{"id":14677,"date":"2025-08-25T16:02:20","date_gmt":"2025-08-25T16:02:20","guid":{"rendered":"https:\/\/newestek.com\/?p=14677"},"modified":"2025-08-25T16:02:20","modified_gmt":"2025-08-25T16:02:20","slug":"2025-cso-hall-of-fame-meg-anderson-on-ai-strategic-security-investments-and-life-after-infosec","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=14677","title":{"rendered":"2025 CSO Hall of Fame: Meg Anderson on AI, strategic security investments, and life after InfoSec"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

Meg Anderson has spent nearly two decades leading enterprise cybersecurity, most recently as vice president and chief information security officer at Principal Financial Group. There, she helped shape cyber strategy and advised the board on digital risk.<\/p>\n

With her experience in the C-suite trenches, Anderson is widely respected for her insights on cyber resilience and digital transformation. She\u2019s also known for her commitment to mentoring the next generation of security leaders.<\/p>\n

In the conversation below, Anderson\u2014one of the 12 CSO Hall of Fame inductees<\/a> at this year\u2019s CSO Conference & Awards<\/a>\u2014shares her take on the technologies shaping cybersecurity, how the CISO role is changing, and why talent development is more important than ever.<\/p>\n

<\/a>What emerging security technologies are you most excited about, and why?\u00a0<\/h2>\n

Meg Anderson<\/strong>: As a retired CISO in financial services, I\u2019ve seen the threat landscape evolve from rudimentary malware to nation-state actors and sophisticated ransomware-as-a-service operations.<\/p>\n

These days, I\u2019m most excited about AI as a force multiplier that can surface threats in real time, automate workflows, and anticipate attacker behavior. It\u2019s encouraging that both major security vendors and scrappy start-ups are investing heavily in AI. I\u2019m hopeful that the focus on AI will improve detection accuracy and response speed. But as we all know, AI is also being weaponized by adversaries, and we\u2019ll need equally sophisticated defenses to counter that.<\/p>\n

I\u2019m also watching data protection and identity and access management, which continue to evolve rapidly with zero trust, behavioral biometrics, and adaptive controls. I\u2019m particularly interested in how AI can enhance these areas.<\/p>\n

Deepfake detection is critical as well, particularly in financial services, where trust is everything. It\u2019s very concerning that malicious actors can convincingly impersonate a customer, executive, or employee. So I\u2019m watching closely as new tools come out to verify authenticity in voice and video.<\/p>\n

I am excited but cautiously optimistic. The tools are getting smarter, but so are the adversaries.<\/p>\n

<\/a>Which technologies are you most cautious about from a CISO\u2019s point of view, and why?<\/h2>\n


Meg Anderson<\/strong>: I\u2019m cautious of \u201csolutions\u201d that don\u2019t solve a strategic problem. CISOs only have so much budget and mindshare. You need to understand where a tool fits in your investment and strategic roadmap. There were times when my team was able to explore new technology and times when we needed to stay focused on planned initiatives.<\/p>\n

But it\u2019s important not to be too rigidly fixed on your plan because things change. When experimenting with emerging technology, I always used an intentional approach with clear goals of what we hoped to learn and how we would measure success.<\/p>\n

Most CISOs are understandably cautious about emerging technologies that are rushed to market before they\u2019re truly enterprise-grade. When employees see that \u201ceveryone else\u201d is adopting the new, cool tech, they want to do so as well. But finding the right guardrails that allow for experimentation and fast adoption can be tricky.<\/p>\n

<\/a>What\u2019s your assessment of the pace of tech innovation right now, and what is your advice for companies to keep up?<\/h2>\n


Meg Anderson<\/strong>: The speed of innovation is both thrilling and exhausting. But instead of chasing every paradigm shift, be intentional. Build a strategy that lets you absorb innovation on your terms, tied to business goals. Most companies simply can\u2019t afford to be on the bleeding edge across every domain. And that\u2019s okay.<\/p>\n

What\u2019s critical is having visibility into what\u2019s coming, so you don\u2019t build something that could be bought off the shelf tomorrow.<\/p>\n

One underused strategy is deepening your relationships with existing vendors. I always encouraged my teams to ask vendors the hard questions: What\u2019s on the horizon? How are they integrating AI? Are they investing in interoperability, or locking you into a silo? And just as importantly: Are your contracts structured to allow agility? Can you pivot quickly if a vendor rolls out a game-changing feature or product?<\/p>\n

A close vendor relationship requires trust. But if you choose vendors wisely, you\u2019ll be able to adopt new capabilities without procurement and integration headaches.<\/p>\n

<\/a>What are your predictions for the workforce over the next 5-10 years? Are you worried AI will cut out the entry-level rung for workers?<\/h2>\n


Meg Anderson<\/strong>: This is a critical issue, especially for those of us who\u2019ve spent our careers building cybersecurity teams. I care deeply about the talent pipeline.<\/p>\n

It\u2019s true that foundational tasks like log analysis and ticket triage are being automated. But I don\u2019t believe AI will eliminate junior talent; it just means the bar is shifting. Entry-level workers will need to bring more critical thinking and adaptability. They\u2019ll be expected to work alongside AI, not beneath it.<\/p>\n

This isn\u2019t the first time we\u2019ve seen such a shift. When I started as a developer before 2008, automation was reshaping how we coded, tested, and deployed. The programmers hired a decade later had a completely different toolkit and mindset.<\/p>\n

So it\u2019s important to hire for today\u2019s job descriptions as well as<\/em> tomorrow\u2019s skills. Build mentorship programs, rotate junior staff, and expose them to strategic thinking early. The tools may change, but in cybersecurity, human judgment and ethical reasoning will always be irreplaceable.<\/p>\n

<\/a>How has the role of the CISO evolved during your career, and where do you think it\u2019s headed regarding leadership and business influence?<\/h2>\n

Meg Anderson<\/strong>: The biggest change has been the expansion of the CISO from a niche technology leader to a leader engaging across the enterprise.<\/p>\n

Early in my career, my focus was more on building out the technology platforms within our team. But as information security became a board-level concern, our team shifted to an enterprise-wide security strategy grounded in business outcomes. It wasn\u2019t just about protecting systems; it was about protecting the commitments the company made to customers, investors, and other stakeholders. This shift benefited from the growing pressure on executive management to ensure that cyber risk had the proper oversight.<\/p>\n

Accountability for security became clearer once cyber performance showed up in C-suite goals, metrics, and annual incentives. This gave the CISO more influence. Conversations about weak software development, phishing threats, and vendor due diligence hit harder when framed in terms of budgets, bonuses, and brand reputation rather than just technical risk.<\/p>\n

As the role evolves, the CISO needs to remain front and center in risk management discussions. There\u2019s an opportunity for more consideration of cyber risk outside of the information security team, just like a lot of financial risk is managed outside of the finance team.<\/p>\n

<\/a>What are your plans in retirement to continue advising companies on staying innovative and strengthening cybersecurity?\u00a0<\/h2>\n

Meg Anderson<\/strong>: I\u2019m currently advising a few companies\u2014not through formal engagements, but by mentoring cybersecurity leaders. It\u2019s been incredibly rewarding to help them navigate career decisions and leadership challenges. It\u2019s less about telling them what to do and more about helping them think through the \u201cwhy\u201d and \u201chow.\u201d<\/p>\n

One thing retirement experts don\u2019t always prepare you for is the persistence of your expertise. It doesn\u2019t vanish the day you leave the office. If anything, it becomes more distilled. But figuring out what to do with that knowledge\u2014whether to share it, monetize it, or simply let it evolve\u2014is a deeply personal decision.<\/p>\n

A big lesson I\u2019m trying to embrace is: don\u2019t say yes to anything in the first six months of retirement. That\u2019s been harder than I expected, and I\u2019m trying to embrace the pause. But whatever I do next, it will be intentional, meaningful, and aligned with the kind of impact I want to have.<\/p>\n

Learn from the Leaders Shaping Cybersecurity<\/strong>
Meg Anderson is just one of the security visionaries being honored at the CSO Hall of Fame. Join us at the CSO Conference & Awards to hear directly from top CISOs, explore strategic security insights, and gain actionable guidance for your organization. Register now to secure your spot.<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Meg Anderson has spent nearly two decades leading enterprise cybersecurity, most recently as vice president and chief information security officer at Principal Financial Group. There, she helped shape cyber strategy and advised the board on digital risk. With her experience in the C-suite trenches, Anderson is widely respected for her insights on cyber resilience and digital transformation. She\u2019s also known for her commitment to mentoring… <\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-14677","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14677","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14677"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14677\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14677"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14677"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14677"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}