Not every security leader answers interview questions with polished corporate talking points. Jani Räty, Associate Director and Chief Information Security Officer at Nordic Investment Bank, approaches cybersecurity with a mix of sharp technical insight, dry humor, and open skepticism toward the growing flood of AI-generated noise consuming the industry. Beneath the jokes about hamster-powered infrastructure and intergalactic cruises is a serious observation about the modern security landscape: practitioners are increasingly forced to separate meaningful signal from an overwhelming amount of automated content, vendor spam, and performative security discourse.
That perspective makes Räty a particularly interesting addition to CISO Diaries, a series focused on the personalities, habits, and thinking styles behind today’s security leaders. With experience driving organizations toward stronger security and compliance outcomes while advising executive leadership on information security risk, Räty brings a refreshingly unfiltered voice to conversations often dominated by polished narratives. In this interview, he reflects on AI fatigue, the persistence of scams and fraud, the importance of skepticism, and why leadership sometimes benefits from a sense of humor as much as technical expertise.
How do you usually explain what you do to someone outside of cybersecurity?
My typical explanation is that I drive to provide my employers security against human and AI adversaries.
What does a “routine” workday look like for you, if such a thing exists?
I start my morning reading messages from bots, AI, and various content mills. Mostly just delete them. Occasionally, I respond, just to see if there is a human in the loop.
What part of your role takes the most mental energy right now?
If I must choose, it would be the content mills and AI slop.
What’s one security habit or routine you personally never skip? (Work or personal.)
I never skip an opportunity to demote or report frauds and scams.
What does your own personal security setup look like? (Password manager, MFA, backups, devices, at a high level.)
I run my personal home-lab with Commodore64, a 56k modem, and hamster-powered flywheel.
What book, podcast, or resource has influenced how you think about leadership or security? (Doesn’t have to be technical.)
Anything from Terry Pratchett has been the driving force of my management style.
What’s a lesson you learned the hard way in your career?
Never replace a human with AI! Just think of Skynet!
What keeps you up at night right now, from a security perspective?
Midnight sun. Could one just turn it off?
How do you measure whether your security program is actually working?
I measure it with the number of clicks on my LinkedIn profile, as well as interview emails from various content mills.
What advice would you give to someone stepping into their first CISO role today?
Run, you fool!
What do you think will matter less in security five to ten years from now?
We will most likely have run out of datacenter capacity for content mills, so most security content is created by humans.
Looking ahead 10 years, what do you believe security teams will spend most of their time on that they don’t today?
I am betting on intergalactic cruises.
