Enterprise technology looked very different 25 years ago. The cloud had not yet become the invisible operating layer behind modern business. Infrastructure still felt closer to a physical room with servers, cables, access controls, and systems people could point to. That is where Vinod Kumar’s career began, and that starting point shaped the way he thinks about trust today.
That beginning matters because Kumar has not watched enterprise technology change from a distance. He has worked through each turn as it arrived. On-prem systems gave way to cloud adoption. Cloud grew into hybrid environments. Compliance moved from static paperwork toward code, evidence, and automation. Software security expanded into a much larger question about artificial intelligence, third-party connections, and the trust companies place in systems they do not fully control.
“I started in IT operations when the infrastructure still felt tangible,” Kumar says. “The tools have changed completely, but the central question has not. Can an organization prove that its systems are being run in a way people can trust?”
That question has followed him across healthcare, manufacturing, high-tech, and SaaS. Each field brought different pressures. Healthcare demanded care around sensitive data. Manufacturing required dependability across complex operations. High-tech and SaaS pushed speed, scale, and constant change. Yet the same pattern kept appearing. Companies often had security work happening in practice, but they struggled to prove it clearly when asked.
One early lesson stayed with him. Kumar saw organizations fail audits not always because they lacked security, but because they could not show the evidence behind the security they had. Controls existed. Processes existed. Good work was happening. But the proof was scattered, incomplete, outdated, or disconnected from how the business actually operated.
“That mismatch bothered me,” he says. “It is frustrating to see a team doing serious security work and still fail because the evidence does not tell the same story. That is a fixable problem, but only if leaders treat documentation and operating reality as part of the same system.”
For Kumar, that is where many companies misunderstand the difference between security and compliance. Security is the work of preventing harm. Compliance is the work of proving that the prevention is real. They overlap, but they are not identical.
A company can be secure and fail an audit. A company can pass an audit and still carry serious risk. The harder work sits between those two outcomes. It requires systems that make the truth visible, current, and repeatable.
“Security asks whether you are reducing risk,” Kumar says. “Compliance asks whether you can prove it with evidence. The real maturity comes when those two answers line up.”
That idea now sits close to his current work. As a Technical Program Manager at AWS Security, Kumar helps run security reviews of third-party vendors and integrations that connect into the AWS ecosystem. His role focuses on the trust boundary around cloud environments. It is not enough for a company to secure what it owns directly. It also has to understand what is attached to its environment, what those connections can access, and whether those outside systems meet a rigorous standard.
In many ways, this is the modern version of the same problem he first saw in audit rooms. The question is still about trust, but the surface area has expanded. A company’s risk no longer lives only inside its walls. It lives in vendors, cloud services, integrations, data flows, and now AI tools.
“When enterprises build in the cloud, they are building through an ecosystem,” Kumar says. “That means trust has to be evaluated across every connection. The weak point may not be the system you built. It may be the system you allowed in.”
Scale makes that work harder. One team can follow a strong process for a short period of time. One group can prepare for an audit. One vendor can be reviewed carefully. The challenge is keeping the same standard across thousands of controls, hundreds of vendors, and many teams over years.
Kumar sees consistency as one of the least glamorous and most important parts of security.
“Security at scale is not about doing the right thing once,” he says. “It is about doing it the same way, with the same discipline, even when the environment keeps changing.”
Building credibility in that environment has required him to speak to different audiences with equal seriousness. Deeply technical engineers want precision. Senior business leaders want risk framed in terms of impact, priority, and accountability. Academic and professional peers want proof that ideas can stand up beyond one company or one project.
Kumar has built that proof outside his day-to-day role as well. He is an IEEE Senior Member, an honor that requires peer endorsement and is held by a small share of IEEE’s global membership. He has authored more than 14 peer-reviewed publications across security, AI, and information technology management. He has published two books and holds patent in AI-based network intrusion detection systems. He has also judged cybersecurity categories for the Globee Awards, reviewed IEEE Senior Membership applications, and spoken at PMI events and chapters. He has also judged the cybersecurity categories of 2024 and 2025 Globee Awards, reviewed IEEE Senior Membership applications, and, most recently, delivered a 45-minute session on portfolio thinking at the PMI Palmetto Symposium 2026 (as a seasoned speaker).
His research has consistently pointed at one of the hardest problems in enterprise security: healthcare environments, where cyberattack rates are approximately three times higher than other industries and where average breach costs have exceeded ten million dollars per incident according to industry research from IBM. His published work in this area moves beyond signature-based detection toward identifying emerging attack patterns through machine learning, an approach he believes will be central to how regulated industries adapt their security architectures over the coming decade.
“I have always cared about the bridge between practice and scholarship,” he says. “If an idea only works in a paper, it is not enough. If a practice only works inside one team and cannot be explained, that is not enough either.”
That ability to move between practice and scholarship matters more now because AI has added another layer to the trust problem.
The problem is that visibility becomes harder after adoption spreads. Tools become embedded in workflows. Data begins moving through systems. Vendors become part of daily operations. Employees find their own shortcuts. By the time leaders ask for a clean view of risk, the picture can already be fragmented.
“AI is entering companies faster than many organizations can map it,” Kumar says. “The question is not only whether the technology works. It is whether the organization can explain where it is being used, who owns it, and what evidence shows it is being managed responsibly.”
His advice comes from seeing the same pattern across several eras of technology: trust is much harder to prove after systems are already moving at full speed. Decide who owns the risk. Document where data moves. Review third-party tools before they become essential. Keep evidence close to the work itself, so teams are not trying to reconstruct the truth after the fact.
He believes the next phase of enterprise trust will belong to companies that understand this early. Security, compliance, and AI governance have to show up in ordinary decisions, not only in reviews, reports, or leadership updates.
“Trust is not something you declare after the system is built,” Kumar says. “It has to be visible in the way the system runs, the way decisions are owned, and the way evidence is maintained.”
For more information on Vinod Kumar Dhiman,, visit his LinkedIn.
