Image generated with Gemini.
In a world where threats travel faster than updates and cyberattacks evolve as fast as the tools designed to stop them, Romanus Raymond sees opportunity — if leaders are ready to shift their mindset.
As director of technology at ManageEngine, Raymond sits at the intersection of enterprise strategy, technical implementation, and the human realities of digital defence. His educational background — spanning computer science, psychology, and cyber law — reflects a multidisciplinary view of cybersecurity: understanding not just the systems in play, but the people, policies, and risks that shape them.
“We used to have a fortress — now there’s no fortress,” says Raymond.
Securing a boundaryless world
Raymond’s upcoming talk at the CIO Association of Canada Peer Forum tackles a key shift in thinking: endpoints — devices, systems, and users accessing networks — are no longer confined to office walls or secure firewalls. Instead, they’re constantly moving, changing, and connecting through a vast array of form factors and networks.
“You have to do the same job across dozens of form factors, networks, and configurations,” he explains. “Everything is everywhere. The old model of security just doesn’t scale.”
He points to the rise of remote work, IoT devices, and cloudfirst architecture as key drivers of this change. With devices scattered across geographies and often connected to unpredictable networks, Raymond says organizations can’t rely on perimeterbased defences anymore. That’s where zero trust comes in, not as a buzzword but as a philosophy.
“Zero trust isn’t about where something is. It’s about verifying everything, every time,” says Raymond. That requires policy, not just tools.
In this new landscape, blind spots multiply. Devices fall out of sync with defined security postures. Employees install browser extensions that leak data. Even authorized applications can be exploited in “living off the land” attacks. The key to regaining control, Raymond says, is visibility — knowing what’s running, where, and how it behaves.
From reactive defence to predictive resilience
Much of Raymond’s focus today is on how AI — including technologies like large language models (LLMs) — can shift cybersecurity from reactive to proactive.
“AI, ML, and even LLMs are being used by attackers,” says Raymond. “We’re seeing AIbased attacks, deepfakes — these threats are already happening.”
He sees the future of defence in tools that don’t just detect threats, but predict them — using behavioural signals, threat intel, and anomaly detection to stay a step ahead. That means investing in Extended Detection and Response (XDR) platforms that can unify visibility across all digital assets, and adapting defence strategies based on realworld attack patterns.
But Raymond also cautions against rushing in. “You need structure before you add AI,” he says. “If your data isn’t organized, your assets aren’t mapped, or your posture isn’t defined, adding a smart layer on top won’t help.”
This is where great security leadership plays a role — not just choosing the right tools, but creating a culture of security across people, policy, and process.
“You can’t take a horse to war without training it,” Raymond says, highlighting the importance of education, awareness, and simulation exercises. “A great leader invests in people, not just software.”
What CIOs should focus on next
Asked what a CIO could do this quarter to improve endpoint resilience, Raymond points to four priorities:
- Staying ahead of evolving ransomware threats
- Building resilience into assets and recovery plans
- Securing supply chains (including contractors and gig workers)
- Addressing misconfigurations caused by skill gaps
He also urges organizations to stop assuming cloud providers are taking care of everything. “You’re still responsible for your data,” he says. “Misconfigurations in the cloud are just as dangerous as onprem.”
Above all, Raymond hopes more business leaders start viewing cybersecurity as an enabler, not an obstacle. “CISOs and CIOs know what’s needed,” he says. “But that message doesn’t always make it to the people who control funding.”
The solution, in his view, is simple but powerful: align tools to strategy, align teams to goals, and align culture to risk. Only then can AI — and any other tool — deliver on its promise.
Start with the essentials. Know your environment. “If you understand your business, then you can build smart.”
Romanus Raymond will speak on endpoint resilience and AIpowered defence at the 2025 CIO Association of Canada Peer Forum in Ottawa, May 2829.
is the official media partner of the CIO Association of Canada.
This article was created with the assistance of AI. Learn more about our AI ethics policy here.
