In this episode, David speaks to Aman Raheja, Chief Information Security Officer at Humana. During the episode, they discuss what life and leadership is like for a CISO at a Fortune 500 healthcare company, the necessity of risk management and having a risk appetite statement, and what lies ahead for the future of cybersecurity.
Topics discussed:
- A day in the life of a modern CISO at a Fortune 500 healthcare company, and the biggest challenges of moving from a hands-on role to an executive leadership role, including understanding business strategy, communicating a vision, and trusting his team.
- What a risk appetite statement is and why it's crucial that all companies have one to measure their risk and articulate their metrics, trade-offs, and compromises.
- What most CISOs get wrong, including prioritization, focusing too much on technology and not enough on capability, and having a disconnect between where the company is going and where the security team is going.
- What makes an effective cyber risk management program, and how to measure its effectiveness through KPIs, thresholds, and pressure testing.
- How a CISO interacts with their board, how a board should give oversight and guidance to cybersecurity, and the benefits of board members with backgrounds in technology.
- The future of cybersecurity, including the reevaluation of cloud and the increase of automation.
- Why building a high-performing team involves having an engineering mindset to creatively solve problems.
Resources Mention:
- LinkedIn: https://www.linkedin.com/in/rahejaaman/