What happened
Starburst appointed Paras Malhotra as Chief Information Security Officer to lead the company’s information security, governance, risk and compliance, and product security programs across its SaaS and on-premises offerings. The appointment comes as Starburst expands its focus on AI and data security for enterprises modernizing distributed data infrastructure.
Malhotra will work with engineering, product, and go-to-market teams to strengthen Starburst’s security posture, customer trust, privacy, compliance, and enterprise resilience. His role is tied closely to Starburst’s push into AI-native capabilities, where secure and governed access to data becomes a central requirement for enterprise adoption.
Before joining Starburst, Malhotra served as Senior Director of Information Security at Datadog, where he led information security and supported customer trust, risk management, continuous security monitoring, compliance, privacy, and AI governance programs. He previously spent nearly a decade at AWS in senior security leadership roles, including Principal Manager for AWS Security Assurance, where his teams built tooling and automation for vulnerability detection, risk assessment, remediation, and compliance readiness.
Starburst positions its platform around secure, governed access to distributed enterprise data across on-premises systems, multiple clouds, and hybrid environments. The company said Malhotra’s experience scaling security programs for cloud-native and SaaS companies will support its work with enterprises adopting AI and modern data architectures.
Who is affected
Starburst customers are directly affected because the company’s security leadership now sits under Malhotra across information security, GRC, and product security.
Enterprises using Starburst for distributed data, analytics, and AI initiatives may also be affected as the company strengthens security, privacy, governance, and resilience across its SaaS and on-premises offerings.
Security, data, and AI teams evaluating Starburst may view the appointment as relevant to customer trust, compliance readiness, and the platform’s ability to support regulated or complex enterprise environments.
Why CISOs should care
This appointment reflects the growing link between AI adoption and data security. As enterprises move AI projects from pilots into production, platforms that connect to distributed data need strong controls around access, governance, privacy, and trust.
For CISOs, Starburst’s focus on federated access matters because modern data often lives across multiple clouds, on-premises systems, and hybrid environments. Security programs must support access without creating unnecessary data duplication or unmanaged exposure.
Malhotra’s background in cloud security, SaaS security, compliance, AI governance, and security assurance also points to the type of leadership companies need as AI and data infrastructure converge.
The broader lesson is that enterprise AI security is not only about model controls. It also depends on securing the data layer, enforcing governance, monitoring access, and proving compliance across distributed systems.
3 practical actions
- Align AI programs with data governance: CISOs should ensure AI initiatives use governed, approved, and auditable data sources rather than ad hoc copies or unmanaged data pipelines.
- Evaluate vendor security leadership and scope: When assessing data and AI platforms, security teams should review who owns information security, product security, GRC, privacy, and customer trust, and how those functions support enterprise requirements.
- Strengthen controls for distributed data access: Organizations should review identity, authorization, logging, data classification, and policy enforcement across cloud, on-premises, and hybrid data environments.
Other recent cybersecurity appointments:
- Fable Security Appoints Jacob Berry as Chief Information Security Officer
- Socure Appoints Mark Carter as Chief Information Security Officer
- SolarWinds Appoints Justin Henkel as Chief Information Security Officer
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.

