At Forestay, we view Cybersecurity as a core investment pillar. In a world of accelerating AI adoption and ever-evolving threats, safeguarding digital assets is mission-critical — offering both risk mitigation and exceptional growth potential.

To better understand the role Cybersecurity plays within large enterprises, we’ve launched a series of conversations with CISOs and security leaders, sharing their journeys and insights from the frontlines of cyber defense.

This third conversation features the perspectives of Patrick Blanc, CISO @ Nexthink.

‍

Labinot Braimi – Patrick, you have a solid background as a security leader, from Google to Nexthink, which was recently acquired for $3B by Vista. Could you tell us a bit more about your journey?

Patrick Blanc:  My journey to becoming a CISO has been somewhat atypical. I started my career in IT at various banks and gradually transitioned into security over time. Early on, I had the opportunity to take on the CISO role at Gunvor, a large commodities trading company. It was an extremely steep learning curve on two fronts.

First, from a technical perspective, I had to build the entire security stack end to end, as security had not been strategically prioritised before my arrival. Second, I learned how to navigate organisational politics – working with the leadership team and the Board to push the cybersecurity agenda, which is rarely a straightforward path.

Later, the opportunity to join Google presented itself. It was a chance I simply couldn’t pass up, both professionally and personally.

‍

Labinot Braimi – At Google, you held several different roles, correct?

Patrick Blanc: Yes. I initially joined the Paris office in a role that sat at the intersection of security and privacy, at a time when GDPR was taking shape and being implemented. Shortly afterwards, I moved to Zurich to join the DeepMind security team, when it was still primarily an AI research lab. I supported the CISO in securing intellectual property as well as the applications we were testing across use cases such as robotics and protein folding.

After a few years at DeepMind, I moved into a leadership role within Google Cloud Security, where I was responsible for the secure‑by‑default programme. It was an extremely technical and demanding role.

‍

Labinot Braimi – What makes Google such a fortress when it comes to cybersecurity, and what lessons did you take away from your time there?

Patrick Blanc: Google follows two fundamental principles when it comes to security. First, there must always be multiple layers of defence in place—one breach should never be sufficient for bad actors to successfully carry out an attack. The second principle is cultural: everything built at Google is designed with the assumption that humans are the weakest link and will make mistakes. This mindset is deeply embedded in Google’s culture and is methodically applied before any product is shipped.

It’s also worth noting that Google significantly strengthened its security posture following Operation Aurora in 2009–2010, when a Chinese state‑sponsored group carried out a successful cyberattack. Many pioneering innovations emerged in the aftermath, such as BeyondCorp, which effectively laid the foundations for zero‑trust architectures, as well as state‑of‑the‑art anti‑phishing technologies. After 2010, Google became a very different organisation from a security perspective, earning its reputation as a cybersecurity fortress.

‍

Labinot Braimi – Moving from large organisations to a scale‑up like Nexthink, how have your role and responsibilities as a CISO changed?

Patrick Blanc: Nexthink was actually a product I knew well before joining the company in 2024 – I had procured and become a customer during my time at Gunvor. Moving from Google to Nexthink, the scale and available resources are obviously very different.

A few aspects are worth highlighting. I work with a very small but highly technical team that can lead end‑to‑end initiatives with minimal supervision, which is essential in a resource‑constrained environment. Another priority is driving a strong security culture across the entire company, not just within the security function. This is especially important within engineering, where the focus is on building secure‑by‑default products.

Finally, Nexthink operates as a B2B enterprise scale‑up serving large organisations with extremely high expectations around compliance, privacy and security. As a result, my team and I are often deeply involved in customer and prospect discussions on these topics.

‍

Labinot Braimi – I recently attended RSA, where AI security dominated the agenda as organisations push for large‑scale adoption. From a CISO perspective, how do you balance adoption with security?

Patrick Blanc: Nexthink is a product‑first company that provides deep visibility into enterprise IT environments and therefore handles a significant amount of data. For context, Nexthink is deployed across more than 20 million endpoints of some of the largest and most sophisticated companies in the world. The recent acceleration driven by generative AI has been a major boost to our product roadmap.

At the same time, we must be absolutely flawless from a security perspective when delivering AI‑powered features—whether agents or chatbots—to our customers.

Internally, the push to adopt AI for operational efficiency is also very strong. Engineering was the first department to rapidly adopt AI tools to improve productivity, and in parallel we implemented new security controls to protect AI development workflows. Where the risk exposure increases is when teams such as HR or Finance begin using AI agents to automate tasks. Many of these agents operate with access rights similar to those of human users, yet they lack human judgement or an understanding of the consequences of their actions. This creates a mismatch with security frameworks originally designed for people.

Our focus is therefore on defining AI use cases with a clear business rationale and a limited “blast radius” should something go wrong.

The AI momentum will only continue to accelerate. The greatest risk for enterprises today is attempting to block AI usage entirely, which often results in employees turning to shadow tools that are far less secure and far harder to control.

‍

Labinot Braimi – Building on that, what are the main risks Nexthink is currently facing, and how do you see this evolving?

Patrick Blanc: There are three key risks I would highlight. First and foremost, we must continue to deliver highly secure AI features. We simply cannot afford to deploy a product into customer environments that behaves unpredictably.

Second, the security of our SaaS Cloud infrastructure remains critical. As we develop, ship or adopt agentic AI solutions, we have to ensure they do not introduce novel weaknesses that could materially impact our customers.

Finally, reliability and customer data security are paramount. Maintaining a very high security bar for agents deployed across tens of millions of endpoints is non‑negotiable.

While these risks are not fundamentally new, AI introduces a rapidly evolving attack surface. Staying one step ahead is essential to avoid compromise.

‍

Labinot Braimi – It feels like we have moved beyond managing human–LLM interactions to deploying autonomous agents across business functions. How should organisations deal with this new level of autonomy?

Patrick Blanc: This is one of the most significant challenges ahead. Modelling how autonomous agents will behave and the steps they will take to complete tasks is extremely difficult. This uncertainty is precisely why many security leaders are cautious about widespread deployment. While prompt security will remain important, securing agent actions themselves will increasingly become the primary focus.

We’ve already seen examples – such as Open‑source autonomous tooling – where it becomes very difficult to properly ground agents or enforce meaningful constraints. Agents will often find ways to bypass controls that were originally designed for human workflows. As a result, CISOs and security teams are struggling to realistically simulate agent behaviour and secure execution paths.

Many of the AI agents available today are conceptually impressive, but they are far from enterprise‑ready from a security standpoint. This gap is a major source of tension between Boards and executive teams pushing for adoption and the security realities required to deploy AI safely at scale.

That said, organisations must remain open‑minded, closely track the pace of change and adapt accordingly. IT and security leaders at C‑level need a strong understanding of how AI is evolving and how it impacts their environments if they want to drive long‑term efficiency and remain relevant.

‍

Labinot Braimi – Are there areas where you already see AI meaningfully supporting defensive security teams? Which use cases are materialising first?

Patrick Blanc: Absolutely. Exploit development and vulnerability research are areas where AI is already having a significant impact by fundamentally changing how work is done. This capability is increasingly necessary to keep pace with attackers who are using AI to launch broader and more targeted campaigns.

Within security operations, Level‑1 analysts have seen clear productivity gains, particularly in accelerating root‑cause analysis and adding context to alerts in order to close investigations faster. Another, often overlooked, area is AI’s ability to quickly generate tailored dashboards and analyse security data with little effort, enabling clearer communication with IT teams, senior leadership and Boards.

These are all areas where we have already implemented AI‑driven solutions to meaningfully improve the productivity of our security teams.

That said, many solutions in the market excel at marketing rather than delivery. While there is considerable innovation, a large number of tools still lack the maturity required for enterprise‑grade adoption.

‍

Labinot Braimi – If you had a magic wand and could solve one security challenge overnight, what would it be?

Patrick Blanc: Identity. Driving universal adoption of resilient authentication mechanisms is critical, particularly as the ratio of machine identities to humans continues to skyrocket. If we could easily guarantee the integrity of communications between all parties, it would be transformative.

‍

If you are building in cyber, we’d love to hear from you. Please reach out to labinot@forestay.vc or contact@forestay.vc

Written by Labinot Braimi

‍