Welcome to a brand-new season of ExtraMile by SecureITWorld, an interview series with top voices in the tech and cybersecurity realm. Here, we discuss key threats and trends affecting diverse industries.
Today’s conversation features Aniket Menon, the Chief Product Officer of Immersive, a frontrunner in cyber resilience. Immersive is known for its advanced tactics that not only help organizations prevent threats but also respond to incidents.
Aniket, with over 15 years of experience across tech and security, leads innovation in Immersive’s cyber resilience platform, Immersive One. In the conversations, we will dive into Aniket’s remarkable professional journey and the importance of strengthening the cyber resilience framework.
Our guest will further discuss human-centric cyber training, and the challenges cybersecurity providers often face. So, let’s start right away.
Hello, Aniket; we’re glad you could join us today!
1. You have been a cybersecurity product leader for over 15 years. How has your experience been, and how has the security ecosystem changed over the years?
Aniket. The security ecosystem has been equal parts humbling and energizing. When I started, security focused on point tools and perimeter control. Then cloud expanded the attack surface, shift-left brought developers into the fold, and SaaS multiplied identities and integrations. At the same time, the threat landscape evolved dramatically, from ransomware-as-a-service to nation-state actors to AI-powered attacks. The sophistication has grown exponentially.
The bigger shift, though, is mindset. Security used to be a checkbox exercise. Today, boards and executives see it as a continuous business imperative. The question is no longer “Are we compliant?” but “Can we withstand and recover from an attack?”
Now we are entering a machine-human era where we must secure both people and AI systems. That constant evolution, and the need to rethink our approach every few years, is what makes this field both challenging and deeply rewarding.
2. What is the significance of robust security practices at present among organizations? What consequences can ignorance bring?
Aniket. Robust security practices matter more than ever, but not in the way many organizations define them. It’s not about how many tools you’ve bought or how polished your policies look. It’s about whether your organization can actually perform under pressure.
There’s a real confidence gap in the industry. Many organizations believe they’re prepared for a major cyber incident. On paper, they have the plans. They’ve run tabletop exercises. They’ve checked the compliance boxes. But when you look at real-world performance, response times and coordination often plateau. The stress of a live incident exposes gaps that weren’t obvious before.
Those gaps are costly. When decisions slow down and communication between security, legal, leadership, and communications breaks down, incidents escalate. Financial damage increases. Regulatory scrutiny intensifies. Reputational harm lingers long after systems are restored. Ignorance today isn’t just risky, it’s expensive. The organizations that treat security as a living capability, not a static investment, are the ones that withstand and recover faster when something inevitably goes wrong.
3. You joined Immersive in August 2025 after serving more than 12 years in Rapid7. How are you planning to contribute to Immersive’s growth and advance its cyber resilience Product?
Aniket. Coming from Rapid7, I’ve seen how critical it is to connect disparate data points into a single, actionable story for a CISO. What drew me to Immersive is the problem we're solving. Most security tools focus on prevention and detection. But Immersive asks a different question: "When an attack happens, are your people actually ready to respond?" Because here's the reality: breaches are inevitable. The question is whether your organization can handle it.
My focus at Immersive is threefold.
First, we're unifying the platform to provide a connected narrative with labs, ranges and crisis simulations. Immersive One will be an outcome-driven platform where everything aligns to actual CISO security goals.
Second, we're betting big on AI. Not AI hype – real AI that makes a difference. We're building agentic AI experiences that adapt in real-time, personalize to each user, and accelerate outcomes.
Third, we're making value visible. Security leaders need to prove resilience to their boards, to regulators, to auditors. We're building framework-aligned reporting, including NIST, MITRE ATT&CK and DORA, that shows measurable progress. Not activity metrics. Actual business outcomes.
4. What is human-centric cyber training? How does it contribute to establishing a strong cyber resilience framework? Can you share any use cases here?
Aniket. Human-centric cyber training starts with a simple premise: technology doesn’t respond to incidents — people do. Technical proficiency is important, but it’s not enough. In a real crisis, what determines success is how people make decisions under pressure, how they communicate across functions, and how quickly leadership can align on action.
Human-centric training simulates that pressure. It brings together the SOC, executives, legal, communications, and even the board in realistic crisis scenarios. Not to test whether they remember a policy, but to see how they actually perform when the stakes are high.
At its core, human-centric training treats cyber readiness as a measurable business capability. When practiced consistently, it builds muscle memory across the organization, which is what true resilience really requires.
5. Product-market fit is a common challenge that cybersecurity providers often face. What is your approach to achieving product market fit in cybersecurity, especially with a technically complex product?
Aniket. In cybersecurity, product-market fit can’t be theoretical. It has to hold up in the middle of an incident.
My approach is grounded in observing how teams and leaders actually behave during incidents and simulations, then using those insights to shape and refine the product.
Cyber is a moving target. Threats evolve, regulations shift, and operating environments change. So product market fit isn’t something you “achieve” once. It’s something you continuously validate.
6. Is cybersecurity a responsibility for IT and security teams only? How do you foster a culture of cyber readiness, security awareness, and ownership across your organization?
Aniket. Cybersecurity is still too often treated as an IT issue, but in reality, it’s an enterprise risk. Technical drills test detection and containment, but real incidents escalate fast. When ransom demands, legal exposure, or media pressure emerge, success depends less on tools and more on human collaboration and decision-making.
I’ve seen crisis simulations where the technical response was strong, but leadership alignment faltered. That’s usually where delays and confusion start. And in a real attack, time is everything.
Fostering a culture of readiness means making cyber a shared responsibility. It means involving leadership in realistic simulations. It means aligning security goals with business objectives. And it means measuring preparedness based on demonstrated performance, not training completion rates.
When every function — from the SOC to the C-suite — understands its role and has practiced executing together, security becomes part of the company’s operating rhythm, not just a department’s mandate.
7. What are the most dangerous cyber threats organizations need to take precautions against currently? How challenging are AI-driven attacks becoming in this regard?
Aniket. Unfortunately, the most dangerous cyber threats aren’t the ones organizations are preparing for. AI is lowering the barrier to entry for attackers. We’re already seeing large language models used to generate convincing phishing campaigns, automate reconnaissance, and adapt social engineering tactics in real time. That means attacks can be launched faster, tailored more precisely, and iterated on quickly.
At the same time, there’s the longer-term risk landscape. Nation-state actors are pursuing “harvest now, decrypt later” strategies, collecting encrypted data today in anticipation of future quantum capabilities. That’s not theoretical — it’s strategic patience.
But what worries me most isn’t just the technology. It’s the gap between how quickly attackers adapt and how slowly organizations change their defensive posture. AI-driven attacks expose weaknesses in human coordination and decision-making long before technical controls fail. The real challenge isn’t just defending against smarter threats. It’s ensuring our people and processes evolve just as quickly as the adversaries do.
8. Product development is indeed a complex career path to choose. What advice do you have for aspiring product leaders, especially entering the cybersecurity space?
Aniket. Product management in cybersecurity is definitely not easy, but it's one of the most rewarding careers you can have if you're up for the challenge. My biggest advice: don't fall in love with your solution, fall in love with the customer's problem. Get comfortable with the "ambiguity.” This industry moves faster than any other, and what was a best practice six months ago might be obsolete today. You need to be curious and a constant learner.
Next, talk to customers obsessively. I mean, really talk to them. Not just during beta programs or feature feedback sessions, but ongoing conversations where you're trying to understand their world. What keeps them up at night? What trade-offs are they making? What solutions have they tried that didn't work? The best product ideas I've had didn't come from brainstorming sessions – they came from listening to customers explain their pain points.
Lastly, learn to say no. This is one of the hardest skills in product management. You'll have customers asking for features, sales asking for capabilities to close deals, executives pushing their vision, and the engineering team suggesting cool technical solutions. Your job is to ruthlessly prioritize. What's the highest impact thing we can build right now that moves us toward the company’s strategic goals? Everything else is noise.
Discover More In-depth Interviews:
