At Forestay, we view Cybersecurity as a core investment pillar. In a world of accelerating AI adoption and ever-evolving threats, safeguarding digital assets is mission-critical — offering both risk mitigation and exceptional growth potential.

To better understand the role Cybersecurity plays within large enterprises, we’ve launched a series of conversations with CISOs and security leaders, sharing their journeys and insights from the frontlines of cyber defense.

This second conversation features the perspectives of Alain Beuchat, Strategic Advisor and former CISO @ Lombard Odier and UBS.

Labinot Brahimi: Tell us a bit about your past experience as a cyber professional and key events that made you realize cybersecurity as a whole will only become a growing concern?

Alain Beuchat: When I joined UBS in 2012 to lead their information security, the initial main focus was on client data protection – and this is still true today by the way – and how to safeguard client data by implementing the right measures to ensure its confidentiality. At that time, the Banking industry, and other industries, were doing fairly fine until some major global cyberattacks happened at a scale never seen before: NotPetya, WannaCry or the cyberattack against the SWIFT system at the Bank of Bangladesh. Russian and North Korean hackers to name a few, crippled thousands of systems and highlighted the growing impact and reach of these cyber threats.  

Labinot Brahimi: How did these events impact the relationship towards cybersecurity within enterprises, specifically Banks?

Alain Beuchat: Prior to these events, IT and Security teams understood these risks, but the corporate leadership often underestimated them. Following these incidents, attention from executives significantly increased. Board members began to recognize that cyber risk is not just about technology, but it is fundamentally about resilience and business continuity. This new awareness fueled several years of increased investment and focus on cyber security.  

Labinot Brahimi: What do you see as the biggest drivers shaping the cybersecurity agenda at the executive level today and over the next two to three years?

Alain Beuchat: Today, geopolitical developments have blurred the lines between hacktivists, cybercriminals, and state-sponsored attackers, particularly as certain governments tolerate or indirectly support cybercrime aimed at foreign entities. Ransomware operations are growing more targeted, impacting entire industries such as banking, retail, automotive, and health care.

Furthermore, supply chain security remains a critical area of focus as organizations depend heavily on third-party providers; especially as recent policy shifts in the US under the Trump administration have rolled back some efforts on software supply chain transparency and centralized coordination through agencies like CISA. In EU, new regulations like DORA (the Digital Operational Resilience Act), aim to hold vendors and service providers accountable for digital resilience.

I would say, overall, the cybersecurity landscape has become more interconnected, geopolitical, and sophisticated. Resilience – not just protection – has become the central focus of modern cyber strategy.  

Labinot Brahimi: Financial Services, including banks, are known for operating in hybrid environments, including old legacy IT stack. What is the hardest part about keeping secure these complex IT environments?  

Alain Beuchat: Banks used to run most operations in-house or closely with trusted outsourcing partners, which meant they managed their own security but constantly faced resource constraints and had to decide what level of risk they could tolerate. Today, the shift to the cloud introduces more complexity – banks must manage both legacy systems and new cloud environments, often without a corresponding increase in resources, making it challenging to secure both worlds at once. While hyperscalers like AWS or Azure can be considered by most organizations as secure, they are also highly dynamic environments, evolving continuously at high pace, and therefore maintaining secure configuration represents a challenge for numerous organizations. And (small) mistakes usually introduce vulnerabilities.

Banks have two main strategies when it comes to the cloud: fully refactoring applications to be cloud-compatible, which is resource-intensive but uses cloud capabilities efficiently, or simply moving existing workloads (“lift and shift”), which is easier but doesn’t leverage the full advantages of the cloud and retains maintenance burdens. Many banks now use a hybrid approach – balancing on-premises  and cloud workloads – and embrace the cloud only where it offers clear benefits, such as for consuming AI services or modern APIs for example.

The result is a more dynamic and complex environment that demands new skills and greater vigilance in both engineering and risk management, especially as legacy systems will remain in use for many years alongside the new cloud infrastructure.  

Labinot Brahimi: Let’s discuss AI briefly. As institutions rapidly adopt AI, how do you balance the business pressure to deploy AI quickly with the need for security vetting?

Alain Beuchat: Specifically looking at the risks posed by AI, there are typically two perspectives: a strict compliance-focused view (often driven by Risk and Compliance), which urges caution with new technologies due to unfamiliar risks, and an “IT security as an enabler” view, which focuses on specific, identifiable risks posed by each application e.g. which data are involved, is there a human in the loop, what are the potential consequences of an error, to form an opinion. From my experience in the Banking space, both views shape how new technologies – such as AI – are adopted.

Data protection remains a significant obstacle for many banks aiming to adopt commercial Large Language Models (LLMs). However, the rapid development of open-source LLMs presents a substantial opportunity to directly address these data protection concerns. Despite these developments, several key challenges persist, including bias, hallucinations, and the generation of harmful content. New model integrity verification approaches will be essential to ensure the reliability and trustworthiness of AI-enabled applications.  

Labinot Brahimi: And what about shadow AI? We know it is a common topic among organizations; so how much of a concern is it for security teams?  

Alain Beuchat: Ultimately, the role of the CISO is not to set hard rules for the business, but to help find ways to use new technologies like AI within the organization’s risk tolerance and regulatory boundaries. When the business wants to adopt AI for productivity, the discussion should focus on adjusting policies to ensure compliance and stay within risk tolerance, rather than outright prohibition. If employees are already using these technologies unofficially, the best approach is to provide training and guidance, establish clear usage rules, and encourage the use of trusted, organization-approved AI tools under sensible monitoring.  

Labinot Brahimi: Coming back to the ransomware threats we discussed before. With the democratization of sophisticated attacks – deepfakes and offensive AI capabilities for example – what is the solution to keep up across these new threat vectors?

Alain Beuchat: Large Language Models are enabling attackers to operate faster and at a greater scale than before. These tools make it easier for criminals to quickly analyze data, plan actions, and create tailored attacks. For example, they can automate writing and customizing phishing emails – even in languages they don’t speak – for maximum impact. There are stories that LLM is being used to orchestrate cyber espionage campaigns i.e. the attack is executed by an algorithm with no or little human intervention. As a result, attacks are not fundamentally different, but their speed and frequency have increased, lowering barriers for less-skilled attackers to participate. This acceleration means organizations have less time to respond to threats; incidents that used to take days or weeks to escalate can now happen in hours or minutes if security controls are weak.  

Labinot Brahimi: Attackers are way quicker and have now broader skills to run their hunts. How do we cope with that?

Alain Beuchat: Security awareness such as phishing campaigns help, but even with a low click rate of a few percent, a large company will still have hundreds of employees fall for phishing, so technical protections and detection mechanisms are critical. Recent phishing attacks are more sophisticated, successfully targeting MFA (multi-factor authentication) through fake websites for example. To that end, some organizations are equipping key staff with hardware security tokens using protocols like FIDO (Fast Identity Online) for stronger access control.​

Detection tools also need to be advanced: attackers now often use built-in tools that are available on the targeted systems instead of malware, making malicious activity harder to spot. Behavior-based monitoring is essential, relying on specialized software to flag suspicious actions and trigger alerts – this is where technical controls and AI-powered smart detection tools (will) make a difference.  

Labinot Brahimi: What has been your experience working with startups? Do you think enterprises, and financial institutions in particular, will be more inclined to work with startups in the AI era and the new attack surface it brings?

Alain Beuchat: When implementing foundational cyber defenses — such as EDR, SIEM, and firewalls — CISOs and security teams tend to favour established, proven solutions. Startups are generally less considered for these critical, baseline tools. However, a tactical advantage exists in selectively utilizing lesser-known products from startups. Attackers may not anticipate or know how to bypass these novel defenses, potentially making them more effective than market leaders in specific scenarios. Ultimately, the right mix of established and innovative technologies, coupled with robust operational processes, is what makes a real difference. With regard to data protection, there are several startups that have successfully developed technologies tailored for the Swiss market such as data loss prevention (DLP) or data encryption for SaaS solutions. For these specific use cases, working with startups enables adaptation to unique requirements, offering flexibility that mainstream products may not provide.  

Labinot Brahimi: Looking ahead a few years, how do you think AI will enable security professionals in their day-to-day job? Any specific use case where you see a clear AI application?

Alain Beuchat: I think LLMs can boost security professionals’ understanding of security alerts or incidents. It enables analysts to quickly query contextual data and obtain weighted, actionable recommendations during incident response — a major benefit for junior analysts or those in commercial SOCs dealing with many client specificities. However, this is contingent on effectively managing hallucinations, as inaccurate output could lead to significant operational failures, and maintaining sound security knowledge in the SOC and response teams.

Security tools based on statistical models or machine learning (ML) algorithms have existed for years, offering valuable support in detecting abnormal behavior. However, they frequently generate an excessive volume of false positives, creating a significant burden for security analysts. I would be extremely satisfied if an AI-powered Security Operations Center (SOC) could replace the tedious initial triage and Level 1 analysis of security events, escalating to the response teams only genuine incidents with an acceptable false positive rate and zero false negative.  

Labinot Brahimi: Last question on my end: the role of CISO has evolved quite a bit over the last decade. How do you think AI will change the role in the future?

Alain Beuchat: This is quite a challenging topic because the role of the CISO is highly complex, and it’s not necessarily something you learn at university but on the job. There are few qualities a CISO should have in my opinion:

• Technical background: There’s a common perception that CISOs may not require technical backgrounds, but in my view, having a strong technical foundation is essential. Without understanding threats like malware or having insight into the limits of technical tools, it becomes difficult to communicate effectively with teams or grasp the true understanding of residual risks
• People management: CISOs manage security teams who are often composed of people with diverse, sometimes unconventional backgrounds. Managing such teams requires understanding and flexibility, as well as the ability to bridge cultural differences within the organization
• Leadership and communication: CISOs need to engage with the board and senior management, clearly translate cyber risks into business terms that are meaningful for decision-makers. Often, business leaders may not grasp all the technical details, and ultimately, trust in the CISO’s judgment becomes key

While some aspects of the CISO role may eventually be supported by AI – such as routine tasks in SOC or incident analysis – the leadership, management, and strategic guidance of the CISO remain hard to replace. AI can relieve teams of certain repetitive tasks, but the CISO’s unique combination of skills will continue to be essential in my opinion.

About Forestay: Founded in 2018, Forestay is an early-growth Enterprise AI technology fund focused on investing across Europe, Israel and East coast of the US. Forestay is an investment partnership of B-FLEXION, a private entrepreneurial investment firm.

About Alain Beuchat: Alain Beuchat is a seasoned cybersecurity professional, currently serving as a Strategic Advisor to large financial institutions. In his longstanding career, he has overseen many teams and global cyber initiatives. Most recently, Alain was the CISO of Lombard Odier, one of the largest Swiss Private Bank. Prior to that, he was the Group CISO of UBS, one of the biggest banks in the world. His background also includes senior management roles at KPMG in the IT Advisory division and Arthur Andersen. Alain holds a Master’s degree in Electrical and Communication Engineering from EPFL.

If you are building in cyber, we’d love to hear from you. Please reach out to labinot@forestay.vc or contact@forestay.vc

Written by Labinot Brahimi