Sergey Tairyan is a Global CISO, security innovator, and international speaker with over 15 years of experience across government, finance and iGaming sectors. As Group CISO at Digitain, he built the company’s entire cybersecurity ecosystem from the ground up, achieving ISO 27001 and PCI DSS compliance while pioneering Armenia’s first internal bug-bounty programs. Sergey holds a Ph.D. in Mathematical Cybernetics and multiple top international certifications. A recognized thought leader, he frequently speaks at global conferences and mentors the next generation of cybersecurity professionals, driving innovation in AI-driven and post-quantum security worldwide.
Recently, in an exclusive interview with CIO Magazine, Sergey shared insights into his journey to becoming a cybersecurity leader, emphasizing the importance of continuous learning and hands-on experience. He highlighted the transformative impact of artificial intelligence on cybersecurity, noting both new challenges and unprecedented defensive advantages. Sergey also stressed that cybersecurity is a mindset and lifestyle, requiring constant adaptation and knowledge-sharing, and advised aspiring leaders to build a strong technical foundation and inspire a culture of security. The following excerpts are taken from the interview.
Hi Sergey. Can you walk us through your career journey and how you became a cybersecurity leader?
My journey started in quite a hands-on way. I began as a technical intern at an insurance company, just a one-month internship. On the third day, I handed a USB flash drive to the CEO and told him to keep it safe because it contained all the company’s data from 1997 up to that moment in 2010. That simple act of awareness about data value and risk got me hired permanently as an IT specialist the same day.
From there, I transitioned into information security. My first project involved deploying antivirus systems and integrating employee check-in/check-out logs with Active Directory to prevent unsanctioned logins – early but practical cybersecurity measures that built my foundation.
Over the years, I moved step by step – from system administrator to IT manager, then IT auditor, and eventually managing entire IT security units. That gradual evolution, staying close to technology while understanding business risk, shaped my leadership approach and prepared me for my current role as CISO.
What do you love the most about your current role?
In my seven years at Digitain, I’ve had the privilege of building the company’s entire cybersecurity ecosystem from the ground up. When I joined, there were no formal teams, processes or monitoring. Today, we operate fully mature Red, Blue, and Purple Teams, each integrated into every stage of the business and product lifecycle.
The Red Team is embedded directly into product development. Our ethical hackers continuously test our security controls, applications and infrastructure. They don’t just find vulnerabilities, they teach developers and engineers to understand root causes, turning every penetration test into a learning experience.
The Blue Team manages a 24/7 Security Operations Center (SOC) with real-time monitoring, advanced threat detection, and incident response capabilities. The SOC correlates millions of daily events across EDR, SIEM and threat-intelligence platforms to detect anomalies before they become incidents.
The Purple Team bridges offense and defense, converting Red Team insights into stronger detection and response mechanisms. They refine playbooks, update rules, and continuously improve our metrics.
Under my leadership, Digitain achieved multiple international certifications, including ISO 27001, PCI DSS, and a range of iGaming compliance licenses such as GLI 19, GLI 33, and others – a reflection of both technical excellence and regulatory maturity.
What I love most about my role is seeing this ecosystem operate flawlessly even in my absence. I can take a long vacation knowing that everything runs perfectly because the processes, culture and people are aligned. That’s what true leadership means to me, when a vision becomes a self-sustaining system that keeps growing, learning, and protecting the business long after you step away.
What do you think is the most exciting development in cybersecurity right now and why?
Without question – artificial intelligence.
AI is transforming both defense and offense of cybersecurity. On one side, we now face new challenges: deep-fakes, AI-generated phishing emails, synthetic voice/video fraud and social engineering campaigns that are almost indistinguishable from reality. On the other side, AI also gives defenders an unprecedented advantage, from predictive analytics and autonomous detection to intelligent correlation of security events across vast data streams.
I see AI today as being at the same stage as the Internet in the early 1990s. Back then, people laughed at the idea of ordering pizza online; now, almost everything we do happens online. The same will happen with AI, those who understand how to use it strategically will lead the next decade and billion-dollar companies that fail to adapt will eventually fall behind.
That’s why I believe every modern organization should have an AI R&D team, people who not only understand technology but also deeply understand the business and know how to apply AI throughout the entire value chain, not just in cybersecurity. The companies that combine technical security expertise with AI-driven innovation will define the future of our industry.
Can you share your thoughts on the importance of continuous learning and professional development in cybersecurity?
My day always starts with reading technical and cybersecurity news. I’ve set up several automations that deliver real-time updates on zero-day exploits, vendor vulnerabilities and emerging threats directly to me throughout the day. Continuous awareness is key in this field, if you stop learning, even for a short time, you quickly fall behind.
After earning my PhD in 2010, I continued to build my professional foundation by obtaining certifications such as CISM, CGEIT, CEH, ISO 27001 Lead Auditor and CIPP/E, among others. Each one gave me a new perspective, from governance and auditing to ethical hacking and privacy.
Cybersecurity evolves every single day. Technologies, attack vectors and business models all change faster than ever. To be among the best, you must read, study and experiment daily. Even on vacation, I keep up with industry news and professional books, not out of obligation, but out of genuine curiosity and respect for the craft. Because if you stop for two or three days, you’ll need twice as much time to catch up. Continuous learning isn’t optional in cybersecurity – it’s mandatory.
Is there a particular person you are grateful for who helped get you to where you are?
Yes – my father.
It was 1997 in The National Children’s Library after Khnko Aper. There was a program that selected promising students from city schools to study basic programming and internet. I joined when I was in fifth grade. During one internet class the tutor left the room and I, like any curious kid, found a website with adult pictures. All the other boys gathered around my computer. When the tutor returned, she saw the open page and blamed me, sending me home.
At home I told my father what happened. Instead of punishment, he smiled and asked how I had managed to bypass their content filter. He put a book of Rubens’ paintings in my hands and told me to look at art more than that rubbish on the net. The next class he came with me. When the tutor tried to scold me, he quietly stopped her and said: if an eleven-year-old can find a weakness in your system, that’s a problem to fix and the right response is to encourage the child and learn how they did it, not shame them.
That story gave me two things – a passion for hacking and a love of art. He taught me to be curious, to look for weaknesses and to see beauty. I’m grateful to him every day.
Can you share a book or resource that inspires you and why?
There are two books I always recommend to anyone interested in cybersecurity and technology.
The first is The Art of Deception by Kevin Mitnick. I first read it in 2004 and still return to it from time to time. Even after more than 20 years, most of the attack patterns and social engineering schemes described there remain relevant. It’s a timeless lesson that the human factor is still the weakest link and understanding how people can be manipulated is the foundation of real security awareness.
The second is Neuromancer by William Gibson, a classic science fiction novel I first read in the late 1990s. It shaped the way I imagined artificial intelligence, augmented reality and digital consciousness long before these technologies became part of everyday life. Reading it now feels prophetic, many of the ideas that seemed futuristic in 1984 are realities today. It reminds me how imagination often precedes innovation and how fiction can inspire the next generation of cybersecurity and AI pioneers.
What are some of your passions outside of work? What do you like to do in your time off?
I’ve always been passionate about learning something new. Around ten years ago, I became deeply interested in blockchain technology, not just from a technical perspective, but also in how it can be used to improve transparency and trust in public systems. I even proposed implementing blockchain solutions for Yerevan Municipality to prevent document tampering and ensure the authenticity of official records.
Today, my main passion is artificial intelligence. I spend much of my free time studying AI concepts, reading research papers and building my own AI agents designed to automate and enhance cybersecurity workflows. Experimenting with AI has become both a hobby and a creative outlet, a way to merge my curiosity, technical background, and vision for the future.
For me, learning isn’t separate from leisure – it’s what energizes me. Every new concept, every test, every prototype is a way to see the future a bit earlier than others.
What is your biggest goal? Where do you see yourself in 5 years from now?
My biggest goal is to build a cybersecurity tool for ordinary people – because they are the weakest link in the global digital ecosystem. Our parents, children, teachers and small business owners often don’t have access to enterprise-grade protection, yet they face the same threats. I want to give them a simple, intelligent AI companion that keeps them safe online.
I’ve already developed a prototype of an AI agent (www.oky.ai – beta version available on Telegram) that analyzes any URL and gives a verdict – Safe, Suspicious or Malicious. My vision is to expand it into a full platform and mobile app that can automatically scan emails, messages and attachments across iOS, Android and Windows. I’m teaching this AI everything I’ve learned during my cybersecurity career, so for ordinary users it becomes a personal security buddy, and for enterprises, it evolves into a virtual CISO capable of protecting entire organizations.
In five years, I see myself as the architect of a global security company that safeguards not just businesses, but also the most vulnerable sectors, especially hospitals and healthcare institutions. These organizations often suffer from cyberattacks due to limited security budgets, yet they protect lives. My mission is to change that, to create technologies that defend those who defend us.
What advice would you give to someone looking to transition into a cybersecurity leadership role?
Information security is not just a profession; it’s a mindset and a lifestyle. If you want to become a cybersecurity leader, you must be ready to live it 24/7, 365 days a year. Threats evolve constantly, so you need to keep learning, adapting and sharing knowledge with others every single day.
Start from the basics – understand how networks, systems and technologies really work. Build your foundation step by step, because real leadership in cybersecurity comes from deep technical understanding combined with strategic vision.
And finally, remember great cybersecurity leaders don’t just protect systems, they build cultures of security. If you can inspire others to care about protection as much as you do, you’ve already taken the most important step toward leadership.
You become a true leader when you grow leaders who grow leaders.