Boomi highlights business thought leaders, the trends they see, and the cool things their organizations are doing. We also get their hot takes on pizza integrations.
When Carl Siva talks about “the old days,” he means just a few short years ago, before artificial intelligence began changing everything, including how businesses approach cybersecurity.
“Your tools for defense were firewall rules, allow lists, deny lists, and those types of things,” said Siva, Boomi’s Chief Information Security Officer. “Now it’s becoming an arms race. It’s evolved into more behavior-heuristic activity.”
In digital security, that describes identifying potential threats and suspicious activity through pattern recognition techniques. It’s using AI-driven threat detection to fend off AI-generated attacks.
“Now, if we see something fishy that happens once and then maybe again months later, systems can detect that kind of pattern,” he said. “It’s very important to use AI to fight AI. The bad actors are using it, so you have to use it for good to stay ahead.”
CISOs like Siva, figuratively speaking, stand watch on the battlements of businesses, keeping them safe. AI is a double-edged sword in that critical task – a complication and an aide. Siva, who also serves as Boomi’s Vice President of Infrastructure, discussed the CISO’s changing role, how he approaches the job, and the importance of “balance” in cybersecurity. Our conversation was lightly edited for length and clarity.
Let’s stick with AI for a moment and how it’s impacting cybersecurity.
Carl Siva: The reality is that if you’re not using AI, you’ll fall behind. Our CIO, Sean Wechter, has a nice way of describing it. He says those minutes you save with AI developing a piece of code or performing a task keep you ahead. Or your competitor’s going to gain an advantage. But AI has to be secure and compliant. It’s not just about keeping the business safe from attacks. It’s making sure that the data produced from AI doesn’t harm the company.
How do you describe your job to friends?
Carl Siva: I love that question. For most people, I say I’m in technology. But if I go a click or two deeper, I’ll use the analogy of a house. I’m the plumbing, electrical, and the alarm system. I’m helping keep systems running that are essential for collaboration, and I protect them from being compromised by people who shouldn’t have access. When I tell people that a typical company has hundreds of applications, they start to understand what I do for a living. I like that when there’s a problem to fix, I’m there. In security, there are never-ending challenges. I’m excited to be where I can do the most good.
It feels like cybersecurity has never been more critical for businesses.
Carl Siva: It’s all security, security, security. Everyone reads the articles about security breaches. In our personal lives, we all know what it’s like when telemarketers are war-dialing us, or you get a text message saying you have a UPS package waiting or won the lottery to obtain your information. We all know somebody who has been a victim. So, people look at this job and think, “Wow, you must be under attack 24/7. How do you handle it?” It’s just like anything. You prioritize what’s most important. It’s a cultural shift because security is a team sport. You have to enlist people in the army of security to be successful. It’s very rewarding because I help educate staff and bring them to the cause. No one person or team can do it all alone.
You speak often about the need for “balance.” What does that mean?
Carl Siva: There should be a balance between the business and the security side. You do have to be able to say “no” sometimes. But it can’t be the answer to every question. It’s got to be a conditional no. A lot of security people say no by default, and then they don’t offer a path forward. That’s a very old-school way of thinking. You have to be business-friendly and still find a way to protect the company.
What does that look like in practice?
Carl Siva: Security is something you always need more of, right? But it also affects productivity. Finding that balance isn’t the first thing that people think of. They think about innovation first, and they should. They say, “I want to build the next big new AI thing.” Anticipating these requests, people like me start looking to migrate risk in any way we can. “Well, if you do that, this may happen.” Business leaders are very attuned to the impacts of inadequate security. At Boomi, we’re doubling down wherever possible. I think other companies are beginning to follow suit. The challenge is that you can’t have infinite investment in security everywhere. At some point, you’re going to make some compromises. But it doesn’t change that everyone’s starting to turn up the dial.
How do your infrastructure and CISO roles go hand-in-hand?
Carl Siva: Infrastructure is foundational to all systems and complements security well. Cloud inherently means security because you don’t have physical data centers. For me, the transition into security was going from those who operate it to those who operate and secure it. It was just another dimension of the job and putting a different lens on it. Boomi is a cloud company. The infrastructure is very streamlined and lean. So, security is a natural leap to a place where I can have an impact.
Does your security role influence the product?
Carl Siva: Yes. Boomi has 14 compliance frameworks that we partner with the business on to keep up to date. We’re the most compliant company in our industry. The great part of my job is working with Ed Macosky, our Chief Product and Technology Officer, and talking about roadmaps, what we’re seeing in the security space, and what needs to be implemented.
Were you always headed toward a career in technology?
Carl Siva: My technology path wasn’t a straight line. Early on, I was fascinated by how systems work – not just computers, but organizational systems, even biological systems. That curiosity led me to explore different fields, and I found that while I really liked working on cars, I was naturally interested in technology. It’s a field where you can see the direct impact of your work, whether it’s building a secure platform or protecting sensitive data. The challenges are always evolving, which keeps me engaged. It’s less about the specific technology and more about the principles of how they apply in different contexts.
We’ll finish with our fun question. Do you have a favorite pizza “integration?”
Carl Siva: I’m originally from the Bronx. So, I’m a New York pizza guy. I like folding it in half. If the oil doesn’t drip down your hand and it isn’t crispy on the bottom, it’s not a real slice in New York. But I’ll do Chicago deep dish if New York style isn’t available. I’m very simple when it comes to my pizza. My favorite is cheese or pepperoni. But if a pizza place has it, I’ll put chicken on top because I like the extra protein.
Up Close With Carl Siva
Career: A two-time CISO with over 25 years in IT, he has hands-on experience and leadership positions in the private and public sectors. Before his three-plus years as a Boomi executive, he held roles that included Chief Information Security Officer for San Mateo County (Calif.), Vice President of Information Technology for Cadence Design Systems, Director of IT Operations & Systems at Informatica, and technical leader roles at Logitech.
Fun facts about Carl: He has a pit bull-boxer mix named Gucci. (“I didn’t pick the name,” he joked.) He’s also a big electronics junkie. “I always get the new iWatch, iPhone, TVs, and whatever,” he said. “I’m kind of a technophile in general.”
Integration and automation are fundamental to getting the most from AI. Learn more about how Boomi is helping organizations transform their businesses.