architecture, or strategic advisory roles where long-term security decisions are made. A subtle issue lies in how credibility is perceived. Women often need to repeatedly demonstrate their expertise before receiving recognition. Addressing this cannot depend only on encouragement — it demands institutional maturity, with deliberate access to fair research funding, structured doctoral mentorship, and inclusion in international research consortia. Representation in patent development, standards committees, and strategic innovation boards shapes the future of the field. Cybersecurity depends on diverse thinking, and when leadership includes a variety of experiences, overall resilience improves.

Also Read: Top 50 Women Leaders in Cybersecurity to Watch in 2026

TCE: This year's Women's Day theme focuses on "Give to Gain." What does this idea mean to you in the context of mentoring and empowering the next generation of women in cybersecurity?

Dr. Sheeba Armoogum: For me, "Give to Gain" reflects how cybersecurity operates in reality. No system is completely secure by itself — resilience requires a collective effort, and sharing knowledge strengthens protection. I now see mentorship as more than generosity; it's a strategic investment in future stability. When young researchers are entrusted with complex algorithmic challenges or guided in ethical AI design, they are not merely acquiring knowledge; they are becoming integral to the next line of defence. When expertise is limited to a few individuals, systems become more fragile. When knowledge is shared thoughtfully, ecosystems are strengthened. In cybersecurity, giving is not a loss. It is multiplication.

TCE: You lead and mentor doctoral researchers through your CyberSecurity & Forensics Research initiatives. What are three practical steps organizations can take to encourage more women to enter advanced cybersecurity research?

Dr. Sheeba Armoogum: Our strategy should extend beyond motivational messages. First, organizations must establish well-defined, funded pathways into high-impact technical disciplines — opportunities in AI-based intrusion detection, quantum-safe cryptography, or advanced digital forensics need to be deliberately made accessible, making women integral contributors at the foundational level. Second, exposure plays a crucial role. True confidence is gained through hands-on experience — working in AI labs, contributing to secure system designs, or analysing real forensic datasets builds both technical skills and intellectual authority. Third, visibility holds significant influence. When women lead keynote technical sessions, showcase new algorithms, or participate in standards committees, it signals that leadership is not exceptional; it is normal. Aspiration is shaped by what appears achievable.

TCE: Your recent book, Digital Afterlife: A Global Framework for Law, Technology and Victim Justice, explores an important emerging topic. What inspired you to write it, and why is digital legacy becoming a critical cybersecurity and policy concern?

Dr. Sheeba Armoogum: Digital Afterlife originated from a recurring question: what happens to our digital footprint when we're gone? Cybersecurity conversations focus on breaches and encryption but often overlook what remains — digital identities, intellectual property, cloud storage, social media profiles, and AI models trained on personal information. Our legal and governance frameworks lag behind. When someone passes away, their digital footprints don't disappear; they persist. Families are left managing passwords, privacy policies, and legal uncertainties during moments of grief. Digital legacy has shifted from a philosophical concern to a practical security issue. Dormant accounts can be exploited for identity theft, unmanaged digital wallets are vulnerable, and research data may become compromised. The book provides a framework combining law, cybersecurity protocols, platform governance, and victim justice. Managing digital afterlife is not optional — it is an increasingly important responsibility. Safeguarding dignity must go beyond simply protecting life.

TCE: From a cybersecurity and digital forensics perspective, what should individuals and organizations start doing today to better manage digital footprints and digital assets after death?

Dr. Sheeba Armoogum: A significant part of our value — personal, intellectual, or economic — resides digitally. Individuals must treat digital assets with the same importance as physical property: online accounts, intellectual property, research data, digital wallets, and professional platforms all need to be accounted for. Estate planning now needs to include digital credentials and instructions — documenting digital footprints, clarifying data intentions, and ensuring lawful, secure transfer of access. Organizations share a similar responsibility. They should proactively create access procedures, developing structured data governance policies, clear transfer protocols, and memorialisation frameworks in advance. Without proactive planning, digital remnants can lead to identity theft, internal disputes, or legal issues. Cybersecurity must now focus on lifecycle management, understanding that digital systems outlive individuals, and governance should be structured to reflect this.

TCE: You work at the intersection of AI, cybersecurity, and cyberpsychology. How do you see human behavior influencing future cyber threats and defense strategies?

Dr. Sheeba Armoogum: Cyber threats now mainly target individuals rather than systems. The key vulnerability is often psychological. Social engineering is about manipulating trust. AI-generated impersonations sound convincing because they replicate familiarity. Sextortion tactics rely on fear and shame, while misinformation campaigns exploit biases and emotional reactions. Attackers analyse behaviour as carefully as they inspect infrastructure. This is why relying solely on technical security measures is insufficient. Cyber resilience must extend beyond architecture to include behavioural science, digital literacy, and psychological awareness. Analysing why people become victims reveals recurring patterns — emotional triggers, situational stress, and social influences. Recognising these patterns helps develop more effective training and awareness campaigns. Protecting systems depends on understanding people.

TCE: As both a CIO/CISO-level strategist and academic leader, how do you balance technical innovation with ethical responsibility, especially in AI-driven security environments?

Dr. Sheeba Armoogum: Every intelligent system makes decisions, but the key questions are whether those decisions are understandable, auditable, and justifiable. Bias auditing, explainability, and traceability are not mere administrative tasks; they are essential safeguards. Without them, there is a risk of embedding hidden biases or opaque processes into security systems. In high-stakes environments, there's often a push toward speed — but prioritising quick results without ethical oversight causes long-term instability. A system that functions well but isn't accountable will eventually erode trust. I do not see ethics as a barrier to innovation but as a means of stabilising the structure. Responsible innovation guarantees that as our systems grow more intelligent, they stay fair, transparent, and justifiable.

TCE: What advice would you give to young women aspiring to build impactful careers in cybersecurity, particularly those who may feel intimidated by the technical depth of the field?

Dr. Sheeba Armoogum: Take both the field and yourself seriously. Begin by mastering the fundamentals — understand how data moves through networks, how encryption protects information, and how AI models learn. A strong foundation naturally boosts confidence. Start exploring early, even if it feels overwhelming. Genuine progress happens when you apply theory to real-world challenges: designing, building, testing, and sometimes failing before achieving success. Do not let technical intimidation take over. True expertise is based on understanding, not volume. What truly matters in cybersecurity is competence, curiosity, and courage — the willingness to ask difficult questions and challenge assumptions. Your perspective is not just an addition to the field; it is vital to its development. Diversity in thinking improves architecture, refines threat modelling, and drives innovation. Your contribution is not minor; it is crucial.