Aby Rao is the Deputy Chief Information Security Officer at Paylocity, where he leads teams driving initiatives in cloud security, identity management, AI security, and governance. With over two decades of experience spanning UI design, application development, and cybersecurity, he has held leadership roles at MetLife and KPMG. He was honored with the DC100 Award by CISOs Connect™ for his leadership as Deputy CISO. Beyond his corporate role, Aby serves on the Board of Directors for Transplanting Traditions Community Farm, mentors graduate students at Duke University, and organizes the Home Is Distant Shores Film Festival showcasing immigrant and refugee stories.
Recently, in an exclusive interview with CIO Magazine, Aby shared insights into his professional trajectory, emphasizing his background in UI design, application development, and cybersecurity. Aby highlighted the importance of adaptability, business alignment, clear communication, and resilience in effective cybersecurity leadership. He also expressed his passion for exploring the intersection of AI and cybersecurity, mentoring emerging talent, and contributing to industry education initiatives. The following excerpts are taken from the interview.
Hi Aby. Please tell us about your background and areas of expertise.
I started my career in user interface design and application development before moving into the world of cybersecurity, which gives me a broad perspective on how technology truly serves business needs. Over the years, I have worked at organizations like JP Morgan Chase, MetLife, and KPMG, where I learned from exceptional leaders and peers who shaped my professional outlook. Today, as Deputy CISO at Paylocity, I oversee multiple teams within information security and focus on ensuring our products and operations are resilient against evolving threats. My areas of expertise include Identity and Access Management, Governance, Risk and Compliance, and Cloud Security. More recently, I have been leaning into AI security, a natural extension given the pace at which organizations are adopting these technologies. Having this blend of product, service, and security experience allows me to align technical safeguards with real business outcomes, which is where I find the most impact.
What do you love the most about your current role?
What excites me most is the opportunity to make security an enabler rather than a barrier to business growth. Our customers trust us with critical data, and safeguarding that trust while enabling innovation is both a responsibility and a privilege. My goals are twofold: to enable strong security controls into our products so that they can succeed in the marketplace, and to ensure that our internal operations remain well-protected against threats. Recently, the work around AI and ML adoption has stretched me to learn and grow in ways I had not anticipated, and I thrive on that challenge. The pace, the unpredictability, and the sheer importance of what we do makes this role deeply fulfilling.
What defines effective Cyber Security leadership in today’s threat landscape?
The threat landscape today is fast-moving, with AI being a perfect example of how quickly technologies are advancing. The velocity of AI’s growth challenges leaders to keep pace, not just in understanding risks but also in identifying opportunities to use these technologies responsibly. Beyond technical expertise, I believe four characteristics define effective leadership in this era. Adaptability is essential, because threats and business priorities evolve constantly. Business alignment ensures that security is not operating in a silo but is tied directly to the organization’s goals. Clear communication, both up and down the chain, builds trust and clarity across teams. Finally, resilience allows leaders to recover quickly from setbacks and keep their teams focused. A leader who embodies these traits creates an environment where security can thrive alongside innovation.
Looking ahead, what frontiers in Cyber Security are you most eager to explore further?
I am eager to explore the intersection of AI and cybersecurity more deeply, both in terms of protecting AI models and in leveraging them to make our own defenses stronger. The rapid adoption of AI in enterprises creates both an incredible opportunity and a unique set of risks that we are only beginning to fully understand. In addition, I feel strongly about cybersecurity education, especially for executives who are shaping long-term strategy. In my role at Duke University, I mentor graduate students and speak on cybersecurity topics with a focus on executive decision-making. I also see great value in industry certifications through organizations like AKYLADE, which are helping professionals build resilience and stay ahead. To me, the future lies in a thoughtful blend of technology and education—protecting systems while also preparing people.
How do you stay abreast of rapidly evolving cyber threats and technologies?
My approach has evolved with each stage of my career. Early on, I relied heavily on blogs, podcasts, and even YouTube to learn quickly and absorb as much as possible. As I gained experience, I found conferences, training programs, and professional networks to be invaluable, as they allowed me to exchange insights with peers facing similar challenges. During the pandemic, I leaned more on analyst resources from firms like Gartner and Forrester to guide decisions in a rapidly shifting environment. Today, I rely on AI-driven tools and agents to surface the most relevant news and research for me, which saves time and helps me focus. I think staying current is less about any one method and more about being willing to adapt how you learn as the landscape changes.
What drives your commitment to mentoring emerging cyber talent?
I have been fortunate to have mentors who not only guided me but also pushed me to step outside my comfort zone, and I carry that responsibility forward. Mentoring for me is not a one-time act but an ongoing cycle that sustains our industry. At Duke University, I mentor graduate students and help prepare them for the realities of the profession, and I also contribute through advisory councils with groups like AKYLADE and the Cloud Security Alliance & Northeastern University’s Trusted AI Safety Expert Certification Program. Each interaction reminds me that mentoring is as much about listening as it is about advising. I also believe in mentoring with a long view—helping young professionals not just succeed individually but also become mentors themselves, so the cycle continues. This is how we keep the field vibrant and resilient.
What skills do you find most critical for success in senior Cyber Security leadership roles?
I think the most important quality is to stay grounded and never lose sight of what and why you are protecting. Senior leaders must have a keen sense of how the business operates and where it is heading, because security without context cannot be effective. Creativity is also essential—responding to threats often requires thinking beyond standard playbooks. Surrounding yourself with smart, capable talent is critical, and equally important is nurturing that talent into future leaders. Finally, resilience matters at the leadership level, because setbacks are inevitable, but how you lead your team through them defines your effectiveness.
Is there a particular person you are grateful for who helped get you to where you are?
It would be unfair to credit just one individual, as I’ve had the privilege of learning from many along the way. My professors during my graduate studies at the University of Illinois Urbana-Champaign and Drexel University played a major role in shaping my early thinking. At JP Morgan Chase, MetLife, and Drexel, I worked with managers who challenged me and broadened my perspective. But my time at KPMG stands out as a pivotal moment, where the caliber of leaders and peers I worked with had a lasting impact on my leadership style. Each of these experiences, and the people behind them, contributed to who I am today.
What are some of your passions outside of work? What do you like to do in your time off?
Outside of cybersecurity, I consider myself an artist. Filmmaking has been a creative outlet for me for nearly two decades, and it allows me to engage with communities and stories that expand my worldview. I also run the Home Is Distant Shores Film Festival, which showcases immigrant and refugee stories from across the world. Through this festival, I have been fortunate to meet and collaborate with remarkable artists and individuals whose journeys inspire me. It is a very different dimension from my corporate role, but one that enriches my life and keeps me grounded.
What is your biggest goal? Where do you see yourself in 5 years from now?
My primary goal is to continue in a leadership role where I can protect the systems, data, and people that matter most to society, whether that is financial, healthcare, or even physical safety. I do not try to be too rigid about specifics, because adaptability is crucial in our profession. That said, I do see myself expanding my influence through advisory boards, publications, and teaching, all of which allow me to contribute beyond my immediate organization. In five years, I hope to be recognized not only as a security leader but also as someone who has added meaningful value to the broader community.
What guidance would you offer to aspiring Cyber Security professionals aiming to build impactful careers like yours?
The most important thing is to embrace continuous learning and to practice what you learn both inside and outside of work. This is a field where knowledge can become outdated quickly, so you must constantly refresh your skills and expand your horizons. Seek out people who inspire you or who share your ambition, because the right network can accelerate your growth. At the same time, resilience is essential, as setbacks are inevitable but often hold the best lessons. And finally, remember that life exists outside of your career—nurturing your passions and relationships will make you a stronger professional and a more balanced leader.