Jill Knesek, CISO, BlackLine
BlackLineEchoing Oleksak, Knesek says she feels strongly about utilizing traditional security and having the right controls in place. Getting foundational security right will get you a long way, she says.’Then, as you learn about more sophisticated attacks “¦ we’ll have to pivot our tooling and capabilities to those risks.” For now, “the most important thing for us is just to stay aligned with where the business is driving us very quickly [and] make sure today [security] is doing what it needs to do from a foundational standpoint,” she says.
Questioning the output: As organizations rethink their approach to security, Oleksak advises CISOs to not get “dazzled by the hype,” and remember that AI is not a strategy but a tool. “Treat it like any other technology investment,” he says. “Start with your risk priorities, then decide where AI can realistically help.”That means remembering AI magnifies strengths and weaknesses. “If your asset inventory is incomplete, if your IAM controls are loose, or if your patching cadence is poor, AI will not fix those problems; it will accelerate the mess,” Oleksak says.It’s also important to take a cautious approach to deployment. He advises piloting AI tools in narrow use cases, such as for alert triage, log analysis, and phishing detection, and measuring outcomes. “Focus on augmenting human judgment, not replacing it,” he says.Security teams will also build trust through transparency. “Train your teams to question AI output and educate your executives and employees on both the benefits and risks,” Oleksak says. “The CISO’s job is not just to deploy AI tools, but to ensure the organization understands how they fit into the bigger security picture.”
Building coalitions: AI should be used where it helps reduce risk, improve speed, or strengthen resilience, says DeFiore. “Build partnerships early, especially with legal, data, and operations teams,” she says. “Invest in education across the organization and stay grounded in ethics. AI decisions have real-world consequences, so organizations should use AI with care and consider potential accountability implications related to how it’s used.”While AI is a powerful tool, DeFiore says it’s people who make it meaningful. “At United, safety is our foundation. AI helps us deliver on that promise with more precision and agility, but it’s the human judgment behind it that drives trust, impact and long-term value,” she says.AI is not something to be feared, but its singular impact on security must be respected, says Oleksak.Lander emphasizes the need to recognize that AI isn’t just a new tool but also “a new domain that requires careful governance, thoughtful integration, strategic thinking, and continuous learning. By embedding security from day one, engaging cross-functional stakeholders, anticipating unique AI risks, and investing in people and adaptive frameworks, CISOs can guide their organizations to responsibly and confidently harness AI’s potential.” He recommends that CISOs should plan and prepare for the AI era by building coalitions, ensuring AI is not managed as a silo, but as a shared responsibility. “The next few years will require an open mind and a view that AI is like a new member of the team who makes everyone better,” Lander says. “The CISO of the future is not just securing systems, they’re securing AI-enabled business success.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4066733/cisos-rethink-the-security-organization-for-the-ai-era.html
