Navigating the Fault Lines: A Cybersecurity Engineer’s Perspective on Agility and Culture

Prioritization, risk management and incremental approaches help bridge the gap between regulatory compliance and cyber defense 

By Corinium Global Intelligence  

In the world of financial cybersecurity, where the pressure of regulatory compliance collides with the breakneck speed of evolving digital threats, security leaders are forging a new path.   

For Felipe Giraldo, an associate directory cybersecurity engineer at Helaba, the key to modern defense isn't necessarily a new technology, but a philosophy that prioritizes human dynamics, strategic nuance and a culture of enablement. 

At the heart of his approach is solving the dilemma of balancing strict oversight from regulators with the agility needed to combat fast-evolving cyber threats. 

“There is no magic bullet,” says Giraldo. “It’s a matter of prioritization, risk management and incrementalism.”  

His use of incrementalism is the pragmatic acceptance that some situations have no perfect solutions, only “less-bad” ones – and the goal is to continuously improve over time.  

Giraldo is a strong advocate for Governance, Risk, and Compliance  Engineering – a growing discipline that merges engineering principles with security governance, risk and compliance management. He calls this a “complete paradigm shift” that uses automation to make compliance processes as responsive as the threats they are designed to mitigate. 

From business blocker to strategic enabler 

This philosophy of integration is central to how teams should interact with business units like trading and digital banking, he says. He is adamant that security must be a business enabler, not a barrier.  

“Every security job description comes with the implied caveat that we must be enablers, not blockers,” he says. “Getting to ‘yes, and’ requires a mindset of curiosity and a stubborn insistence on finding common ground.” 

He believes that when done right, security boundaries are not walls but the prerequisites for building with confidence. 

But Giraldo acknowledges that this is often difficult, quoting a mentor who said: “being in security means being able to have career-limiting conversations, every day.”  

In those tense moments, he likes to examine ideas from multiple, conflicting perspectives to reach a balanced outcome. 

Evolving skills to navigate the future 

As the industry accelerates its move to multi-cloud environments, Giraldo believes the security team’s skill set must expand – that it’s no longer enough to have a single cloud security expert. 

The scope of knowledge is expanding, he says. Necessary skills now include policy-as-code, infrastructure-as-code, DevSecOps practices and cloud-native GRC engineering. 

“An ideal security team would have all of these skills,” Giraldo says. 

Giraldo's personal system for staying secure embodies his methodical approach: He uses a “subscribe, block, and automate” method on his phone. He subscribes to trusted sources, makes alerts “as noisy as possible” and then uses apps like AppBlock and Tasker to silence his phone and filter the noise, delivering only the most critical information to his inbox. 

“This allows me to have a completely silent phone and maintain a very precise and granular filter,” he says. 

 Looking ahead, he is focused on the double-edged sword of advanced artificial intelligence. 

“Obviously, Model Context Protocol servers and agentic AI are the most exciting tech developments of my time,” he says, noting he is already tracking reports from firms like Volexity and Wiz on AI-powered attacks in the wild. 

Beyond AI, he is excited about the potential of emerging sub-disciplines like GRC engineering, detection engineering and chaos engineering to bolster financial security teams.  

For Giraldo, the future of cybersecurity in banking rests not on a single tool, but on a foundation of strategic pragmatism, deep collaboration and a focus on the human elements that form an organization’s truest line of defense. 

“The boundaries of security, when done right, aren't barriers, they're the prerequisites for building with confidence,” he says. “It's our job to figure out what that looks like tactically and technically.” 

Felipe Giraldo was a speaker at our CISO New York event in September. Register your interest for the 2026 event here.