Rashid Feroze's avatarPerson

Rashid Feroze

Head of Security engineeringCRED

Bengaluru, Karnataka, India

Skills

Information Security
Security
Team Leadership

About

Rashid Feroze is a security leader with over a decade in the field, securing high-growth fintech and e-commerce environments through periods of rapid scale and tightening regulation. He is currently Head of Security Engineering at one of India's largest fintech platforms, where he built and leads the security function - covering cloud security, threat detection and response, application and data protection, and AI security. He increasingly focuses on the security challenges emerging at the intersection of regulated financial infrastructure and AI systems, from supply chain threats in the AI ecosystem to the new risks introduced by agentic systems. He is a regular speaker at international security conferences, including BlackHat USA, Bsides, Nullcon, and ElasticON, and contributes to industry conversations on cloud security, AI security, and security leadership.

Published content

Why AI Is Forcing Security Leaders Beyond Detection and Response

expert panel

Artificial intelligence has fundamentally changed cybersecurity—not just for defenders but also for attackers. AI can now generate convincing phishing campaigns, rapidly mutate malware and automate reconnaissance at a scale that would have required large teams only a few years ago. As attack velocity accelerates, many organizations are discovering that even mature detection and response capabilities struggle to keep pace.That shift is forcing security leaders to rethink longstanding assumptions. Members of the Senior Executive Cybersecurity Think Tank, a community of experienced cybersecurity executives and practitioners, argue that future-ready organizations will succeed not by responding faster, but by preventing more attacks from succeeding in the first place.According to IBM's Cost of a Data Breach Report, organizations that combine AI-driven security with proactive risk reduction significantly reduce both breach costs and response times, reinforcing the business value of moving security "left" before attackers gain a foothold.Below, Think Tank members share practical strategies for moving beyond reactive security, highlighting the technologies, processes and leadership mindset needed to stay ahead of these AI-powered threats.

Beyond CVE Scores: How to Find and Fix the Vulnerabilities That Matter

expert panel

Vulnerability management used to depend on a familiar rhythm: A new flaw was disclosed, public databases added analysis and security teams worked through the queue by severity. That model is now straining under its own weight. Vulnerability disclosures keep climbing, but the National Vulnerability Database has faced a significant operational breakdown: Beginning in early 2024, NIST sharply slowed enrichment of new CVE entries, and in April 2026, NIST formally announced it would no longer enrich all CVE entries, moving to a triage model that leaves the majority of submissions without scores, metadata or supporting analysis.Security leaders need to rethink defensive strategies, from monitoring to remediation. Even with the help of automation, teams with limited resources can’t approach every vulnerability with equal urgency, and waiting for more complete information can leave a business exposed while attackers keep moving. Security teams must learn to weigh new vulnerabilities in terms of the organization’s real environment, operational priorities and potential business impact. In a world of incomplete signals, security leaders need a sharper sense of which risks matter now, which can wait and which require a different kind of control altogether. Members of the Senior Executive Cybersecurity Think Tank are leaders in enterprise cybersecurity strategies, data breach prevention, risk management and modern security architecture. Below, they share how organizations can rethink vulnerability risk assessment as public data becomes less complete and focus attention where it can have the greatest protective impact.

2026 Cyber Risk: How Leaders Can Tackle Evolving Security Challenges

expert panel

Cybersecurity leaders have never had the luxury of moving slowly, but the second half of 2026 may test even the most mature security teams. AI is accelerating both sides of the fight: Attackers can find vulnerabilities, craft more convincing scams and move faster, while businesses (and employees) are racing to embed AI into products, workflows and everyday operations. That combination raises the stakes for every leader responsible for protecting data, systems, customers and trust.The challenge isn’t just technical. As cyber risk spreads across engineering, finance, operations, legal, HR, procurement and executive teams, the old model of security as a separate checkpoint no longer fits how businesses actually run. The organizations that handle this next phase successfully will need to rethink cybersecurity as a shared operating discipline, not a last-minute review, compliance exercise, or problem for one department or leader to solve alone.Members of the Senior Executive Cybersecurity Think Tank have deep expertise in enterprise cybersecurity strategies, risk management, threat detection and cybersecurity leadership. Below, a group of them discusses what they see as the biggest cybersecurity challenges for leaders in the second half of 2026 and how organizations move from reactive defense to enterprisewide resilience.

AI Agents: How to Manage Access and Minimize Cyber Risk

expert panel

AI agents are quickly moving from helpful assistants to active participants in business workflows, and that shift is creating a new access-control challenge for security leaders. To do their jobs well, these systems often need to interact with customer records, financial systems, employee data, proprietary information and other sensitive resources. That creates a difficult balance: The more access agents have, the more useful they may become—but the more damage they can do when something goes wrong. And that risk isn’t theoretical. A 2025 IBM report found that among organizations that experienced an AI-related breach, 97% lacked proper AI access controls, and 63% had no AI governance policies at all.Traditional access models weren’t built for autonomous tools that can act across systems, make rapid decisions and process large volumes of data in seconds. When convenience trumps safety in AI adoption, loose access can expand an organization’s attack surface before security teams can assess the risk. As AI agents become more embedded in daily operations, organizations need to think differently about identity, permissions and accountability. Members of the Senior Executive Cybersecurity Think Tank bring deep expertise in enterprise cybersecurity strategies, data breach prevention, risk management and modern security architecture. Below, five of them share how leaders should weigh the trade-offs of AI agent access and rethink permissioning for AI-driven systems.

Company details

CRED

Industry

Financial Services

Company size

1,001 - 5,000