Apex Executive Insights
By Maxim Hudaley, CISO at Complete Genomics
Q: You run security for a genomics company. What makes that different from any other CISO role?
The data.
Your genome is among the most sensitive forms of personal data there is — immutable, inherited, and shared in part with your family. There’s no password reset. No breach notification that undoes the damage. And no meaningful way to revoke exposure once that information is out.
Most CISOs protect data that can be rotated, revoked, or reissued. In genomics, you’re protecting data that is permanent. A Social Security number can be replaced. A genome cannot. That changes the security equation — from risk modeling to incident response to how you think about stewardship and custody at a fundamental level.
On top of that, sequencing pipelines increasingly rely on AI models with access to highly sensitive biological data and valuable intellectual property. Securing a genomics company means securing not just the infrastructure, but also the analytical layer that drives interpretation and downstream decisions.
Q: You’ve written about AI models inside sequencing pipelines being an attack surface. Can you explain that?
This is still an under-discussed threat vector in many CISO conversations.
We spend a lot of time talking about SIEM tuning, MFA fatigue, ransomware readiness, and identity controls — all of which matter. But in genomics, one of the most important attack surfaces may be the AI model embedded in the sequencing or interpretation pipeline itself.
Recent research has started to make that risk more concrete. Work from Princeton and Stanford highlighted how DNA foundation models may be vulnerable to jailbreak-style attacks, while separate research from Johns Hopkins and Oxford raised concerns that safety controls based on data exclusion may be more fragile than many assume under adversarial fine-tuning. The broader point is not that every model is immediately exploitable in production, but that the model layer deserves the same scrutiny we apply to any other high-impact system.
Operationally, that means your AI model may function like an unmonitored privileged user. It can have access to highly sensitive data, influence outputs that drive downstream decisions, and operate with far less behavioral visibility than a human or service account would. A compromised or poorly governed genomic model could do more than leak data. It could affect variant interpretation, distort research workflows, or produce outputs that existing biosecurity controls are not designed to evaluate well.
Q: AI agents are proliferating across enterprises. How do you see this playing out from a security perspective?
I was at HumanX in San Francisco recently, and the mood shift was unmistakable. The defensive posture is out. The builder mentality is in.
Every business function — HR, Finance, Sales, even the CEO — is experimenting with AI agents, often without the kind of formal IT process or security review we’ve historically expected for new systems. That creates a familiar problem in a new form: shadow IT, but faster, more autonomous, and much more capable.
The attack surface is expanding faster than many teams can staff or govern for.
Organizations need leaders who understand both the opportunity and the blast radius, and that combination is still relatively rare.
Security professionals who can’t speak the language of product, speed, and business value are going to struggle. The next two years could create one of the most intense hiring environments cybersecurity has seen, especially for leaders who are fluent in both AI and risk.
Q: What’s your approach to AI security governance?
I start from a simple principle: if an AI model has access to your data, it has to be governed like a privileged user.
That means having a real inventory of models, clear access controls, logging around inference activity, visibility into training and fine-tuning data provenance, and monitoring for drift or anomalous behavior. AI Security Posture Management is becoming a core capability, not a future nice-to-have.
The World Economic Forum’s Global Cybersecurity Outlook found that the share of organizations assessing the security of AI tools rose significantly in a single year. That’s an encouraging shift, but it also shows how quickly expectations are changing. AI governance needs to be part of the security baseline, not a special project.
Beyond tooling, I advocate for red-teaming models, not just perimeters. Adversarial ML testing should become as routine as penetration testing, especially for systems that touch sensitive data or influence important decisions. And if a vendor’s assurance begins and ends with “we removed dangerous data from training,” that’s not enough. The real question is how they validate model behavior under adversarial conditions.
Q: How do you think about the intersection of AI and leadership in cybersecurity?
The CISO role is being redefined in real time.
It’s no longer enough to be the person who says “no.” You have to be the person who helps the business move quickly without taking on unacceptable risk. That requires a different posture — one that combines technical depth with business fluency.
AI is the accelerant. It speeds up innovation, threats, and decision-making all at once. The leaders who will thrive are the ones who can operate in both dimensions: understanding the technology well enough to assess risk, and understanding the business well enough to articulate opportunity.
I use AI tools in my own work — for threat analysis, automating parts of security operations, and keeping up with research. The CISO who isn’t fluent in AI is already behind. But fluency isn’t just about using the tools. It’s about understanding their failure modes, attack surfaces, and governance requirements.
Q: What keeps you up at night?
The convergence of three things: the sensitivity of genomic data, the pace of AI capability growth, and the lag in regulatory frameworks.
AI models can now help predict the functional impact of non-coding genetic variants, support interpretation workflows, and accelerate research in ways that would have seemed distant not long ago. The analysis layer is already here, and it is moving faster than most regulatory and governance frameworks can adapt.
At the same time, most people have very little visibility into what happens to their genomic data once they provide it to a consumer or healthcare organization. The intersection of genomics, AI, and security remains underexamined relative to its importance. That gap between technical capability and governance maturity is where a great deal of the real risk lives — and it’s where I focus my energy.
Final Thought
The most sensitive data many of us will ever generate sits inside our own cells.
As an industry, we’ve built increasingly sophisticated defenses around financial data, health records, and intellectual property. But the data that defines us at a biological level still is not protected or governed with the rigor its sensitivity demands. Securing the AI-genomics frontier is not just a technical challenge. It is a long-term responsibility.
About Maxim Hudaley, CISO at Complete Genomics
With more than 25 years of experience in cybersecurity, infrastructure, and digital transformation, Maxim leads security for one of the world’s leading genomic sequencing companies. A CISSP-certified executive and AI practitioner, he sits at the intersection of cybersecurity, artificial intelligence, and biotechnology — helping protect some of the most sensitive data on earth: the human genome. Maxim is a member of the NIST NCCoE Working Group on Cybersecurity and Privacy of Genomic Data, the Alliance of Chief Executives, The CISO Society, and (ISC)².

ROLE DESCRIPTION
We are looking for a Business Development Manager to join the company and take on one of the most opportunistic roles the industry has to offer. This is a role that allows for you to create and develop relationships with leading solution providers in the enterprise technology space. Through extensive research and conversation you will learn the goals and priorities of IT & IT Security Executives and collaborate with companies that have the solutions they are looking for. This role requires professionalism, drive, desire to learn, enthusiasm, energy and positivity.
Role Requirements:
Role Responsibilities
Apex offers our team:
Entry level salary with competitive Commission & Bonus opportunities
Apex offers the ability to make a strong impact on our products and growing portfolio.
Three months of hands on training and commitment to teach you the industry and develop invaluable sales and relationship skills.
Opportunity to grow into leadership role and build a team
Extra vacation day for your birthday when it falls on a weekday
All major American holidays off
10 paid vacation days after training period
5 paid sick days
Apply Now >>