Rao opens by explaining DigiTran’s mission: helping insurance organizations evolve from legacy systems into modern, AI supported operating environments. He outlines why insurance is uniquely sensitive to modernization cycles given the regulatory landscape, the importance of claims accuracy, and the constant need for faster service for policyholders. Rao describes how AI shines in straightforward claims workflows, especially situations where outcomes are predictable and repeatable. At the same time, he emphasizes that high complexity claims still demand human involvement, empathy, and judgment.
The conversation shifts to workforce evolution. Rao details how AI does not eliminate people, but pushes organizations to retrain and rethink skill development. He explains why prompt engineering is becoming a necessary capability for future professionals and shares how he created a promptathon that taught students how to approach prompts systematically. His lesson is simple and powerful: as technology changes, the workforce must adapt in ways that preserve value, not shrink it.
Rao and Matthew then explore AI's growing influence on security. Rao highlights why traditional rule based approaches cannot keep up with sophisticated threat actors who use AI to enhance phishing, social engineering, and lateral movement. He explains why companies must deploy AI powered detection tools, implement strict procedures, and train end users repeatedly to close the weakest link. His examples include major cyber incidents impacting insurers and how downtime directly affects revenue and operational stability.
Leadership is a key theme throughout the episode. Rao shares a story from his early career about how CEOs once viewed technology as simply the equipment department. This motivated him to change leadership perception and demonstrate IT's strategic value. His advice to CIOs and CISOs is clear: communicate wins, translate technical work into business outcomes, engage executives proactively, and shape organizational safety culture. Technology leaders must speak the language of the business and present themselves as contributors to revenue, efficiency, and protection.
The episode concludes with Rao’s forward looking vision for the future of programming and AI. He describes his concept of NTH Generation Programming, a shift toward natural language interfaces that eliminate the need for traditional coding structures. For Rao, this is not an evolution but a revolution that will transform how systems are built, maintained, and optimized across industries.
Resources mentioned in this episode:
Matthew Connor on LinkedIn
This episode is brought to you by CyberLynx.com
CyberL-Y-N-X.com.
CyberLynx is a complete technology solution provider to ensure your business has the most reliable and professional IT service.
The bottom line is we help protect you from cyber attacks, malware attacks, and the dreaded Dark Web.
Our professional support includes managed IT services, IT help desk services, cybersecurity services, data backup and recovery, and VoIP services. Our reputable and experienced team, quick response time, and hassle-free process ensures that clients are 100% satisfied.
To learn more, visit cyberlynx.com, email us at help@cyberlynx.com, or give us a call at 202-996-6600.
Matthew: Matthew Connor here, host of the Cyber Business Podcast. Today we're joined by Rao Tadepalli, CEO and Founder of DigiTran. Rao, welcome to the show.
Rao: Thank you, Matthew. Love to be here. We appreciate the opportunity.
Matthew: Absolutely. Great having you. Before we get too far in, a quick word from our sponsors.
[SPONSOR READ: This episode is brought to you by CyberLynx.com. Do you know if a hacker is in your system? Most people and most companies don't — until it's too late and the hacker has already done damage. A hacker's job is to bypass your security, so companies need a way of knowing when someone has gotten past their defenses. That's where CyberLynx comes in. We've partnered with the best cybersecurity companies in the world to provide our clients with the best solutions at the best prices — whether it's managed SIEM, SOC, EDR, MDR, or XDR. We'll help you find the right solution at the right price. Find out more at CyberLynx.com.]
And now back to our show. Rao, for those who aren't familiar, can you tell us about DigiTran?
Rao: Yes. DigiTran — short for Digital Transformation — specializes in helping financial services organizations, with a strong focus on the insurance sector, move from legacy and core systems to modern digital architectures. More recently we've been doing a lot of work on AI: how it can help insurance carriers, agents, and the broader value chain. We provide expertise, advisory services, and support to insurtechs as well as carriers — really helping identify where the pain points are in the insurance industry, where the opportunities lie for insurtechs to excel, and how to better serve carriers, agents, and policyholders alike.
Matthew: I love it. You've spent a lot of time in the insurance industry, and you're in a transition phase now, coming from your CIO role at Slide. Walk us through some of the really compelling use cases for AI in insurance.
Rao: There are many. The first that comes to mind is claims handling. Insurance, from a policyholder's perspective, is fundamentally a promise to pay — when the need arises, the policyholder expects the insurer to be there. The speed and quality of claims handling is critically important.
AI is excellent at streamlining straightforward claims. In workers' comp, for example, you might have a simple medical claim — a minor injury, no lost work time. That's what I call a slam dunk: AI can handle it quickly and accurately. But then you have complex claims — someone seriously injured in a factory accident, going through surgery, hospitalization, and physical therapy. That requires a human in the loop because empathy and nuanced judgment matter. The same applies across lines of business. A simple auto claim? AI handles it. A catastrophic hurricane loss? That still needs a human touch.
So claims is one major area where AI can significantly improve efficiency and the policyholder experience. But the right model is AI handling the high-volume, straightforward cases while humans stay involved in the complex and sensitive ones.
Matthew: That's interesting because there's been a lot of fear that AI is going to eliminate jobs. But I was just reading how IBM laid off around 8,000 employees a few years ago due to AI efficiencies — and has since hired more than that number back because the business grew. Are you seeing a similar dynamic in insurance?
Rao: Absolutely. AI isn't replacing people — it's changing the skill set required. People need to understand what AI can do, and one of the most important emerging skills is prompt engineering. Most people are doing casual prompting — putting a question into ChatGPT and getting an answer. But what I'm talking about is a more structured framework for prompting that improves accuracy and output quality significantly.
This past summer I organized what I called a "promptathon" for college students — like a hackathon, but focused on prompting. We spent about half an hour teaching prompt engineering frameworks, then divided students into groups and gave them insurance case studies to work through. They had a couple of hours to develop solutions and present their results. It was fantastic. The students felt they learned something genuinely valuable and practical.
So the jobs aren't disappearing — the skill sets are evolving. Think about bank tellers who kept manual ledgers decades ago. That role was replaced by technology, but it created entirely new roles — people working at computers processing loan applications and managing digital transactions. We go through this evolution regularly, every decade or so. What's different now is the scale and speed. I wouldn't call this an evolution — I'd call it a revolution. This is going to be bigger than anything we've seen before.
Matthew: I couldn't agree more. And from a security standpoint, the most exciting thing for me is AI applied to cybersecurity. Darktrace is a great example — they've been using AI for over 13 years, well before it was a household term. The idea of AI-powered email security just makes perfect sense: an email comes in, AI evaluates it, and it either passes or it doesn't. Traditional rule-based filtering is a game of whack-a-mole — the bad guys just keep getting better at beating the rules. AI doesn't work that way. And because the attackers are now using AI to craft their attacks, you have to fight fire with fire. The end user will never be able to out-think an AI-powered attack. So you have to have AI defending the end user as well.
Rao: 100%. I'm actually familiar with Darktrace — I was a client over ten years ago, before AI became what it is today. I was very impressed then, and I can only imagine how much it's improved since. You're right: cyber criminals are becoming increasingly AI-savvy. I recall a period around late May or early June when there were several significant cyber attacks on insurance companies, many based in Pennsylvania. I know some of those CIOs personally. Having your systems down for a week or two is devastating to the bottom line.
And what's striking is that many of those attacks come from relatively small groups — sometimes four or five people — and the majority involve social engineering. Threat actors pretend to be someone within the organization — a CEO, a CIO — and convince a regular employee to reset a password or take some other action. That's the weak link. So yes, you need AI tools, but education is equally critical. I make cybersecurity training mandatory for every new employee, and I require everyone in the organization to go through mandatory security assessments every quarter or six months. It has to be a combination — tools alone won't do it.
Matthew: And the MGM hack is such a perfect illustration of that layered challenge. MGM spends a fortune on security — physical and cyber — and they were still breached through social engineering. The attackers monitored LinkedIn, saw that a new IT admin had just been hired, immediately called the help desk pretending to be that person, said they'd forgotten their password, and had it reset over the phone. Before the actual admin even got set up, the attackers were in. The procedure should have been: we don't know you, we're going to call you back on the number we have on file. You can't spoof a callback to a known number. So you need policies and procedures layered on top of the tools and training, and then AI watching the network and flagging anomalous behavior. It's a deeply layered approach.
Rao: Completely agree. And to add to that — I've heard of cases where threat actors actually built relationships with employees at cell phone carrier stores, got someone's number ported to a device they controlled, and suddenly all the password reset texts and authentication codes were going to them. You can think you've covered every base and still find a gap. That's why the mindset has to include not just prevention, but recovery. Just like disaster recovery planning for earthquakes or hurricanes, you need to drill for cyber incidents: if this happens, what's our response? How fast can we recover? What's the timeline we can commit to the board? It's difficult to give a specific number without running drills, but if you do them regularly, you at least have a defensible estimate.
Matthew: Exactly. And getting the board and senior leadership involved in that process — tabletop exercises, incident simulations — is paramount. Ransomware has done the security world a strange service in that regard: it made cybersecurity everybody's problem. You can no longer treat it as just an IT issue. Every part of the organization has to be involved.
Rao: 100%. Engagement from the top to the bottom is the key. It has to be an organizational mission to protect the company from cyber threats — not just an IT checkbox.
Matthew: And speaking of checkboxes — compliance is a big deal in your world. But you can be compliant and not safe, and safe but not technically compliant. The two don't automatically go hand in hand. What's your take?
Rao: You said it well. The mindset has to be safety-first. But in regulated industries like insurance and banking, you also have to satisfy the regulators — compliance isn't optional. So it's not either/or. In some cases it may even make sense to have two separate people or teams: one focused on safety and operational security, one focused on governance and compliance. In highly regulated industries like financial services or pharmaceuticals, both disciplines need to be present and active. Safety should always be the foundational mindset, and compliance is layered on top depending on the regulatory environment you operate in.
What you're touching on is that people can check every compliance box and still not be truly safe — because the focus becomes the box rather than the intent behind it. That's the danger of compliance-as-culture rather than safety-as-culture.
Matthew: So how do you get organizations to shift to a safety mindset? How do you get leadership buy-in when IT is seen as a cost center?
Rao: This is something very close to me. IT is almost universally viewed as a cost center. I want to share a story from about 15 years ago at an insurance and technology conference. A CEO from a Wisconsin insurance company — very experienced, close to 70 — was presenting on the CIO role from a CEO's perspective. He used a football analogy. The offense is premium and marketing — revenue generation. The defense is claims. Special teams are loss prevention, accounting, billing. And then he said technology is the equipment guys — the people making sure the helmets fit and the shoes are there. I fell off my chair.
After that session, I was walking through the airport and saw a shop with NFL merchandise. There was a cap that said "NFL Equipment." I bought it and kept it in my office to remind myself: I never want to be the equipment guy. That moment changed how I approached the CIO role.
From that point on, I made it a priority to meet regularly with C-level executives — not just when I needed budget, because that only reinforces the cost center perception. You have to bring positive news. When your infrastructure upgrade prevents an outage, communicate that: "We invested in upgrading the network. Because of that investment, we prevented an outage today that would have cost us X in lost revenue." That's not bragging — that's awareness. Leadership needs to understand the value technology brings, not just the line items it costs.
You have to translate technical and security initiatives into business language. What did this initiative do for revenue? What did it do for operational efficiency? How did it reduce risk? CIOs need to stop speaking purely in tech terms and start speaking the language of the business they're in. The goal is to not stand out as a pure technologist at the executive table, but to be seen as a business leader who happens to lead the technology function. That shift in perception doesn't happen on its own — you have to own it and drive it.
Matthew: Couldn't agree more. Perfectly said, Rao. This has been an absolute blast. Before we go, can you tell everyone where they can find out more about you and about DigiTran?
Rao: Yes. My website is digitran.ai. And you can find me on LinkedIn — I'm close to 10,000 followers there and very responsive to messages. Search Rao Tadepalli. I'm passionate about leadership — specifically helping technology professionals move up in their careers by combining technical expertise with business acumen. And lately I've been very focused on AI in insurance and on what I call "Nth Generation Programming" — a concept I've trademarked — which reflects the idea that we are now programming in natural language, potentially representing the end of traditional programming languages as we know them. That's what I mean when I say revolution rather than evolution. Feel free to reach out.
Matthew: Fantastic. Rao, until next time — thank you so much!
Rao: Thank you, Matthew. Really appreciate it. That was great.