Channel Women In Security: AI And Channel Strategies For The Future Of Cybersecurity

In this Channel Women in Security spotlight, Cass Cooper sits down with Orchid Security CRO Trish Cagliostroto, who talks channel-first strategies, the power and pitfalls of AI, and what it means to lead with clarity and purpose in a crowded cybersecurity landscape.

Orchid Security Chief Revenue Officer Trish Cagliostro shares her unique journey from a technical background to leading a cybersecurity firm. She discusses the importance of a channel-first approach in cybersecurity, the integration of AI, and the challenges and opportunities it presents. Cagliostro emphasizes the need for education around AI’s capabilities and limitations, and how Orchid is addressing the identity management landscape. She also reflects on her career journey and offers advice for those looking to enter the tech industry.

Watch the full episode above or visit Spotify/Apple Podcasts for this and past episodes.

Here’s a transcript of CRN’s conversation:

Trish, your path to becoming a CRO isn’t exactly traditional. Can you walk us through how you got here?

It’s definitely unconventional! I started as a subject matter expert for the Department of Defense, moved into product management—thinking, “Hey, all this cool stuff we’re writing papers about should be a product”—and eventually landed in startups. I fell in love with the sales engineering side and built out alliances before joining AWS to lead public sector security biz dev.

After a break running my own consulting firm, one of my clients, Orchid Security, just felt right. The team, the mission—it all clicked. And now I’m their CRO.

That’s a big leap. What made you say yes to Orchid?

The people, hands down. But also the product. When I learned how they’re tackling identity security, it was that same gut feeling I had with Wiz—where I said, “I’ll sweep the floors if I have to.” (Thankfully, they didn’t need that.) It turns out they needed a CRO, and I had the right mix of technical, product, and sales experience to step into the role.

Your title says CRO, but your approach sounds more like a problem solver than a traditional sales exec.

Absolutely. I always tell people, “I don’t sell things—I solve problems.” That’s especially true in security. If you can help someone understand why a challenge exists and how to fix it, that’s where the magic happens.

Let’s talk channel. You’ve emphasized a “channel-first and only” strategy. What does that really mean?

It’s not about partnering with everyone—it’s about going deep, not wide. We decided to work with one key partner this year and support them like they’re part of our own team. That kind of investment builds trust and momentum.

A lot of folks chase volume in partnerships, but if I hand out $1 to 100 people, it’s forgotten. If I give $100 to one person, it’s impactful. That’s the approach we’re taking with the channel.

How does that strategy intersect with AI and large language models (LLMs)?

AI has become a noisy space—so many vendors, so little clarity. At Orchid, we use AI to increase productivity, not replace people. Take application onboarding: most companies take six weeks per app, and many have over 1,200 apps. We help them cut that down dramatically.

By using LLMs to automate repetitive tasks—like generating onboarding questionnaires—we help teams move faster and free up human capacity for higher-value work. That’s real impact.

Are your clients nervous about AI, or are they eager?

Both. And that’s healthy. We approach AI as “sober adults,” acknowledging the limitations while embracing the opportunity. Hallucinations in LLMs? They’re real. But so is the upside. AI can support people where they struggle—like editing, writing, or organizing workflows—and that’s a huge accessibility win.

How are you reframing the AI conversation with customers?

For us, it’s not about fear. It’s about clarity and control. Customers want to know: what are you using AI for, how does it affect me, and how will it make things better?

We focus on discoverability (what’s in your environment?), gap analysis (what’s missing or misconfigured?), and automation (how do we act on what we know?). We don’t just say “AI is here.” We show them how it’s helping solve real people problems—faster, cheaper, and more securely.

If you could give advice to your younger self, what would you say?

I’d say, don’t be afraid to try things. The path may not make sense in the moment, but every experience matters. I never imagined I’d end up in security, let alone as a CRO, but here we are. The world is changing, and we need leaders with different backgrounds, different experiences. There’s opportunity in that.

Also—I thought I was going to be a sports agent. So clearly, life had other plans.

Bonus Fun Fact: Trish once testified before Congress on threat information sharing. A congressman looked at her last name and said, “Yeah… I’m not saying that.” She was also the only one on the panel to get a hard question. She handled it like a pro. Hear her response on YouTube, Spotify, and Apple Podcasts.