Attackers breached a Fortune 500 company’s cloud infrastructure last year without tripping a single alert. They didn’t use zero-days or brute force; instead, they mimicked routine admin behaviors and glided through environments unseen for weeks. This wasn’t an anomaly. It’s the new normal.
Cloud ecosystems now move faster than most traditional security tooling can comprehend. With enterprises sprawling across AWS, Azure, and GCP—spinning up microservices, deploying dozens of times a day, and processing petabytes of telemetry—threat actors have adapted accordingly. They’re not breaking in; they’re blending in. “Old-school rule-based systems only respond after a threat appears,” said Yugandhar Suthari, Security Engineer at Cisco and author of Shift Left by Design: Advanced Platform Engineering for Secure Cloud Systems. He added, “They’re built to recognize yesterday’s attacks. But the attackers aren’t looking back.”
From Rules To Risk: The Strategic Shift
Signature-based detection—while still relevant—is no longer sufficient on its own. Today’s adversaries wield polymorphic malware, abuse automation, and use AI to simulate normal behavior. Detection, then, must evolve into continuous, adaptive risk sensing.
“AI isn’t just a feature. It’s the new foundation,” Suthari notes. “It learns normal behavior, contextualizes anomalies, and flags risk in ways rules simply can’t.” This principle formed the core of Chapter 14 in his book, based on firsthand experience securing AI/ML workloads at Levi’s using tools like SageMaker and Airflow. “When traditional models failed to account for model lineage, governance, or data leakage across clouds, we had to rethink how security works in the age of machine learning.”
Real-World Complexity: Multi-Cloud, Multi-Risks
The Cloud Security Alliance recently reported that 89% of enterprises face visibility gaps in multi-cloud environments. The fragmentation is real—each provider introduces its own language, tooling, and compliance requirements. Suthari led the creation of Cisco’s multi-cloud security guardrail framework across over 10,000 cloud accounts. Using Terraform, GitHub Actions, and Wiz, the system proactively enforced preventative controls—eliminating misconfigurations before they escalated into breaches. The payoff? A 70% drop in incidents and more than $3M in annual risk reduction.
This real-world learning directly informed Chapter 15 of Shift Left by Design, which outlines patterns for securing multi-cloud systems not by layering more tools, but by enforcing consistent policy-as-code frameworks across providers. “We didn’t need more alerts. We needed fewer assumptions,” Suthari explains.
Shift Left by Experience: From Game of Thrones to Vault at Scale
His book is not theoretical. It’s built on war stories. At HBO, Suthari helped scale and secure the Game of Thrones delivery infrastructure—streaming to millions in real time. Chapter 5 of his book explains why security guardrails must be embedded early in CI/CD, not bolted on later.
At Barclays, he learned the hard way that perimeter security was a fiction. Working with Jenkins and OpenShift in a heavily regulated environment, he saw firsthand why identity—not location—is the new perimeter. That insight powers Chapters 6 and 8, focused on zero trust in practice. His secrets management deep-dive? That came from his time at Citizens Bank, where he designed a production-grade HashiCorp Vault deployment from the ground up. This experience underpinned his recent talk at HashiConf 2025, where he discussed best practices and pitfalls of integrating Vault into CI/CD pipelines. The session tackled real challenges—like token reuse, secret sprawl, and workload identity—with guidance rooted in experience.
Building Trust in AI Requires Transparency
Adopting AI in security isn’t just a technical pivot. It’s a cultural one. “A black-box model that flags anomalies but can’t explain why? That’s not a tool. It’s a liability,” said Suthari. He added, “Transparency matters as much as accuracy.”
His call for explainable AI mirrors the growing regulatory push for algorithmic accountability. Models must justify their decisions—especially when used in regulated industries like finance or healthcare. This theme resonates with his work on automating CIS compliance for Amazon EKS using Kyverno and KubeBench. His open-source contributions show how policy-as-code and automated benchmarking can scale governance without sacrificing developer speed. As detailed in his open source contributions, the approach uses Kubernetes-native policies to audit and enforce best practices—no manual interventions needed.
Beyond Compliance: Toward Predictive Prevention
Maria Rodriguez, CISO at a major financial firm, echoes this sentiment: “When you can predict and prevent misconfigurations before they become vulnerabilities, you’re fundamentally changing your risk posture.” Suthari called this moving from reactive to predictive security—a defining theme of Shift Left by Design. From Disney’s reservation systems to Comcast’s billion-transaction secret pipelines, his experiences across industries prove a common pattern: speed and security aren’t in conflict when design is intentional. He said, “Threats are evolving faster than policies can be written, that’s why I wrote the book. Because we need security that scales not with headcount, but with design.”
In the new era of cloud-native systems, AI won’t replace security engineers—but it will redefine how they work. And the ones who embrace that shift early will not only stay secure, they’ll lead.
