Digital trust has emerged as one of the most important differentiators for businesses in today’s hyper-connected world. With organizations accelerating their digital transformation journeys, the ability to safeguard data and inspire confidence among customers has become mission-critical. Yet, as cyber threats evolve at lightning speed, education and awareness often remain the weakest links. To explore how continuous cyber education strengthens resilience and trust, Tech Achieve Media spoke with Chetan Anand, Associate Vice President – Information Security and CISO at Profinch Solutions, and ISACA Global Mentor and Volunteer.
TAM: Digital trust has become a critical differentiator for organizations today. In your view, how does cyber education directly contribute to restoring and strengthening digital trust?
Chetan Anand: Cyber education has become a cornerstone in the effort to restore and reinforce digital trust. By equipping individuals and organizations with the ability to navigate the digital landscape with confidence, competence, and caution, it helps address both technical and human vulnerabilities in cyberspace.
Also read: ISACA Launches Advanced in AI Audit (AAIA) Certification
One of the most significant contributions of cyber education is in enhancing awareness and minimizing human error. As both technology and regulatory frameworks evolve at a rapid pace, organizations must continuously adapt and build resilience against cyberattacks. Periodic or annual training is no longer sufficient. Instead, education must be an ongoing process that encompasses employees, contractual staff, partners, and service providers, and anyone who interacts with organizational systems and data.
The need is particularly urgent in regions such as India, which has emerged as a hotspot for cybercrime. Cybercriminals today are not only targeting devices but also attempting to manipulate human behavior. This shift underscores the importance of ensuring that individuals at all levels understand how to protect themselves and their organizations.
Cyber education also plays a key role in promoting responsible digital citizenship. It instills awareness of how, when, and where to share information online, reinforcing the reality that even deleted content may persist in digital records. Beyond awareness, it focuses on building competence through training, certifications, hands-on experience, and continuous professional development, thereby strengthening the overall security posture.
Another essential aspect is fostering transparency and accountability. When a breach occurs, concealing it is not an option. Regulatory bodies impose strict timelines for disclosure, and customers expect prompt reporting if their data is compromised. Acknowledging incidents and taking responsibility not only fulfills compliance requirements but also strengthens organizational credibility and trust.
Also read: 93% Organizations in India Lack Quantum Computing Strategy: ISACA
Finally, cyber education empowers organizations to innovate with confidence. This is closely tied to the concept of HQ Parties introduced by me, an approach built around key principles:
- Honesty
- Quality
- Privacy
- Availability
- Resiliency
- Transparency
- Integrity
- Ethics
- Security
Together, these elements form the foundation of digital trust. By embedding these values into education, policy, and practice, organizations can ensure they are not only defending against threats but also building a trustworthy digital ecosystem for the future.
TAM: With cyber threats evolving rapidly, what gaps do you see in current cybersecurity awareness and education, both at the professional and organizational levels?
Chetan Anand: Here I’d like to mention trends like Nano Banana Ghibli. It has definitely created a lot of positive vibes. People are using it to generate portraits with well-known personalities, or even with loved ones who are no longer around. For many, it brings back fond memories and creates a very personal, emotional connection.
On the fun side, you can literally place yourself anywhere, whether it’s in front of the Statue of Liberty, the London Bridge, or the London Eye. It feels exciting, almost magical.
But like with any new technology, there are two sides to the story – opportunities and risks. The biggest concern here is around identity. Every time you upload a personal photo, you’re sharing personally identifiable information (PII). And once it’s out there, you don’t always know who has access to it or how it might be used. It could even end up being misused, say for identity theft or being posted on inappropriate platforms.
Then there’s the issue of deepfakes. With the way AI and deep learning have advanced, it’s becoming harder to tell what’s real and what’s not. That’s a serious risk both for individuals and for organizations.
At the workplace level, the challenge is that not everyone in an organization is equally trained in cybersecurity. And you’ll always have people, like sales or marketing professionals, who are constantly on the move meeting customers. They may not always have the same level of security awareness as IT staff. So the big question is: how do we make sure everyone stays informed and alert? That’s where the real challenge lies.
TAM: How is ISACA helping enterprises and professionals stay ahead in terms of governance, risk, and cybersecurity education to build a digitally trustworthy ecosystem?
Chetan Anand: Thanks to ISACA, it really acts as a one-stop shop for cybersecurity professionals. You get access to everything you need, whether it’s the ISACA Journal, which publishes the latest industry developments, or other technical resources such as blogs, white papers, and research articles. Incidentally, I’m one of the reviewers for the ISACA Journal, and it’s a great way to continuously learn from global best practices.
A good example of ISACA’s contributions is the Digital Trust Ecosystem Framework (DTEF). This framework enables organizations to implement a strategic approach that covers multiple initiatives, be it quality, information security, business continuity, or privacy. Instead of working in silos, you can apply this single framework across all of these areas.
ISACA has also released thought leadership on emerging technologies, such as a white paper on trustworthy AI. It highlights how organizations can integrate AI and ML into their processes responsibly, using the DTEF as a foundation.
Beyond publications, ISACA organizes conferences and summits at both global and local levels. Every chapter, whether in a city or region, hosts annual conferences, along with regular monthly awareness sessions. These platforms are excellent opportunities to learn, share knowledge, and bring back practices that can be implemented within organizations.
And here, I prefer to say “good practices” rather than “best practices,” because in cybersecurity there’s really no such thing as best. What is considered secure today may be misused tomorrow. Take VPNs, for example. A few years ago, VPNs were promoted as secure tunnels. Today, we also see them being exploited to launch attacks. So it’s always about identifying both the risks and the opportunities, and building resilience as an organization. For me personally, ISACA has been a fantastic source of knowledge and growth. The insights I’ve gained have directly helped me apply and strengthen cybersecurity practices within my own organization.
TAM: Could you highlight some of ISACA’s key courses, certifications, or training initiatives, especially around AI and emerging technologies, that are equipping professionals to manage digital trust challenges?
Chetan Anand: ISACA offers a wide range of trainings and certifications in emerging technologies namely blockchain, AI, or cloud. There’s plenty to choose from, depending on your area of interest. An important distinction ISACA makes is between certificates and certifications, with both designed to strengthen competence. And competence, of course, is key when it comes to adopting and working with new technologies.
Recently, ISACA launched two notable certifications: the AI Audit Certification, which is the world’s first advanced AI audit certification, and AISM (Advanced in AI Security Management Certification). These add to the already existing AI Fundamentals Certificate. Beyond certifications, ISACA also offers eight dedicated AI and ML trainings that create a clear learning path. For example, someone with no prior AI background can begin with AI Fundamentals, and then progress through areas like AI Governance, Ethical Perspectives in AI, Machine Learning for Business Enablement, and more advanced topics such as Machine Learning, Neural Networks, Deep Learning, and Large Language Models (LLMs). There’s also training on the AI Threat Landscape.
On the audit side, ISACA provides two specialized programs: Introduction to AI for Auditors and Auditing Generative AI. Together, this makes up a very comprehensive suite, eight trainings, two certifications, and one certificate, focused specifically on AI. This is especially valuable because, in conversations with industry professionals, one concern we often hear is the shortage of certified cybersecurity and AI professionals. Many individuals earn a certification once but don’t continue to update their skills. ISACA helps address that gap by providing a structured, continuous learning pathway.
TAM: Looking ahead, what role will continuous cyber education play in ensuring organizations and individuals maintain resilience and digital trust in an AI-driven, hyper-connected world?
Chetan Anand: In today’s rapidly evolving digital landscape, a single certification is no longer sufficient. While earning one is an achievement to be proud of, it cannot cover the full breadth of knowledge required in cybersecurity. The field itself is vast and interconnected with multiple domains such as privacy, artificial intelligence, blockchain, and even cybercrime.
Personally, I hold over 100 certifications, and the list continues to grow. The reason is simple: as regulations and technologies change, new trainings and certifications emerge to address those developments. For example, with the introduction of India’s Digital Personal Data Protection Act (DPDPA), new roles have opened up within organizations namely Chief Privacy Officer, Data Protection Officer (DPO), and Privacy Manager. Alongside these roles, certifications like ISACA’s CDPSE (Certified Data Privacy Solutions Engineer) have become increasingly relevant. Similarly, when the IT Act was introduced in India in 2000, no certifications existed around it. But today, with new legislation like the DPDPA, several organizations offer structured training and certifications to build competence.
Globally, we see similar trends. The European Union’s DORA (Digital Operational Resilience Act) and the EU AI Acthave already come into effect, creating demand for specialized training. For instance, under the EU AI Act, any AI-generated content must be labeled or watermarked as such. Without proper training and awareness, organizations would struggle to implement these requirements. This underscores why competence development through continuous learning is crucial.
Customer expectations are also shifting. Previously, clients would ask for copies of an organization’s security or privacy policies. Today, they demand deeper accountability, and questions such as: What controls have you implemented for AI? Have you identified AI-related risks? Are your suppliers adhering to your AI governance requirements? These are the kinds of discussions taking place now.
ISACA has been proactive in this space. For example, it has introduced an AI Acceptable Use Policy, similar to traditional acceptable use policies for IT and security. This framework helps organizations define what is permitted, what is restricted, and the documentation required to ensure compliance. It also emphasizes explainability, and organizations must be able to show how data was generated, where it originated from, and whether it was created or influenced by AI.
Finally, the concept of data sovereignty has gained prominence. Organizations and regulators increasingly demand that data remain within national borders. If data must be transferred internationally, there is an expectation that it will be protected with equivalent levels of security and privacy in the destination country.
This evolving landscape makes one thing clear: professionals cannot afford to stop learning. Continuous training and certification are essential to remain relevant, adapt to regulatory changes, and build the trust that customers and regulators now demand.
