In my recent article Navigating the Grey Zones: What Trust Means in the Age of AI, I posed a few questions around the evolving nature of trust in the age of AI, highlighting the need for transparency and ethical foresight. In the hyperconnected world, where the lines between systems, devices, and organisational boundaries are blurring and AI’s presence continues to grow, firewalls alone are no longer enough, prompting organisations to re-evaluate their trust frameworks. This conversation dives into why trust has become the new frontline of cyber leadership.
“Trust, in cyber security, is not a given,” Muzamil begins. “It is a calculated decision. It is the confidence we place in people, processes, and technology to behave in a predictable, secure, and ethical manner.”
That confidence is fragile. It can be eroded by weak controls, overlooked processes, or simply a third party dropping the ball. “The Qantas breach is a perfect example,” he says. “A third-party call centre exposed customer data. Even trusted vendors can become threat vectors.”
As organisations shift to cloud-first, hybrid work, and decentralised tech stacks, the notion of a security ‘perimeter’ fades. Trust can no longer be a static decision—it must be adaptive, context-aware, and reinforced with every request.
“Zero Trust flips the old model,” he says. “No more assuming someone is safe just because they’re on the inside. Everything and everyone needs to prove they’re trustworthy at every step.”
The breach at Latitude Financial is another wake-up call. “Third-party credentials were used to walk right through the front door. A firewall wouldn’t have stopped it. That’s why Zero Trust isn’t just architecture—it’s mindset.”
For Muzamil, trust-building starts with culture, not controls. That means nurturing a safe, transparent environment, both within his team and across the wider organisation.
“Cyber security shouldn’t feel like airport security: invasive and inflexible,” he says. “We aim to build a culture of partnership.”
That culture is based on psychological safety. “My team needs to feel they can raise issues without blame,” he explains. “And with the broader business, we focus on being an enabler not a blocker.”
One example he shares is a secure printing rollout. “Instead of saying it was a compliance requirement, we framed it as a way to protect confidentiality and simplify workflows. That small shift in narrative helped us win trust—one swipe at a time.”
This mindset also shaped their approach to deploying a Secure Web Gateway. “We didn’t just switch it on and block everything,” he says. “We spent time with each department, understood their workflows, and tailored exceptions where there was a real business need. It took longer—but there was no resistance, and adoption was strong.”
“Sometimes, going slow is the fastest way to build trust that actually lasts.”
Trust also depends on leadership—especially in moments of uncertainty, where agility and assurance must go hand-in-hand.
“Leaders need to wear two hats,” Muzamil says. “One as a navigator, guiding the organisation through challenges like SaaS sprawl or AI adoption. And the other as a translator, turning technical risks into something the business can understand and act on.”
That includes knowing when to say yes, with guardrails. “We didn’t block Generative AI outright,” he explains. “We disabled uploads to prevent leakage, but allowed exploration. It’s our way of saying: yes, use the sports car but buckle your seatbelt and stay on the track.”
He also believes trust is reinforced by communication, especially when things go wrong. “When challenges arise, we’re transparent about the risk, why we’re responding a certain way, and what it means in business terms.”
Looking ahead, Muzamil sees the role of cyber leaders evolving fast.
“The future demands empathetic technologists and leaders who understand both human behaviour and digital risk.”
“Boards are asking tougher questions, and regulation is tightening. We need to be able to explain security the way a pilot explains turbulence—calmly, confidently, and without jargon.”
In a world where the perimeter is gone and complexity keeps rising, the ability to build and maintain trust is no longer a nice-to-have. It’s the core of cyber leadership. Not as a policy. Not as a dashboard. But as a daily practice—anchored in communication, context, and care.
Don’t miss the opportunity to hear more from Muzamil Rashid at CISO Melbourne - Home (22-23 July) at Crown Promenade.
Alongside this event, we are hosting OT Security Melbourne - Home (22 July), AppSec & DevSecOps Melbourne - Home (23 July) and Cloud Security Melbourne 2025 (23 July)
If you would like to share your experience and insights at our events, feel free to reach out to Maddie Abe.