Which technologies are you most cautious about from a CISO’s point of view, and why?: Meg Anderson: I’m cautious of “solutions” that don’t solve a strategic problem. CISOs only have so much budget and mindshare. You need to understand where a tool fits in your investment and strategic roadmap. There were times when my team was able to explore new technology and times when we needed to stay focused on planned initiatives.But it’s important not to be too rigidly fixed on your plan because things change. When experimenting with emerging technology, I always used an intentional approach with clear goals of what we hoped to learn and how we would measure success.Most CISOs are understandably cautious about emerging technologies that are rushed to market before they’re truly enterprise-grade. When employees see that “everyone else” is adopting the new, cool tech, they want to do so as well. But finding the right guardrails that allow for experimentation and fast adoption can be tricky. What’s your assessment of the pace of tech innovation right now, and what is your advice for companies to keep up?: Meg Anderson: The speed of innovation is both thrilling and exhausting. But instead of chasing every paradigm shift, be intentional. Build a strategy that lets you absorb innovation on your terms, tied to business goals. Most companies simply can’t afford to be on the bleeding edge across every domain. And that’s okay.What’s critical is having visibility into what’s coming, so you don’t build something that could be bought off the shelf tomorrow.One underused strategy is deepening your relationships with existing vendors. I always encouraged my teams to ask vendors the hard questions: What’s on the horizon? How are they integrating AI? Are they investing in interoperability, or locking you into a silo? And just as importantly: Are your contracts structured to allow agility? Can you pivot quickly if a vendor rolls out a game-changing feature or product?A close vendor relationship requires trust. But if you choose vendors wisely, you’ll be able to adopt new capabilities without procurement and integration headaches. What are your predictions for the workforce over the next 5-10 years? Are you worried AI will cut out the entry-level rung for workers?: Meg Anderson: This is a critical issue, especially for those of us who’ve spent our careers building cybersecurity teams. I care deeply about the talent pipeline.It’s true that foundational tasks like log analysis and ticket triage are being automated. But I don’t believe AI will eliminate junior talent; it just means the bar is shifting. Entry-level workers will need to bring more critical thinking and adaptability. They’ll be expected to work alongside AI, not beneath it.This isn’t the first time we’ve seen such a shift. When I started as a developer before 2008, automation was reshaping how we coded, tested, and deployed. The programmers hired a decade later had a completely different toolkit and mindset.So it’s important to hire for today’s job descriptions as well as tomorrow’s skills. Build mentorship programs, rotate junior staff, and expose them to strategic thinking early. The tools may change, but in cybersecurity, human judgment and ethical reasoning will always be irreplaceable. How has the role of the CISO evolved during your career, and where do you think it’s headed regarding leadership and business influence?: Meg Anderson: The biggest change has been the expansion of the CISO from a niche technology leader to a leader engaging across the enterprise.Early in my career, my focus was more on building out the technology platforms within our team. But as information security became a board-level concern, our team shifted to an enterprise-wide security strategy grounded in business outcomes. It wasn’t just about protecting systems; it was about protecting the commitments the company made to customers, investors, and other stakeholders. This shift benefited from the growing pressure on executive management to ensure that cyber risk had the proper oversight.Accountability for security became clearer once cyber performance showed up in C-suite goals, metrics, and annual incentives. This gave the CISO more influence. Conversations about weak software development, phishing threats, and vendor due diligence hit harder when framed in terms of budgets, bonuses, and brand reputation rather than just technical risk.As the role evolves, the CISO needs to remain front and center in risk management discussions. There’s an opportunity for more consideration of cyber risk outside of the information security team, just like a lot of financial risk is managed outside of the finance team. What are your plans in retirement to continue advising companies on staying innovative and strengthening cybersecurity? : Meg Anderson: I’m currently advising a few companies”, not through formal engagements, but by mentoring cybersecurity leaders. It’s been incredibly rewarding to help them navigate career decisions and leadership challenges. It’s less about telling them what to do and more about helping them think through the “why” and “how.”One thing retirement experts don’t always prepare you for is the persistence of your expertise. It doesn’t vanish the day you leave the office. If anything, it becomes more distilled. But figuring out what to do with that knowledge”, whether to share it, monetize it, or simply let it evolve”, is a deeply personal decision.A big lesson I’m trying to embrace is: don’t say yes to anything in the first six months of retirement. That’s been harder than I expected, and I’m trying to embrace the pause. But whatever I do next, it will be intentional, meaningful, and aligned with the kind of impact I want to have.Learn from the Leaders Shaping CybersecurityMeg Anderson is just one of the security visionaries being honored at the CSO Hall of Fame. Join us at the CSO Conference & Awards to hear directly from top CISOs, explore strategic security insights, and gain actionable guidance for your organization. Register now to secure your spot.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4045504/2025-cso-hall-of-fame-meg-anderson-on-ai-strategic-security-investments-and-life-after-infosec.html
