Gera Dorfman, Chief Product Officer at Orca discusses the latest trends in cloud security in this CIO Influence interview:
_____________
Can you take us through your role as CPO of Orca Security?
As CPO of Orca Security, I lead the vision and product roadmap for our unified, AI-powered cloud security platform, with a relentless focus on giving customers faster, clearer risk visibility and a more streamlined path to remediation in a single workspace. I oversee global product management, engineering collaboration, and design to make sure our security keeps pace with AI-driven cloud growth without slowing teams down. A big part of the role is working directly with large enterprises to shape capabilities built for real-world complexity across multi-cloud, large-scale, and increasingly AI-native environments.
How are today’s security challenges and threats changing the scope for data and security teams?
Security and data teams are no longer just โprotecting the cloud,โ they are protecting environments that could be 5 to 10 times bigger in a few years, with huge amounts of code and access controlled by AI systems and agents. AI is both a tool and an attack surface, lowering the cost of advanced attacks, supercharging phishing and impersonation, and pushing organizations to monitor behavior and runtime, not just on known threat patterns. That is expanding the remit of these teams into things like AI data governance, identity and access at scale, and explaining risk in a way that actually drives remediation, not just more alerts.
Also Read: CIO Influence Interview with Carl Froggett, Chief Information Officer (CIO) at Deep Instinct
What are some of the most common issues that keep modern cybersecurity CPOs on their feet today?
One of the biggest challenges is navigating AI from all sides at once. That means figuring out how to use AI to strengthen protection, defend against AI-driven attacks, and secure AI systems themselves as they move into production. At the same time, customers are under pressure to adopt new technologies quickly, without introducing new risk or slowing the business. Add to that the constant flood of security alerts, and the real demand becomes clear: smarter prioritization that helps teams focus on what actually matters, not just what is noisy.
Can you talk about the evolution of this space and what skills and team structural changes modern data and security teams need to pursue to meet current day security-related threats and obstacles?
Cloud security has shifted from โfind more issuesโ to โoperationalize security in the way the organization actually works,โ which means fewer point tools and more unified workflows. Modern teams need people who understand cloud-native stacks and infrastructure-as-code, who can reason about AI systems like agentic AI and MCP servers, and who can use AI themselves for triage and risk-based prioritization. Structurally, that looks like embedded security inside product, data, and platform teams, a shared responsibility model for AI risk, and a single data model that connects vulnerabilities, identity, runtime, and business context so you can act instead of drowning in noise.
What are a few cloud security trends that will take center stage in 2026 and beyond?
We will see AI-driven, organization-specific prioritization of vulnerabilities and misconfigurations take off, helping teams decide what truly matters instead of staring at endless lists of findings. Autonomous remediation will expand in guarded ways, starting with โeasy winsโ like misconfiguration remediation and well-defined guardrails, while identity for both humans and AI agents becomes one of the most critical control planes. At the same time, the software supply chain and source code will remain prime targets, quantum readiness will creep into strategy conversations, and multi-cloud, including regional providers, will grow as regulations and resilience concerns push organizations beyond a single hyperscaler.
What are five quick thoughts that you’d leave every CIO and CISO with?
Iโll leave you with three, because these are the ones that matter most. First, AI is a game changer for both sides. Attackers are moving faster, but defenders finally have the tools to move just as fast. Second, security should never be the thing that slows innovation. The best security platforms enable teams to adopt new technology with confidence, not fear. Third, visibility only matters when it comes with context. Seeing every risk is useless unless you can prioritize the ones that actually impact the business.
Catch more CIO Insights: The โWalled Gardenโ Alternative: Why Data Clean Rooms Are 2026โs Must-Have?
[To share your insights with us, please write toย psen@itechseries.comย ]
Orca enables organizations to make cloud security a strategic advantage. With the most comprehensive coverage and visibility across multi-cloud environments, the agentless-first Orca Platform unites teams to eliminate complexities, vulnerabilities and risks. Backed by Temasek, CapitalG, ICONIQ Capital, Redpoint Ventures and others, Orca is trusted by hundreds of organizations, including SAP, Gannett, Autodesk, Unity, Lemonade and Digital Turbine.
Gera Dorfman, is Chief Product Officer at Orca
