ExtraMile by SecureITWorld is an in-depth interview series that evaluates the emerging tech and cybersecurity practices, challenges, and future perspectives. In each session, we connect with leading industry voices from the cybersecurity space and offer expert-led opinions.
In this Q&A edition, we are delighted to host Col. Georgeo Xavierย Pulikkathara, the CIO and CISO ofย iMerit, a pioneer in AI data facilities. While offering data services,ย iMeritย ensures data security, trust, ethics, and higher scalability.ย iMeritย offers data facilities across diverse industries, including medical AI and autonomous mobility.
Col.ย Pulikkatharaย is an army veteran with thorough experience in information technology and cybersecurity leadership. Currently, he is serving as a Colonel and Cyber Operations Officer in the US Army, alongside being the CIO and CISO ofย iMerit. Let us discover his career highlights, major cybersecurity types, the significance of monitoring in data security, and more.
Welcome, Colonelย Pulikkathara.ย Itโsย a pleasure to have you with us today!
1. You are an IT security expert with 25 years of service in the US Army and 34 years of IT and security experience in the private sector. Tell us about the key highlights from your professional journey so far.
Col.ย Pulikkathara. Early on, I gained critical experience securing high-value systems on Wall Street with the Royal Bank of Canada, Capital Markets, where I learned what precision and speed mean in real-world trading environments. From there, I spent 15 years at Microsoft, where I had the opportunity to brief Bill Gates on real-time collaboration software, which is now known as Microsoft Teams.
My career then took a turn back to active duty. I was recalled to active duty in the U.S. Army Special Operations, serving in Afghanistan and Iraq, and earned two Bronze Star Medals for actions in combat. Those years shaped how I think about risk, trust, and the cost of failure when systems break.
I returned to the private sector as Director at Accenture, leading the Global Client Information Security team for 5 years, and later served as CISO at DataStax (now an IBM Company) and Dovenmuehle Mortgage.
Today, I also serve as CIO and CISO for the 81st Readiness Division, supporting over 50,000 soldiers and civilians across the Southeastern U.S., recently promoted to Colonel, U.S. Army Cyber Operations.
Each chapter reinforced my belief that security and mission success depend on people first. That belief guides my work atย iMerit, where we are building secure, human-centered systems to make AI trustworthy at scale.
2. What are the common types of IT and cybersecurity threats that the government and private sectors often encounter?
Col.ย Pulikkathara. The threat landscape is converging for both government and private sectors. The biggest challenges lie in regulatory compliance, third-party vendor exposure, and the growing complexity of technology stacks that create hidden gaps. Organizations must adhere toย numerousย frameworks (like GDPR, HIPAA, CMMC, and SOX) governing data protection and security posture. However, they must go well beyond certifications to achieve actual security in practice.
Ransomwareย remainsย a constant threat because it exploits human behavior as much as code. Insider threats, especially from disgruntled employees, are equally damaging and harder to detect. Importantly, as organizations adopt Large Language Models (LLMs), a new class of threatsย emerges, distinct from traditional network security:
-
- Prompt Injection:Curating inputs to override the model's instructions and security controls (e.g., getting a chatbot to reveal its secret systemย prompt).
- Insecure Output Handling:When the LLM's response is passed to a downstream system without validation, potentially leading to classic exploits like XSS or SQL injection.
- Data Poisoning:Tampering with the training data to inject backdoors or bias the model's behavior.
- Supply Chain Threats:Exploiting vulnerabilities in third-party components or APIs used to integrate the LLM into the application
These threats are not theoretical anymore; they are happening inย liveย systems. Across sectors, theย real challengeย is not just defending networks. It isย maintainingย trust in environments that are changing faster than policies can keep up.
3. You recently joined the leading AI data firm, iMerit, as the CIO and CISO. How do you strategize to contribute to the companyโs operations and growth?
Col.ย Pulikkathara. iMeritย has alreadyย establishedย security as a core differentiator. My long-term strategy is toย build onย that strength โ using our secure, standardized environment toย demonstrateย world-class data handling for enterprise clients. In this space, trust in securityย isnโtย just a requirement;ย itโsย what wins high-value partnerships.
My firstย 30 daysย wasย about listening. I am spending a lot of time with all my peers in the executive leadership and key stakeholders to understand their technology and security challenges firsthand.ย Iโmย also engaging closely with the sales team to learn where technology can better support client needs and growth.
Within the Infrastructure and Information Services team, my focus is on reducing friction, improving process efficiency, managing costs, and building standardization. I am mentoring the team to think at least 90 days ahead,ย anticipatingย issues before they surface. We must move away from reactive troubleshooting to proactive capacity planning and security architecture reviews.ย ย Ourย objectiveย as a team is to be the strategic enabler, not just the fix-it crew.
The goal is simple: align technology and security with business priorities so that innovation atย iMeritย happens safely, efficiently, and atย scale.
4. AI and data have become two significant innovations in the present times. What opportunities and setbacks can AI offer? Do you think AI implementation has increased data security threats?
Col.ย Pulikkathara. AI is unlocking enormous value from faster decision-making to deeperย insightsย but this is also creating an entirely new class of security risks. The same technology that strengthens defense can also power more sophisticated cyberattacks. AI and LLMs introduce fundamental weaknesses that did not exist in traditional applications. Theย OWASP GenAI Security Project Top 10ย for LLM Applications is one of the best playbooks for understanding these new threats. It highlights real-world vulnerabilities like prompt injection, data and model poisoning, sensitive information disclosure, and supply chain weaknesses.
AI bias, misinformation, and the lack of explainability also add layers of risk beyond traditional cybersecurity. The challenge now is to move from black-box systems to explainable AI, where security and accountability are built in, not bolted on.
Atย iMerit, we seeย the opportunityย andย the riskย as two sides of the same coin โ innovation must move forward, but never faster than trust.
5. What are the most unfavourable situations you have handled as an IT security and infrastructure veteran? How did you address the situation and overcome the hurdles?
Col.ย Pulikkathara. Over the years, I have dealt with several high-impact incidents like ransomware attacks, nation-state phishing campaigns, and zero-day vulnerabilities like Heartbleed, SolarWinds, and Log4j. Each one tested not just technology, but people and process discipline. My philosophy is clean here: preparation makesย theย difference. Having a tested Security Incident Response Plan, along with Business Continuity and Disaster Recovery frameworks, ensures that even when systems are compromised, the organization stays resilient.
In my experience, the hardest moments are when you areย operatingย in uncertainty. The key is to stay calm, act on facts, and communicate clearly. You cannot control the threat, but you can control your response.
6. Scalability is essential while formulating a robust security infrastructure. How do you ensure scalability while securing data from vulnerabilities?
Col.ย Pulikkathara. Scalability in security infrastructure begins withย establishingย strong data governance that can flex with organizational growth. Atย iMerit, scalability begins with structure. Weย build onย strong data governance that moves with the organization, not around it. Every piece of data has an owner, a process, and a defined control. Our data management policy keeps security embedded in every stage: processing, storage, usage, archiving, and disposal. Governance activities are audited and refined as systems grow. That is how we scale without stretching our guardrails.
Forย iMerit, security is not an add-on. It is a living framework that grows as our data does. We ensure this by defining clear governance structures and embedding security controls throughout the data lifecycle.
7. According to you, what is the importance of auditing and continuous monitoring in data security and privacy? What are the primary considerations while choosing the best auditing and monitoring solution?
Col.ย Pulikkathara. Auditing is the guardrail that keeps intent aligned with execution. Regular audits keep the organization accountable and ensure that compliance is not aย checkbox,ย it is a part of the culture.
When selecting an auditing and monitoring solution, I prioritize automation and AI capabilities that can proactively flag compliance deviations before they escalate. Real-time monitoring and alerting are essential, along with the ability to generate clear audit trails, evidence, and artifactsโensuring transparency, accountability, and readiness for both internal and external reviews.
8. With cutting-edge technologies and advanced strategies, data security is becoming more vulnerable. How do we stay protected in the emerging threat ecosystem? What is the best?
Col.ย Pulikkathara. The best defense begins with fundamentals. Technology will keep changing, but our discipline around security cannot.ย The key to staying secure in this evolving landscape is building a resilient, adaptive, and continuously improving security posture that goes beyond traditional defense mechanisms.
That meansย establishingย strong identity and access management, enforcing least-privilege principles, implementing multi-factor authentication, and ensuringย timelyย patch management. Beyond that, we need a layered defense strategy which is continuous monitoring, advanced threat detection powered by AI, and zero-trust architecture across endpoints, cloud, and network environments. I recommend:
-
- Enforce consistent vulnerability and patch management.
- Minimize cloud and software misconfigurations across all environments.
- Build organizational awareness around social engineering tactics.
- Conduct regular training to prevent phishing attacks.
- Continuously monitor forย insider threats.
- Implement a SIEM (Security Information and Event Management)ย system andย maintainย an active security operations team for ongoing threat detection and response.
Finally, regular security awareness training for employees, red-team exercises, and a well-tested incident response planย ensureย that when new threatsย emerge, the organization is not just protected but prepared.
9. What's the future of cyber-security?
Col.ย Pulikkathara. The future of our cybersecurity infrastructure depends on how quickly we can integrate AI responsibly: pairing machine speed with expert human judgment, embedding AI into security operations, and ensuring transparency and governance in its use. AI is now both our greatest risk and our greatest opportunity. Threat actors are already using generative AI to automate phishing, accelerate reconnaissance, and exploit vulnerabilities at scale.ย The U.S. has seen ransomware surge nearly 150% in the past year, with AI-driven tactics fueling much of that growth. At the same time, AI offers unprecedented capabilities in defense, from real-time anomaly detection to automated response and resilience building. A proactive stance ensures both compliance and trust, paving the way for responsible AI innovation.
Discover More In-depth Interviews:
