CISO Series Podcast Time to Choose a Security Vendor: Dart Board or Spin the Wheel?
Sep 30, 2025
Pavi Ramamurthy, the Global CISO and CIO at Blackhawk Network, brings a wealth of experience in security leadership. In this conversation, he discusses the challenges of communicating security risks to business leaders and how to manage rapid AI integrations while safeguarding data. They also tackle the pressures CISOs face from executives demanding perfection, the burnout factors leading many to leave their roles, and practical methods for evaluating security vendors amidst rising complexity.
AI Snips
Chapters
Transcript
Episode notes
Promise Readiness Not Perfection
- You cannot promise 100% safety; instead promise readiness and clear response plans.
- Pavi Ramamurthy recommends framing security as 'we are prepared' rather than 'we are safe'.
Prioritize High-Risk AI Integrations
- Find and prioritize the AI integrations that pose real leakage risk instead of trying to govern every tool.
- Use awareness training and targeted controls for the integrations that can access secrets, send outbound messages, or take actions.
Block Sensitive Uploads To LLMs
- Control AI data flows by focusing on inputs and outputs using DLP and endpoint controls.
- Block uploads of sensitive files to unapproved LLMs and monitor agent access to critical stores.