Leading Security and Managing Risk with Humana's CISO Aman Raheja

In this episode, David speaks to Aman Raheja, Chief Information Security Officer & Head of IT Operations at Humana. During the episode, they discuss what life and leadership is like for a CISO at a Fortune 500 healthcare company, the necessity of risk management and having a risk appetite statement, and what lies ahead for the future of cybersecurity.

Topics discussed:

• A day in the life of a modern CISO at a Fortune 500 healthcare company, and the biggest challenges of moving from a hands-on role to an executive leadership role, including understanding business strategy, communicating a vision, and trusting his team.
• What a risk appetite statement is and why it's crucial that all companies have one to measure their risk and articulate their metrics, trade-offs, and compromises.
• What most CISOs get wrong, including prioritization, focusing too much on technology and not enough on capability, and having a disconnect between where the company is going and where the security team is going.
• What makes an effective cyber risk management program, and how to measure its effectiveness through KPIs, thresholds, and pressure testing.
• How a CISO interacts with their board, how a board should give oversight and guidance to cybersecurity, and the benefits of board members with backgrounds in technology.
• The future of cybersecurity, including the reevaluation of cloud and the increase of automation.
• Why building a high-performing team involves having an engineering mindset to creatively solve problems.

‍