CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 03, 2026

Zoom CISO: AI as Security Enabler, Not Role-Replacer

Dark Reading Archived Jun 03, 2026 ✓ Full text saved

As Zoom's CISO, Sandra McLeod, discusses the challenges of securing a global communication platform, the promise of AI-driven security workflows, and advice for aspiring cybersecurity leaders.

Full text archived locally
✦ AI Summary · Claude Sonnet


    CYBERSECURITY OPERATIONS CYBERSECURITY CAREERS APPLICATION SECURITY ENDPOINT SECURITY INTERVIEWS Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know. Zoom CISO: AI as Security Enabler, Not Role-Replacer As Zoom's CISO, Sandra McLeod, discusses the challenges of securing a global communication platform, the promise of AI-driven security workflows, and advice for aspiring cybersecurity leaders. Kristina Beek,Associate Editor,Dark Reading June 2, 2026 SOURCE: DARK READING At a Glance Build intentional networks, gain cross-domain expertise, and focus on where your interests lie. Zoom addresses challenges like pandemic-era "Zoom bombing" through user education. Instead of eliminating jobs, AI automates repetitive tasks, allowing security teams to focus on complex problem-solving. In an era where artificial intelligence is reshaping the cybersecurity landscape at unprecedented speed, Sandra McLeod, CISO at Zoom, offers a compelling perspective on the future of digital defense. With years of security experience spanning from penetration testing at Cisco to leading security initiatives at one of the world's most widely used communication platforms, McLeod brings a unique technical foundation to her leadership role. Her journey to the CISO position reflects the evolving nature of cybersecurity leadership itself. Now, as CISO at Zoom, she emphasizes that there's no "one right way" into the field, encouraging aspiring professionals to start where their interests lie. The key, she stresses, is building exposure across multiple security domains rather than staying siloed in one specialty. She also says that cybersecurity welcomes a diverse array of individuals: women, she says, have an opportunity to succeed in a technical field often dominated by men. McLeod credits her success to intentional networking and the support of allies and sponsors who championed her advancement — a reminder that while technical skills open doors, relationships and mentorship can determine whether or not you’re actually able to get through them. Related:Anthropic's Mythos Has Landed: Here's What Comes Next for Cyber Over the years, as Zoom transformed from a niche business tool into a household necessity during the pandemic, the company faced unprecedented security challenges, including the phenomenon of "Zoom bombing." McLeod discusses how the company has evolved its approach to security, emphasizing a philosophy of "secure by default" while maintaining user flexibility.  Looking ahead, McLeod sees a future where AI serves as an enabler rather than a replacement for human security professionals. From automating repetitive tasks in security operations centers (SOCs) to developing more resilient systems capable of withstanding AI-powered attacks, McLeod's vision represents an optimistic perspective about technology's role in staying ahead of evolving threats.  This is part of Dark Reading's ongoing Heard It From a CISO video series, which features frank, exclusive conversations with cybersecurity leaders in the trenches. Check out the entire series here. Heard It From a CISO With Sandra McLeod: Full Transcript This transcript has been edited for clarity and length by Informa TechTarget's internal AI assistant. For the full experience, please watch the video.  Dark Reading’s Kristina Beek: Hi, everyone. My name is Kristina Beek, and I'm here for another episode of Heard It From a CISO with Dark Reading, and today I'm joined with Sandra, and she is CISO at Zoom. Thank you so much for being here today. Related:Helping Romance Scam Victims Requires a Proactive, Empathic Approach Sandra McLeod: Thank you for having me. DR's Kristina Beek: So, I would love if you could give us a little bit of your background and introduce yourself for us. Sandra McLeod: I've been at Zoom for five years. I have been heavily focused on security assurance, enterprise security, offensive security, and then shifted into the role about a year ago. So, we're just now coming up on my one-year mark for being in role as CISO here. It's been a wild ride, for sure. My background, let's see, so … I started out in software development and, really built up a passion for security, had an opportunity to shift fully into security about now 15 years ago. I moved over to Cisco and started out in pen testing, like probably a lot of product security folks do, and then really just expanded my interests across red-teaming and systems, beyond just product security. DR's Kristina Beek: Yeah, awesome. So, I did look up your background in terms of your education, and I saw that you have a bachelor's in, I think, computer engineering or computer science. And then the same with your master's. Would you say that background, and then starting in software, influences how you approach the role as CISO? Because I've found that a lot of people come into CISO with entirely different backgrounds, and honestly, that's the case for cybersecurity in general. Related:RSAC 2026: How AI Is Reshaping Cybersecurity Faster Than Ever Sandra McLeod: Yeah, that's really interesting. So, yeah, I think each background brings different perspectives. What I think is particularly helpful for me at Zoom in this role, coming from the background that I do, is understanding the challenges with security when it comes to operating a tech company, and how do you balance security with getting product out the door, and that's always a challenge. So, I have a good, innate understanding of those challenges when you're building product. You're facing tight timelines, you've got this high pressure to get things out the door. And yet, you can't sacrifice security. So, it definitely creates some unique perspectives that I'm actually really grateful for. DR's Kristina Beek: Yeah. So, can you tell us a little bit about how your experience so far as CISO has been? Because I perceive it as this role that's sort of the bridge between technical cybersecurity and then the business, C-suite of it all, translating it to that business side. Would you say that's accurate in your experience at Zoom? Sandra McLeod: Yeah, absolutely. So, the thing is that we, just like everything else where you've got these requirements, you need to meet them, but then there are these business challenges, and we need to be able to support the business. We try to look at security from the lens of how we can enable our business. So that's one of the primary drivers for us, is how do we enable the business? And we do that in a few ways. How do we make frictionless security processes that still provide a really deep view of our product, ensuring that the earlier we can get involved in our product security, then the less friction there is. So that's our goal, is to get involved early to build security in, so that we're not coming in and bolting security on after, which causes a lot of friction. That's just one example. How do we work with our cloud teams to anticipate and account for all those security requirements as they're building out a new data center? So, really trying to focus on how do we reduce that friction and impact and enable the business to move faster while still ensuring that we're meeting all of our security requirements. DR's Kristina Beek: Absolutely. So you've been in cybersecurity for what seems like a while now. As a woman, what has the experience in this field been like for you? From your perspective, have you seen it change throughout the years? Do you feel like it's more welcoming to women now, in general, or to women in leadership specifically? Sandra McLeod: Gosh, that's really interesting. I think one of the things for me is that I've been extremely lucky to work at places where there has been a lot of allyship, sponsorship for women, and leadership in general. So, I don't know that my journey and my experiences are the same that others may experience in other places. I've had some amazing allies and sponsors who have really been super supportive, extremely helpful in sponsoring and encouraging me to push for advanced roles. So, my experience has been really, really, wonderful, something that I'm very grateful for with all of the, support that I've received, and at Zoom, I feel like we have really good representation from female leadership across our executive team. DR's Kristina Beek: Yeah, absolutely. Is there any advice you would give to women interested in going into cybersecurity, or for women who are interested in cybersecurity leadership? Sandra McLeod: Yeah. For sure, if cybersecurity is what you're interested in, if you're interested in being a leader in this space, my absolute recommendation is 100% go for it. Do not let the fact that you are female change that. The biggest advice I'd have, really for anybody, but I do think perhaps it's even more important for females, is building that network. So, you know, I think almost all of the roles that I've gotten, jobs that I've had over the last 20 years, have been through connections, and knowing that there's an opportunity, and someone sharing, "Hey, you should look at this, I think you'd be a good fit." So, really having that network is super important, and building that network intentionally, it doesn't just happen. You need to continue to make those connections too, especially with other women. There's real benefit to us in building that network of other female leaders in this space, too. DR's Kristina Beek: Absolutely, yeah, thank you for that. When it comes to Zoom — so I was in college from 2017 to 2021, which was part of the pandemic era. So that's where I came to know about Zoom, because it was just being used everywhere to keep people connected, whether it be work, for me it was school. So, with this major uptick with the use of Zoom during that era, also came some problems like "Zoom bombing" [i.e., unauthorized people joining Zoom calls]. Do you still find that that's a prominent cybersecurity issue for the company, or things related like that? Sandra McLeod: I think a lot of Zoom bombing and the challenge there was really around educating our administrators and users so that they understood what power they have within Zoom to really control the meeting, and to control who joins, how they join, how they show up. So, I think we've definitely done a lot more in terms of educating our users to help prevent problems where we can. A lot of that is through understanding what those configurations are that you can control. But any communication platform, whether it's social media or news outlets, any kind of communication platform can be abused. So, it is something that we're always constantly thinking about, looking at, and looking at how we build in protections and enhance those protections for our users. DR's Kristina Beek: Yeah, absolutely. Would you say that it's the platform's responsibility to provide protections, but also the user's responsibility on their end to practice good cyber hygiene? Sandra McLeod: It's a partnership, yes. So, we definitely feel that responsibility on our side. We have to give you all of the options that you can leverage, and we have to make it really easy to use them. If they're hard to find, people aren't going to use it. So, it's really important that we do our part to make it easy to secure your meetings, to secure your communications. What we focus on is secure by default, and then giving you the option, because sometimes there are times where you need to open things up. So, trying to build in that security by default, but giving options to open it up if you want. DR's Kristina Beek: Going back to your background, now you have two degrees related to this field in computer engineering, computer science. But there are a lot of different paths, education-wise, that people can take to go into cybersecurity now. So, if somebody wanted to pursue this field, whether they're right out of high school, right out of college, maybe they're making a transition from a different career, is there one path that's better than another, or how would you recommend they go about that? Sandra McLeod: That's a good question. I think it really depends on what your interests are. There are a lot of paths, and there is no one right path, and if you talk to a hundred different CISOs, you'll probably find a hundred different paths that they took to get here. That's the nice thing about it, is that there are so many parts, and security has so many different domains, whether it's our product security, our network security, cloud security, endpoint security. There's an endless number of areas for learning. So, what I think I would tell people is, start with where your interests are. If you're interested in networking, and you like to play around with routers and understanding their configurations, start there. If you're interested in software and writing code, developing code, start there. If you're interested in systems and system administration, start there. If you're interested in security compliance — etc. Start where you're interested. But then what I would encourage is to look around and look at opportunities to bridge into other areas. I think the most important thing in the path to the CISO role is getting that exposure across multiple domains, and that can be hard if you're always focused in one area. So, continuing to ask questions, get exposure and experience in other domains, and bridge across those other domains to build that understanding and experience is really important. DR's Kristina Beek: When it comes to Zoom as a company, what are your views on artificial intelligence? How are you guys incorporating that into your Zoom products, if you are? Sandra McLeod: Yes, 100%. So, if you are asking about AI and our products, we are now really following the mantra of an AI-first platform. We are looking at how AI can be leveraged and every aspect of communication, and not just communication, but productivity. So, how can you go from a meeting to then using AI to do that follow-up. We call it "conversation to completion," where you start with a meeting, you have a conversation, you identify, perhaps, some action items, some follow-ups. How do you then have AI help you do all of those follow-ups and automate that? So, for sure, we have a lot of AI capabilities that we're building into our product. That's one area.  But then we're also looking at how does AI help us with our tasks and workflows every day within security. So, some of the areas where we're using AI, I think everybody's looking at, how do you build agentic AI workflows in your SOC? That's a really big area for us. But really, it's looking at every single opportunity — we've given a mandate to our teams to say, "Look at every one of your tasks and workflows that are repeating, how do you then automate those with AI? How do you have AI do those repetitive tasks so that you can really spend your time focused on the important things that require human judgment, advanced logic, how do you scale out using AI? How do you increase your capabilities?" So, we're looking at how we can use AI to support all of our different tasks and workflows, but then also, on the other side of defense, we're looking at how do we use AI to help build out our capabilities for finding vulnerabilities, for detecting attacks, for supporting investigations and remediation. DR's Kristina Beek: Piggybacking off of that, there are a lot of concerns, especially with people who are graduating today and going into the workforce ... they're wondering, "Is AI taking my job? Will there be a job out there for me?" What is your response to that? Sandra McLeod: Yeah, so, you know, definitely not anytime soon. I would say that the ways we're using AI and where AI brings value is in automating the repetitive tasks that we really don't want to focus on, so that we can focus on the more important things. So, that's where I continue to focus my team on, is implementing AI so that you can do other more advanced work, you can increase your coverage. Right now, as we continue to grow with number of products, just really rapid growth across our company, how do we keep up? AI is going to be the only answer for how we keep up. So, AI as an enabler is really important. AI to increase our capabilities, to be able to perform analysis at a speed and scale that we can't. But we still have to guide it. We still have to tell it, "Here's what I need you to look at, here's what I need you to do," but we still have very much human in the loop for a large portion of the really important, impactful work that we're doing every day. DR's Kristina Beek: Awesome, love that. My last question, and you can interpret this however you'd like, what does the future of cybersecurity look like to you? Sandra McLeod: Wow. Gosh, that's a really, fun thing to think about. When I think about how AI has impacted our industry, I think that we all knew that it was coming, it's just we didn't realize the speed with which things were going to keep evolving. So, there's so many different things that we're looking at in terms of AI helping us identify vulnerabilities, and you hear about Mythos and the ability to find vulnerabilities that we've never been able to find before, and the concern is, of course, what does that mean in the hands of an attacker? So, I think what is really interesting to me is, can we get to a point where we can use AI to really build out extremely resilient systems, resilient products, so we move faster than attackers? Right now, we're always behind the ball with attackers. We're always running to try to get ahead of them, but it's a race. And so, with AI, how do we build more resilient systems that can stand up to AI-powered attacks and threats? I think that a lot of what we're going to be looking at is building more autonomous processes and workflows again, so that we can focus on the harder problems, focus on even the more innovative solutions for security, and I think it's a really exciting time. I think we're at a real inflection point in history. I'm excited to see what AI brings to us in the future. DR's Kristina Beek: Awesome, I love to hear that. Well, thank you so much for taking the time to speak with me today. I so appreciate it. This was such an insightful conversation. Sandra McLeod: Wonderful. Thank you so much for having me, I really enjoyed it. Read more about: Heard It From a CISOCISO Corner About the Author Kristina Beek Associate Editor, Dark Reading Kristina Beek is associate editor at Dark Reading, where she covers a wide range of cybersecurity topics and spearheads video-related content, where she contributes both content and production skills to Dark Reading's expanding video coverage. She is the creator and host of the Heard It From a CISO video series, where she interviews CISOs, directors, and other industry strategists to provide insights into the ever-evolving cybersecurity landscape. In addition to her editorial work, Kristina manages Dark Reading's social media channels (including social video), and has held numerous roles within Dark Reading over the years, including copy editor and breaking news reporter, before transitioning her focus to multimedia journalism. Kristina graduated from North Carolina State University in 2021 with a degree in Political Science, concentrating in law and justice, and a minor in English. During her time at NC State, she honed her writing skills by contributing opinion pieces to the university's newspaper, as well as writing fiction, poetry, and short essays. Upon graduating, she began her career as a content editor, focusing on higher education topics before joining Dark Reading in December of 2022. Currently based in Washington D.C., you can find Kristina reading, taking walks in Georgetown, trying all the restaurants she can, and taking pictures of all the dogs she sees. Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports How Organizations Are Managing Incident Response How Enterprises Are Developing Secure Applications Inside RSAC 2026: security leaders reveal the risks redefining your defense strategy Essential News & Insights from Black Hat USA 2025 How Enterprises Are Harnessing Emerging Technologies in Cybersecurity Access More Research Webinars The Frontier AI Era: Why Cybersecurity Must Move at Machine Speed Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack Defending in the Shadow Era: When the CVE Feed Goes Dark Building SecOps That Make the Most of Every Dollar AI-Powered Credential Security: Intelligence Without Exposure More Webinars You May Also Like CYBERSECURITY OPERATIONS Hand CVE Over to the Private Sector by Brian Martin JAN 27, 2026 CYBERSECURITY OPERATIONS China Imposes One-Hour Reporting Rule for Major Cyber Incidents by Robert Lemos, Contributing Writer OCT 01, 2025 CYBERSECURITY OPERATIONS CISA, FBI, NSA Warn of Chinese 'Global Espionage System' by Alexander Culafi AUG 28, 2025 CYBERSECURITY OPERATIONS Women Who 'Hacked the Status Quo' Aim to Inspire Security Careers by Elizabeth Montalbano, Contributing Writer JUL 16, 2025 Edge Picks APPLICATION SECURITY AI Agents in Browsers Light on Cybersecurity, Bypass Controls CYBER RISK Browser Extensions Pose Heightened, but Manageable, Security Risks CYBERSECURITY OPERATIONS Video Convos: Agentic AI, Apple, EV Chargers; Cybersecurity Peril Abounds ENDPOINT SECURITY Extension Poisoning Campaign Highlights Gaps in Browser Security Latest Articles in The Edge CYBER RISK Focus on Cyber Insurance: How Quantifying Risk Is Reshaping Security MAY 28, 2026 THREAT INTELLIGENCE State Cyber Leaders Push Congress for More Funding, Support MAY 26, 2026 CYBER RISK Verizon DBIR: Healthcare Fends Off Increased Social Engineering Attacks MAY 22, 2026 CYBERATTACKS & DATA BREACHES Processes & Culture Top Reasons Behind Data Breaches MAY 20, 2026 Read More The Edge Want more Dark Reading stories in your Google search results? BLACK HAT ASIA | MARINA BAY SANDS, SINGAPORE Experience cutting-edge cybersecurity insights in this four-day event. Use code DARKREADING for a Free Business Pass or $200 off a Briefings Pass. GET YOUR PASS
    💬 Team Notes
    Article Info
    Source
    Dark Reading
    Category
    ◇ Industry News & Leadership
    Published
    Jun 03, 2026
    Archived
    Jun 03, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗