Defense in Depth How Much Cyber Risk Should a CISO Own?
Dec 11, 2025
In this conversation, Erika Dean, former Chief Security Officer at Robinhood, dives into the complex responsibilities of CISOs. She discusses the critical gap between theory and the daily reality of risk management. Erika emphasizes the importance of asserting ownership over cyber risk and effectively communicating that to executives. She provides insights on the necessity of collaboration across departments to ensure security is a partnership rather than a policing action. They also explore how to engage boards with relevant metrics and elevate cybersecurity literacy.
AI Snips
Chapters
Transcript
Episode notes
CISOs Should Act Like Risk Owners
- CISOs must see themselves as owners of cybersecurity risk even when final authority sits with the CEO or board.
- Acting like an owner improves influence, decision-making, and program outcomes.
Make Clear, Business-Focused Security Calls
- Assert your role clearly and communicate the business impact of security decisions instead of issuing vague demands.
- Frame security as keeping the company out of trouble while enabling business objectives.
Own The Message And Be Visible
- Be visible across the company and own the messaging on cybersecurity in company-wide forums.
- Use communication and influence to get other teams to do the work security needs.