How is the CISO Role Changing

 Punit 00:00

AI is here. Privacy is here. Emerging technologies is here. Security challenges are here. An in all this, how is the CISO role changing? What does trust mean for a CISO? What role does CISO play in creating a trust or creating digital trust? Are there any overlap with privacy function? How do CISO and DPO interact? Is it formal? Is it informal?  How is this role changing in view of the emerging technologies and what can organizations do to create digital tasks? All these are interesting questions. And we are going to talk to Aman Tara who's the CISO and who's based in the United States, and he's going to enlighten us with his views. So let's go and talk to him. 

FIT4Privacy Introduction  00:52
Hello and welcome to the Fit4Privacy Podcast with Punit Bhatia. This is the podcast for those who care about their privacy. Here, your host, Punit Bhatia has conversations with industry leaders about their perspectives, ideas, and opinions relating to privacy, data protection, and related matters. Be aware that the views and opinions expressed in this podcast are not legal advice. Let us get started. 

Punit 01:21
So here we are with Aman. Aman, welcome to Fit4Privacy Podcast. 

Aman 01:26
Thank you Mr. Bhatia, for this invite. Really appreciate it. 

Punit 01:29  
So, let's start with a basic question. In the today's world, it's all digital and it sometimes is challenging for people to understand who's behind this digital app or website, and then trust becomes a issue. How would you define this concept of digital trust? 

Aman 01:46  
Well Punit for me if you ask how would I define digital trust in my role and in my understanding it's to ensure that. It's a small phrase, but it encompasses a multitude of factors. And when we talk about digital trust, we're talking about the organization's digital assets such as IT systems, data integrity, cybersecurity measures, digital transactions, and how these gel together and build up a customer trust and how they are in compliant with the relevant laws. Across the board, whether it's United States, where I am or the European Union where you are so that's how I would take Digital Trust to be. 

Punit 02:30  
That's very well said. And in a role that you are in, like you mentioned in your role, so the role of a CISO, what role or what actions do you take to create digital trust in a CISO role? 

Aman 02:41  
Punit the CISOs role has intensified a lot these days. It's become much more complex. Back in the days when I say maybe a few couple of years ago before COVID, I went by the principle that, you know as a CISO one should be, looking at things from a bad actor hacker's perspective, that's what the intent used to be. Now fast forward to 3 years I think, and I keep telling my peers, my team and in various conferences that now we have to start thinking a step ahead of what the bad actors are, the hackers things, because things have been, technology's moving at a very fast pace. And with the advent of AI gen AI, which will begin, will subsequently cover I'm sure the role has become very complex. The CISO has in its role in its form has to lead the cybersecurity team of the organization. A lot depends on him. A lot is a lot of responsibility is on his, on his shoulders. And again, in the banking world, per se, as I said, once the right tone is set up for the right kind of policies, procedures, which are in line with the best business practices and then you have a team that is, that hold your hand and a board and executive committee that listens to you. Provides you all the tools that are necessary to make sure trust, customer trust is maintained and all the digital assets within the organization are safe and secure. So, these are some high-level factors that one considers. 

Punit 04:14  
For sure. And you mentioned that the CISO role also has a compliance aspect to it that is making sure the security measures are in compliance, and that also gets into an overlap with privacy function because privacy also we talk about making sure that the personal data, of course, we focus on personal data and you focus on all data remains secure. And you talked about confidentiality, integrity, and availability. So how do you manage this overlap in a CISO role with the privacy function? 

Aman 04:44  
You, yourself, being a privacy veteran Punit, you would definitely, agree to the fact that data trust is closely tied to data privacy. Now, one of the important roles of the CISO when we try to connect the dots together with privacy is to ensure that all the policies, procedures, processes, everything is, that compromises data that we talk about. It’s the sole purpose is to ensure that it compliance, it complies with the compliance or the regulatory, rules laws, whether it's GDPR, CCA. Here in US, the California Consumer Protection Act, or whether it's the highly sought of DORA or NIS 2 provisions that are applicable now in European Union since January, more in letter and spirit. So, this CISO helps establish policies and technical controls for handling sensitive data. And he has to make sure these the sensitivity of the data, the sanity of the data is maintained across the board, whether it's US, European Union any part of the world. 

Punit 05:44  
No, that does make sense. And how does it happen on the ground? Do you have a regular meeting with privacy? Counterpart or is it you meet in the governance meetings or on need basis? How does it work out practically? 

Aman 05:58  
So we do have regular scheduled meetings on our calendar. And as the technology landscape Punit keeps changing, so frequently. When we have our frequent meeting, which are scheduled on a monthly basis there are a lot of areas to be covered. The new threats emerging the new, issues related to any cloud storage, any new regulations being implemented across any part of the globe. And that's when we have stakeholders from various lines of businesses representing and sharing their pulse of wisdom. And those mandated meetings, which I said have happen on a monthly basis, more or less, do have reps from compliance and privacy who participate. Other than that, the most organizations who follow best practices I'm just taking a little tangent here. Whenever a new vendor or a third party has to be onboarded privacy folks within the company play a major role. If there's an assessment that needs to be done, privacy, compliance, they get together to ensure, where the data is coming from, the moment of data from point A to point B, whether it's trespassing into the European Union, whether it's trespassing into the California state where are the customers sitting, where is the churning of all the data happening? So, all those geographical locations, the regulations, laws applicable, play an important role right from, when a vendor is onboarded and then is made a business partner. 

Punit 07:22  
Okay. That's interesting. And you mentioned a couple of times that the artificial intelligence is here, emerging technologies are here, and there's more uncertainty, new technologies coming in. Is there an impact on the role of CISO? How is it impacting or how is it changing? These technologies.

Aman 07:41  
As I said it's a rapidly evolving landscape and AI is here, it's gonna stay here for a long time, but, AI is still a horse or an animal, which still needs to be tamed. It's not yet tamed. And I keep quoting an example when I was born before calculator was invented, I'm not that old. But then when calculator came, people didn't stop, doing mental calculations or doing calculations with a paper and pen that was just there to assist. And make it easier for those who wanted it. That's a readily available tool. So that's how I look at AI in, in this present scenario. It's a tool available. It's up to you if you want to use it, make it more efficient, make your work more efficient less time consuming. But again, as I said it's a fast evolving technology that's happening. A lot of ifs and buts related to this technology. So we as technology folks as custodians of data have to keep pace with the technology. And AI is an area where we are heavily investing our time, money to understand so that in the years to come, we are able to come up to the expectations of the purpose of a being, AI being implemented in this world. 

Punit 08:55  
Yeah, you said it well, and the fact of the matter is you and me will be aware of the risks that such a usage of tool from AI or any other tool can create. But then there are people who are having good intentions to simplify their role or simplify their work and attempted to use some random tool, experiment with it. Let's download it. Let's try to do a minutes, let's try to make actions. Let's let it analyze my emails and give me what did I miss? And they have good intentions, no doubt about it. But what they end up doing is sometimes using a tool which is not safe and create a risk not only for themselves, but the entire organization. How do you handle a scenario like this because it's typical for a CISO or a DPO to face that situation. It's not structurally organized. It's somebody having good intentions doing it out of ignorance. 

Aman 09:51  
Absolutely, very nice question appreciate it Punit. Traditionally the role of an CISO was to maintain the sanity around traditional IT resources, IT assets. Now, apart from doing this job his role has doubled. He has also has to make sure and keep in touch our emerge as a winner because of the threats that are emerging because of the influence of AI. As you brought out AI, if AI is in the hand of bad actors it, it might have negative impact into the whole system. Companies might collapse, economies might collapse, there would be chaos everywhere. So, it's a twin Edge weapon for IT folks are technology folks here. One, maintaining the traditional IT assets, and then keeping pace with the bad actors out there so that any vulnerabilities that they're trying to exploit are any emerging threats that they have access to, which can be further exploited through AI. As good people, we are able to surpass that threat and come out clean with flying colors. 

Punit 10:46  
For sure. And while we want to come out of these threats and keep things safe, so what are some of the measures? We all, so not just CISO, DPO, CRO everybody in the management or even in the organization as a normal staff take to make sure that we remain safe and our clients can trust us on a continuous basis. 

Aman 11:09  
Yes again, a very nice heavy loaded question. So, the way I look at it in the present situation, Punit, is embracing AI as a tool is for improving security operations for ensuring privacy compliance, taking charge of various regulatory laws being up to, speed in compliance. And the summary is, embracing AI tools to make sure that the digital assets are secure if the digital assets are secured by using our embracing AI technology. I think our purpose is achieved in a long way. So there, there might be some examples where CISO is ensuring that AI algorithms used for customer interactions are transparent, explainable, free of biases to make, maintain trust. These are some areas which, you know we hear a lot I remember a few months back when you and me were attending a conference in Ireland, a lot of focus was being displayed during presentations on the biases that AI may come up with. I remember, even your presentation in Ireland, Dublin, where you try to educate the audience. That how important security awareness trainings are. And I like to, take a segue from there. The employees play an important role in any organization for sure, but the employees are also the weakest link in this whole chain. So that's where our, one of our major responsibilities comes to provide that awareness. We have access at our level have access to the best tools, the best technology. We attend conferences read journals, but then how does that knowledge tickle down from top to bottom? That's only possible through, security awareness trainings, mandated trainings. I would say. That have to be implemented here in USA, they're getting more and more strict because of the human factor whether it's deliberate or in deliberate human factor, which might result in a big error, which might, you know, collapse network systems. So a big emphasis is being time, money, resources are being spent on security awareness trainings to the employee. And they are going a step forward by, in fact sending out proxy phishing emails to employee to check whether they're aware. Are they checking, clicking on the wrong link, or are they reporting that, hey, this a span, this a phishing email, things like that. I hope if this kind of security awareness goes more forward and all companies start adopting it, I think we, the world, would be a better place. 

Punit 13:31  
Absolutely. I think the only way we can protect and safeguard interest is through knowledge and awareness. And emphasizing the risks, emphasizing the safeguards company or people can take, and companies, end of the day people. So, it's every member, every staff member has to take the steps. Now, recently you wrote a book and published it. Can you tell us something about it and where is it available? What is it about? I see the copy behind also. 

Aman 13:59  
Yeah. This was in fact very recently. A little more than a month ago Punit I launched, officially launched this book here in Texas, USA and that's where I published this book through Amazon. It's readily available on Amazon. And this was more of a journey of mine. I'm an ex-military major and I moved from India to the United States probably 15, 16 years ago. And it becomes a little difficult when you come from a place like India where it's a different culture. The style of living is different. The work ethics are different, and you come to earn your livelihood in a country like United States where the culture is entirely different, very fast forward lifestyle very mechanical life and so much of opportunity. That's how they call America the land of opportunities. So, I just tried to cover my journey from the Indian Army, getting into the corporate world how I established myself face the challenges here in USA and succeeded eventually. So, this is a book for all those who have their roots in India are fond of challenges resilience striving hard and then succeeding. 

Punit 15:01 
That's very nice. And you also, when we met in Ireland, Dublin, you mentioned that you have something called a show on the radio or something. What is it? 

Aman 15:11  
I do a show every Tuesday. It was more centered around, it's been now 14 -15 years. I've been doing this live show every Tuesday earlier. It was more centered around life political debates or, matters that interest the common man. It can be cybersecurity laws it can be new regulations politically related entertainment related. So that I did that for about 7-8 years before COVID happened. And then I think during the time period when COVID was happening people had a lot of time. Those debates started becoming too aggressive. And so me as a moderator had a tough time, trying to control those debates because everyone was very, getting personal with the political situation happening all over the globe because of COVID. And then I said, I need to take a break and then, for about 8 years, I did these live talk shows. And then I'm now more into entertaining people on the area of playing music, what they want to listen to. It's a live Colin Shona, so you're in Belgium, and if you tune into my radio show, radio Caravan 104.9 FM through your app to the app. And you can just call in and I'll take your request and any favorite song, I'll be playing it for you and giving a shout out. 

Punit 16:17  
Thank you so much. And now based on this conversation, if somebody wants to have a chat about maybe the radio show, maybe the book or maybe something else, and what's the best way to reach out or connect with you? 

Aman 16:30 
 Yeah, I'm available on I have my profile on LinkedIn by my name Aman Tara. And there, there are very few Aman Tara and if you just search for me there on LinkedIn, I'll be more than happy to connect with you and we can pursue this forward.  

Punit 16:44  
That's wonderful. It was a pleasure, Aman to have this conversation with you and very insightful. Let's stay connected. 

Aman 16:52  
Thank you. Pleasure was mine. Thank you so much. 

About FIT4Privacy 35:34 
Thanks for listening. If you liked the show, feel free to share it with a friend and write a review if you have already done so. Thank you so much. And if you did not like the show, don't bother and forget about it. Take care and stay safe. Fit4Privacy helps you to create a culture of privacy and manage risks by creating, defining and implementing a privacy strategy that includes delivering scenario based training for your staff. We also help those who are looking to get certified in CIPPE, CIPM and CIPT through on demand courses that help you prepare and practice for certification exam. If you want to know more, visit www.fit4privacy.com. If you have questions or suggestions, drop an email at hello@fit4privacy.com. 

The role of the CISO is no longer limited to managing traditional IT security — it now demands staying ahead of fast-moving threats like AI, bridging privacy and security compliance, and fostering trust across the entire organization. In today’s complex digital world, building that trust requires collaboration, constant vigilance, and empowering every employee to play a part in cybersecurity.

By embracing emerging technologies thoughtfully and prioritizing awareness, organizations can not only protect their assets but also strengthen their reputation and resilience. The evolving CISO role is challenging, but as Aman’s experience shows, it’s also an opportunity to lead with vision in a rapidly changing landscape.

Punit Bhatia is one of the leading privacy experts who works independently and has worked with professionals in over 30 countries. Punit works with business and privacy leaders to create an organization culture with high AI & privacy awareness and compliance as a business priority by creating and implementing a AI & privacy strategy and policy.

Punit is the author of books “Be Ready for GDPR” which was rated as the best GDPR Book, “AI & Privacy – How to Find Balance”, “Intro To GDPR”, and “Be an Effective DPO”. Punit is a global speaker who has spoken at over 50 global events. Punit is the creator and host of the FIT4PRIVACY Podcast. This podcast has been featured amongst top GDPR and privacy podcasts.

As a person, Punit is an avid thinker and believes in thinking, believing, and acting in line with one’s value to have joy in life. He has developed the philosophy named ‘ABC for joy of life’ which passionately shares. Punit is based out of Belgium, the heart of Europe.

For more information, please click here.