Rinki Sethi, chief security officer for Upwind, unpacks why runtime is the new battleground for cloud defense.

Sethi traces her epiphany back to 2022, when she first heard that you can’t secure what you can’t see in real time. Configuration checks and compliance scans are fine, she says, but attackers still slip through unless you’re monitoring live application behavior.

That conviction led her to technologies such as eBPF, which let vendors drop ultra-light sensors into production without dragging performance. Upwind was an early adopter, and the approach has since become a buzzword—but for good reason. Lightweight, kernel-level visibility makes it practical to watch containers, VMs, serverless functions and whatever AI workloads come next, even as environments grow more fragmented.

Sethi also tackles the perennial “shift-left versus shift-right” debate. Developers should own security early in the pipeline, she argues, but dumping every vulnerability ticket on engineers is a recipe for friction. Real progress comes from guardrails: scanners that surface only context-rich issues, plus runtime feeds that show which findings actually matter in production. Until cloud teams close that feedback loop, security and engineering will keep talking past each other.

Looking ahead, Sethi urges CISOs to rethink their toolchains before AI scrambles everything. Point solutions and acronym soup (CSPM, CNAPP, DSPM, take your pick) force practitioners to stitch context by hand. A unified platform that starts with runtime data and layers in posture, identity and network insights is the only way to cut through the noise. Her parting shot: stop buying features disguised as products, stay focused on real-time risk, and give developers proof—via red-team demos if necessary—that security is their problem, too.