In an era defined by AI, robotics, and hyper-connected enterprises, cybersecurity is no longer just about compliance or risk prevention. It’s a strategic enabler that drives innovation, protects critical assets, and builds trust. We spoke with Kevin T. Shin, Samsung Semiconductor’s cybersecurity executive, about how Information Security has evolved into a value-creating partner and what it takes to embed security at the heart of AI-driven organizations.
Security has moved from the basement to the boardroom. Once focused solely on compliance and risk prevention, Information Security is now a strategic partner that enables innovation, protects critical assets, and builds trust in an AI-driven, data-centric world.
We sat down with Kevin T. Shin, cybersecurity executive at Samsung Semiconductor Inc., who leads global security strategy across advanced R&D and Sales & Marketing operations in the U.S. A U.S. Army veteran and former Infantry Major, Kevin brings over two decades of experience in defense, risk management, and emerging technologies, applying mission-tested frameworks to align security with business outcomes.
In this interview, Kevin discusses how the role and strategic value of Information Security have evolved over the past decade and what it takes to make security a proactive driver of AI innovation.
How would you describe the current role and strategic value of Information Security in modern enterprises and how has this role evolved over the past decade?
Kevin T. Shin: Over the past decade, the role of Information Security has moved from the basement to the boardroom. Historically, security was seen primarily as a gatekeeping function, focused on compliance, incident prevention, and saying no when risk seemed high. In today’s AI-driven, data-centric economy, that definition is obsolete. Security has become a core element of business value creation, because every modern enterprise now runs on digital trust. 
Security has become a fundamental driver of business value because modern enterprises operate on digital trust.
Its strategic value now lies in enabling organizations to move fast with confidence, allowing the adoption of AI, cloud, and automation without hesitation. It plays a critical role in protecting differentiating assets such as data, models, intellectual property, and the innovation pipeline itself. It also underpins institutional trust across customers, regulators, partners, and employees.
In many organizations, Information Security has evolved from a purely technical function into a leadership discipline that connects technology, business strategy, and ethics. The companies that will thrive over the next decade will not simply be those with the strongest controls, but those that can innovate boldly because they trust the resilience of their systems and culture
With AI transforming how businesses operate, what changes are necessary for Information Security to move from a reactive function to a proactive driver of AI innovation?
Kevin T. Shin: To become a proactive driver of AI innovation, security must shift from after-the-fact inspection to up-front architectural participation. AI-related risks are shaped by choices around models, data sources, vendors, and deployment patterns. When security is only brought in at the end, its role is largely restrictive. Early involvement allows teams to shape safer and faster paths forward.
Security also needs to communicate in business terms rather than technical metrics. Instead of focusing on vulnerabilities, it should highlight outcomes like protected time-to-market, reduced regulatory exposure, sustained brand trust, and safeguarded innovation pipelines.
Finally, security must embrace automation and AI itself. Manual processes designed for legacy systems cannot keep up with AI-driven enterprises. Proactive security relies on continuous monitoring, adaptive controls, intelligent detection, and integration into CI/CD and MLOps pipelines. It is not about being stricter, but about anticipating innovation instead of chasing it.
What mindset shifts are needed, both among security professionals and organizational leadership for Information Security to be recognized as a value-creating partner in AI initiatives?
Kevin T. Shin: Two mindset shifts are essential. For security professionals, the shift is from policing to partnership. The role is not about stopping bad things from happening, but about enabling the right things to happen safely and at machine speed. This requires curiosity about business models, empathy for engineers and product teams, and a willingness to design guardrails instead of walls. The most effective security leaders today do not ask how to block an initiative, but how to make it safe enough to succeed and win.
For organizational leadership, the shift is from viewing security as insurance to recognizing it as infrastructure. In the AI era, trust infrastructure such as identity, data integrity, and resilience enables sustainable growth in the same way power or networking infrastructure does. Organizations that support this dual mindset stop treating security as a cost center and begin to recognize it as a competitive capability.
What structural or process changes can help ensure that security is embedded by design in AI, robotics, and IT innovation, rather than treated as an afterthought?
Kevin T. Shin: Embedding security by design requires structure rather than slogans. Product and AI development lifecycles need to formally include security checkpoints across data acquisition, model training, and deployment. These should function as collaboration points, not approval gates.
Security architecture also needs to be treated as enterprise architecture. Concepts such as zero trust, identity-centric design, data classification, and segmentation are not security add-ons but foundational architectural patterns for AI-era systems.
At the same time, security skills must be distributed across the organization. Security by design cannot be achieved through centralization alone. Developers, data scientists, and engineers need practical training and tools so security becomes part of how they think and build, rather than something handed off to another department. Security by design ultimately happens when security stops being a step in the process and becomes a habit of engineering.
As data, AI models, and intellectual property become critical business assets, how should organizations rethink security in terms of risk management, protection, and resilience?
Kevin T. Shin: Organizations need to start treating data and AI models the way previous generations treated factories and physical assets. This requires a shift in how risk is understood and managed.
Security needs to move from a perimeter-based approach to a data-centric one, where identity, encryption, lineage, and usage governance matter more than network boundaries. At the same time, risk management must evolve from a focus on incident prevention to an assumption of compromise, with systems designed for continuity, resilience, and recovery at both the data and model levels. Organizations also need to move beyond technical loss and quantify risk in business terms, including customer trust, revenue impact, safety, regulatory consequences, and strategic disadvantage.
The core shift is recognizing that AI systems do not just process value but represent value themselves. Protecting them is not IT hygiene, but a fundamental part of enterprise risk management.
Today, security teams are often not involved early in AI product or model development. What is missing in the current collaboration model, and how can this gap be closed?
Kevin T. Shin: What is missing is simple: security is usually invited as a reviewer rather than a co-designer. This happens because many organizations still associate security with delay instead of enablement.
Closing the gap requires including security by default in product and AI governance councils. Security teams need to bring solutions, not just findings, and leadership must set the expectation that speed and safety are not opposing forces. When security engages early with the mindset of helping teams move faster safely, collaboration shifts immediately and more effectively.
You’ve advocated for a more proactive approach to Information Security. What does this look like in practice, and what impact have you seen from adopting this model?
Kevin T. Shin: A proactive security model is built on continuous visibility into where data, models, and identities actually reside. It relies on pre-approved safe patterns, such as standardized templates for cloud environments, data pipelines, and AI deployments, that teams can use without friction. It also emphasizes security as mentorship rather than just review, with architects and engineers working closely together.
In practice, this approach leads to faster deployments, fewer last-minute redesigns, a stronger culture of ownership, and significantly higher trust from business leaders. The impact goes beyond reducing incidents; it fosters a greater willingness to innovate because risk is understood and actively managed, not ignored.
You evangelize an approach of a centralized IT Security Center of Excellence combined with decentralized security champions across the organization to drive awareness, scale, and impact. Why and how effective do you see this approach being in your organization?
Kevin T. Shin: This approach works because centralized expertise without local ownership is incomplete, and local ownership without centralized expertise is ineffective. A Security Center of Excellence provides standards, reusable patterns, advanced expertise, and enterprise-wide visibility. Security champions embedded within business and engineering teams bring proximity, speed, context, and peer credibility.
Together, they create scale without losing control, innovation without chaos, and a security function that feels supportive rather than intrusive. This model mirrors how high-performing organizations operate in areas like AI and DevOps, and security should be no different.
Why is close collaboration between the CIO, CAIO, and CISO increasingly critical in the AI era, and what does successful alignment between these roles look like?
Kevin T. Shin: Close collaboration is critical because these three roles together co-own the enterprise nervous system. The CIO manages platforms and operational foundations, the CAIO drives value creation through data and AI, and the CISO ensures trust, resilience, and responsible use.
When they operate in isolation, AI initiatives stall, risks grow unnoticed, and enterprise architecture becomes fragmented. When aligned, they enable organizations to move at AI speed without sacrificing control or integrity. Successful alignment involves shared roadmaps, joint governance of the data and model lifecycle, and unified communication to boards and business leaders.
Looking ahead to 2030, how do you see the Information Security profession evolving into a value-driven, innovation-enabling function within AI-powered enterprises?
Kevin T. Shin: By 2030, Information Security will be seen not as a brake pedal, but as a stability control system that allows organizations to accelerate with confidence. AI-assisted security operations will be standard, security engineering will be embedded in every product team, and boards will measure trust and resilience alongside revenue and growth.
Security leaders will act as strategic advisors rather than compliance enforcers. The organizations that succeed will understand a simple truth: winning is not about moving the fastest, but about moving the fastest safely. Leaders who master that balance, like a race car driver managing both accelerator and brake, will define the next era of digital innovation.
If you want to see how cybersecurity can evolve from a control function into a core driver of AI and business innovation, Kevin T. Shin’s keynote at Data Innovation Summit 2026 is a must-attend. Drawing on real-world lessons from Silicon Valley, he will explore how next-generation security architectures create trust, speed, and resilience across AI, robotics, and hyper-connected ecosystems.
This session is ideal for executives, AI and data leaders, and security professionals who want to learn how to integrate security into business strategy, accelerate innovation safely, and master the balance between speed and protection in today’s fast-moving AI landscape.
