Cybersecurity is often reduced to tools, alerts, and compliance checklists, but the real work of security leadership happens in moments of judgment, trade-offs, and long-term thinking. CISO Diaries was created to capture that reality.
This interview series explores how leading security executives around the world actually operate: how they structure their days, stay ahead of emerging threats, build teams, and make high-impact decisions under pressure. By focusing on routines, habits, and personal philosophies, CISO Diaries offers an unfiltered look at the mindset behind modern cybersecurity leadership, where curiosity, discipline, and resilience are just as critical as technology.
About the Interviewee: Sergey Tairyan
Sergey Tairyan is a cybersecurity leader with over 15 years of experience designing, leading, and transforming security programs across multiple industries. He has deep expertise in security operations, including building and managing SOCs, implementing SIEM and DLP platforms, and securing environments through IAM, PAM, endpoint protection, and mobile device management. Sergey previously served as a Chief Information Security Officer and currently advises Yerevan Municipality on information security while founding OmniSec, a security-focused venture launched in 2026.
Known for his attacker-minded approach, Sergey combines hands-on ethical hacking with long-term security strategy, crisis management, and incident response planning. His background also includes scientific work in steganography and post-quantum algorithms, positioning him at the forefront of emerging threats in an AI- and quantum-driven future. Across his roles, Sergey is driven by a clear goal: reducing real-world risk while ensuring organizations remain resilient, adaptable, and operational, even when the unexpected happens.
How do you usually explain what you do to someone outside of cybersecurity?
I help organizations and people protect themselves in cyberspace by managing and reducing cyber risk. In real life, buildings need locks, alarms, cameras, and security guards, and in the digital world, companies need the same level of protection for their data, systems, infrastructure, and online operations. My role is to identify where things could go wrong, think like an attacker, uncover what can be exploited, simulate real attack scenarios, eliminate weak points before criminals find them, and ensure the business stays resilient and continues operating – even when something unexpected happens.
What does a “routine” workday look like for you, if such a thing exists?
A typical day starts with reviewing security alerts, including anything that happened overnight. When needed, I refine detection logic by updating or adding new rules across our security systems. I also read cyber news and monitor darknet forums to stay ahead of zero-day vulnerabilities and emerging threats. Throughout the day, I align priorities with stakeholders through meetings, review the security roadmap, and track execution across the team. I hold regular one-on-one sessions with interns and team members to mentor them and support their growth. I also dedicate time to ethical hacking – I genuinely enjoy finding vulnerabilities myself. And I always reserve time for learning, currently focused on agentic AI and its role in the future of cybersecurity.
What part of your role takes the most mental energy right now?
The part of my role that currently takes the most mental energy is finding the right talent. It’s often easier to hire interns and develop them over 6-12 months than to find strong mid-level or senior professionals who can step in and deliver results immediately. Building a capable, well-aligned team requires patience, long-term thinking, and consistent mentoring.
At the same time, another major challenge is ensuring resilience and adaptability across other departments when we implement new security tools, controls, or policies that affect their daily processes. Security improvements can introduce friction and require teams to adjust established workflows, which naturally creates resistance. That’s why I focus on finding the harmony between comfort and security – strengthening protection without slowing down the business or making operations unnecessarily complex.
What’s one security habit or routine you personally never skip? (Work or personal.)
One security habit I never skip is reviewing cyber news and monitoring darknet forums. After lunch, I also dedicate time to reading something new that is not directly related to technology – material that challenges my thinking and requires deep understanding, such as a complex mathematics article. I see the brain like a muscle: if you train it consistently, it becomes stronger and more capable. For me, reading and working through math is one of the best ways to stay mentally sharp, maintain situational awareness, and remain prepared to respond to emerging threats.
What does your own personal security setup look like?
My personal security setup spans multiple platforms, including Linux, macOS, Windows, iOS, and Android. This multi-OS approach allows me to continuously test emerging technologies, develop application,s and optimize performance across different environments, while staying ahead of trends and understanding security implications at both desktop and mobile levels. I use a local password manager, enable multi-factor authentication wherever possible, and maintain backups exclusively on local storage with no cloud dependency – ensuring I retain the highest level of control over my data.
What book, podcast, or resource has influenced how you think about leadership or security?
When I was a child, I read Sir Arthur Conan Doyle’s The Adventure of the Dancing Men and was fascinated by how Sherlock Holmes could decrypt a hidden message. I had a similar experience with Edgar Allan Poe’s The Gold-Bug. Later, as a teenager, I read Kevin Mitnick’s The Art of Deception and realized that in security, the weakest point is often the human factor.
From a leadership perspective, one book that influenced me deeply is Paramahansa Yogananda’s Autobiography of a Yogi. I recommend it because it offers a powerful perspective on discipline, humility, and human nature, and it helps you understand mentorship on a deeper level: how to guide people, build trust, and lead with clarity and patience.
What’s a lesson you learned the hard way in your career?
If you’re traveling on the wrong train, the further you go, the more expensive it becomes to turn back. That’s why it’s critical to be clear about what you want in your career and where the company is headed – so your efforts stay aligned with the right direction.
What keeps you up at night right now, from a security perspective?
What keeps me up at night is that there’s still no truly accessible security solution for everyday users – people like my parents or kids. Most cybersecurity tools are designed for enterprises and come with high cost and complexity. That’s why I built an AI agent called Oky.ai, currently available on Telegram: https://t.me/oky_ai_bot, and I’m actively developing a dedicated mobile app. Users can simply send Oky.ai a link, and it will assess whether it’s safe, suspicious, or potentially malicious. My goal is to make cybersecurity simple, practical, and accessible for everyone.
How do you measure whether your security program is actually working?
A security program is effective when it delivers sustained business risk reduction – fewer high-impact incidents, lower exposure across crown-jewel assets, and a measurable burn-down of the organization’s most critical risks over time. It also requires proven control effectiveness, where safeguards such as MFA, EDR, centralized logging, vulnerability remediation, and resilient backups are deployed on the assets that matter most and continuously validated under real-world conditions – not merely documented for audit purposes.
Ultimately, true maturity is reflected in operational resilience: the ability to detect, contain, and recover rapidly (MTTD/MTTR supported by regular restore testing and incident-response exercises), ensuring that routine threats never escalate into business-disrupting crises.
What advice would you give to someone stepping into their first CISO role today?
Effective security starts with a deep understanding of the business. The better you understand how the organization operates, the more accurately you can identify real risks, prioritize the right controls, and implement mitigations that protect the business. This is the most important foundation – deeply diving into the business context.
Once you understand the business, it becomes clear that the CISO role extends beyond technical expertise – it is equally a strategic and diplomatic position. Success depends on advancing initiatives through influence, collaboration, and alignment with organizational priorities, ensuring security enables the business rather than slowing it down.
What do you think will matter less in security five to ten years from now?
I anticipate the human factor will matter less in security over the next five to ten years. Kevin Mitnick famously highlighted that human behavior is often the weakest link in cybersecurity. In the era of Cybernetics 3.0 – where humans and AI work back-to-back rather than one replacing the other – many human-driven vulnerabilities will be significantly reduced. AI will augment human decision-making in real time, lowering the likelihood of errors, strengthening prevention, and improving overall resilience.
Looking ahead 10 years, what do you believe security teams will spend most of their time on that they don’t today?
Looking ahead 10 years, I predict the line between enterprise and personal security will blur. Security teams will not only protect corporate assets but will also help safeguard employees in their personal digital environments – because that currently unprotected space can easily become an entry point into the enterprise. Additionally, post-quantum cryptography and new steganography techniques will increasingly replace traditional cryptographic approaches. Security teams of the future will focus on defending organizations against AI-powered and quantum-enabled threats, combining advanced technologies with proactive, intelligence-driven security strategies.