Kristina Beek , Associate Editor , Dark Reading February 5, 2026 Source: Dark Reading As organizations grapple with increasingly sophisticated threats, the need for leaders who can balance technological innovation with robust risk management is paramount. In this episode of "Heard It from A CISO," Dark Reading's Kristina Beek sits down with Col. Georgeo Xavier Pulikkathara, a seasoned cybersecurity expert and CISO at iMerit, to explore the challenges, insights, and lessons learned from his ongoing journey in the field. Georgeo's path to becoming a cybersecurity leader started early on, perhaps before he even realized what the destination would look like. From solving Rubik's Cubes at the age of 12 to serving as a colonel in the US Army, his career has been defined by a passion for problem-solving and a commitment to protecting critical assets. With experience spanning Wall Street, Microsoft , and military operations, Georgeo brings a unique perspective to the table — one that blends technical expertise with a deep understanding of human adversaries and organizational vulnerabilities. Throughout the conversation, Georgeo shares invaluable advice for aspiring cybersecurity professionals, emphasizing the importance of mastering fundamentals, building character, and embracing continuous learning. He reflects on the pivotal moments that shaped his mindset, from encountering real-world threats like the Slammer and Blaster viruses to defending against nation-state actors targeting critical infrastructure. His insights offer a compelling look into the evolving landscape of cybersecurity and the qualities that make a leader stand out in this demanding field. As artificial intelligence (AI) and automation continue to transform the industry, Georgeo is optimistic about the future of cybersecurity. He believes that while technology will evolve, the human element — our ability to innovate, adapt, and solve complex problems — will remain irreplaceable. For anyone looking to enter or grow in this field, his advice is clear: focus on building a strong foundation, seek out mentors, and never stop learning. Also, check out our other installments in this series: " Mentorship & Diversity: Shaping the Next Generation of Cyber Experts, " with Patricia Voight, CISO at Webster Bank; " Think Like an Attacker: Cybersecurity Tips From a CISO, " with Etay Maor, CISO at Cato Networks; " Bridging the Skills Gap: How Military Veterans Are Strengthening Cybersecurity, " with Bruce Jenkins, CISO at BlackDuck, Jeff Liford, associate director at Fenix24, and Frankie Sclafani, director of Cybersecurity Enablement at Deepwatch; " From Chef to CISO: An Empathy-First Approach to Cybersecurity Leadership, " with Myke Lyons, CISO at Cribl; " Fastly CISO: Using Major Incidents as Career Catalysts, " with Marshall Erwin, CISO at Fastly; " From FBI to CISO: Unconventional Paths to Cybersecurity Success, " with Kaseya CISO Jason Manar; " Cyber Career Opportunities: Weighing Certifications vs. Degrees, " with longtime CISO Melina Scotto; and " Male-Dominated Cyber Industry Still Holds Space for Women With Resilience, " with Weave Communications CISO Jessica Sica. Heard it From a CISO: Full Transcript This transcript has been edited for clarity. Kristina Beek : Hi, I'm Kristina Beek. I'm an associate editor with Dark Reading, and I'm here with another episode of Heard It from A CISO, where I'm joined by Georgeo Xavier Pulikkathara, who is a CISO at iMerit. Can you introduce yourself and tell me about the work you currently do and the role of a CISO at your company? Georgeo Xavier Pulikkathara : Absolutely. I'm a US Army veteran, a colonel in the US Army Cyber Operations, and the CIO and CSO at iMerit. At iMerit, my role is to balance technology modernization while ensuring risk management is handled correctly. A big part of this is protecting a global distributed workforce and safeguarding client data. Essentially, we focus on protecting the organization and ensuring the security and privacy of our clients' data. KB : What does the journey to getting where you are look like? Did you have an early interest in cybersecurity, or did you study it in college? How did you get here? GXP : It's a long story, but I'll summarize. For me, it started early. I was the kid at 12 who solved the Rubik's Cube — I liked solving problems. Many things in cybersecurity are like that: solving problems others don't even realize exist. People often think, "It works fine; I don't need to worry about vulnerabilities." But we work to ensure data is protected, follow best practices , and do what's right — not just for our organization but for our clients as well. I'm currently building out a full cybersecurity team to ensure we're adhering to best practices. It's been a great experience, and I'm having fun working at iMerit. KB : You mentioned starting at an early age. How did your mindset shift from "making things work" to "making things work securely"? GXP : That shift happened for me around 2003. I went from focusing on making things work to ensuring they worked securely. Once you understand how networks operate, how data flows, and what needs to happen, you realize how vulnerable things can be. Then you start asking, "How do I encrypt that data ? How do I secure data at rest and in transit?" It's a big part of cybersecurity. KB : I see your past work includes leadership roles at Microsoft, PMO, and capital markets. What would you say are the key characteristics or technical skills needed to be a leader in cybersecurity? GXP : There are different thoughts on this, but I believe starting at the bottom is important. I got my first job because a friend in college said, "Hey, George, we need someone in the IT department." I started by making cables, building computers, and working on networks. I spent the first five years of my career understanding how data flows across networks and the OSI model. I focused on the network and application layers because that's where many vulnerabilities occur. For new people entering the field, it's crucial to understand the fundamentals — how data flows, the network layers, and the OSI model — so you know how to protect that data. KB : When you talk about people having a fundamental understanding, what would you recommend for those entering the field or pivoting into cybersecurity? Should they pursue formal education, certifications, or something else? GXP : If I were hiring someone today, I'd look for character, competency, and commitment. Character is the ability to admit mistakes, research solutions, and correct errors. Commitment means sticking with the job and not hopping around. Competency comes from education, certifications, and practical experience. I believe in a "golden triangle" of security certifications , a degree, and hands-on experience. For those entering cybersecurity, it's essential to understand vulnerabilities — software, hardware, and patching — and build a strong foundation. Start with entry-level certifications and work your way up. A college degree is also valuable, especially in understanding business models, which is critical for cybersecurity professionals. My undergraduate degree was in finance, but I volunteered at computer labs and attended hackathons to learn and grow. Mentors and hands-on practice were key to my journey. KB : You mentioned your degree in finance and volunteering in cybersecurity-related activities. You also have experience as a US Army veteran. How has that influenced your views on cybersecurity and risk? GXP : Heavily. When I was younger, I focused on making things work — solving problems and ensuring networks functioned. As I worked my way up to being an IT manager on Wall Street, I started encountering real threats, like the Slammer and Blaster viruses. Those incidents woke me up to the reality that there are people actively trying to damage and take down companies. It shifted my perspective to focus on protecting organizations and mitigating risks . It was a big mind shift for me. At the same time, my time in the military helped me realize that despite any goodwill we may have, there are still people out there who want to do harm to our nation. As a cyber operations officer, I started as an infantry officer, where we followed tactics like defend, attack, offense, and defense. In cyber operations, we applied similar principles — red team , green team, blue team — and spent time on cyber ranges defending and identifying key terrain. Key terrain refers to critical information assets that need protection, such as account data, client data, or medical data in hospitals. The higher the value of the asset, the more controls are needed around it. This has influenced me significantly. I also spent time understanding nation-state threat actors . Early in my career, I was more focused on malware — cleaning viruses and moving on. Now, I see determined human adversaries who aim to break into networks, steal intellectual property, commit fraud, and damage businesses. As a colonel in the US Army Cyber Operations, I focus on threats to critical infrastructure. AI is rapidly becoming critical infrastructure, touching large amounts of data and large language models. At iMerit, we ensure data annotation and fine-tuning are secure, screen individuals handling the data, and conduct continuous monitoring to prevent fraud or breaches. KB : Considering the rise of AI, what would you say to entry-level individuals concerned about whether this field is growing and has space for them? GXP : I wouldn't worry about it. Similar concerns arose when the first PC came out, with people convinced it would change the field entirely. The key is continuous learning. For example, as a CISSP, I complete 120 hours of continuing education every three years. I attend user group meetings, conferences, and presentations to stay updated on the latest threat landscape. AI is a technology trend , but understanding how it works and following a m