Security leadership
Insights and strategies to secure the modern enterprise
Navigating the threat landscape
Effective security leaders recognize that security is a collective pursuit. While the CEO may be the proverbial captain guiding the ship to its destination, the CSO is the navigator responsible for helping the organization avoid dangerous waters and weather storms when necessary. Here, CISOs, CSOs and other security owners share their experience as navigators who have helped their companies manage risk, protect vital data, and securely onboard new technologies in the pursuit of digital transformation.
AI Agents: The New Frontier of Enterprise Security
Explore the future of enterprise security with Abnormal AI's CIO Mike Britton, as he reveals how next-generation security operations are evolving to combat machine-speed threats. As both a security leader and AI innovator, Britton shares his advice for implementing effective agentic AI governance while maintaining operational agility.
AWS security conversations
Security is in our DNA: A Conversation with AWS CEO Matt Garman
In this Executive Insights podcast, Clarke Rodgers, Office of the CISO, interviews Matt Garman, CEO of AWS, exploring the company’s deeply rooted security culture. Garman, who was also AWS’s first product manager, discusses how security has been "priority zero" since the company's inception. From upholding cloud security best practices to navigating AI security challenges, Garman discusses how AWS embeds security into every aspect of its operations.
Right-Sizing Security Across Amazon Businesses
Security leadership requires a holistic approach across physical and digital domains — and Amazon's diverse business portfolio presents unique challenges and opportunities in both realms. In this interview with Steve Schmidt, Amazon's Chief Security Officer, we'll explore how Amazon implements security across AWS, amazon.com, Whole Foods, Prime Video, Kuiper and more. Join the conversation as Clarke Rodgers, Office of the CISO, asks Steve about how Amazon standardizes security across businesses, leverages generative AI to improve application security, and enables comprehensive threat intelligence through tools like MadPot.
Invisible Security: Achieving a Seamlessly Secure User Experience
Ever wonder how AWS protects the data of millions of customers while staying ahead of evolving security threats? Get a peek behind the curtain as former AWS CISO Chris Betz discusses threat intelligence tools and cloud security at scale. In this candid conversation, Clarke Rodgers, Office of the CISO, AWS sits down with Betz to discuss AWS's philosophy of "invisible security" - protecting customers seamlessly without disrupting their operations. Learn how AWS leverages tools like MadPot, Sonaris, and GuardDuty to detect emerging threats and enhance security operations. Betz also shares valuable insights on board communication, talent development, and building versus buying security solutions at scale.
The DDoS Takedown: How AWS is Disrupting the Disruptors
Step inside AWS's cutting-edge approach to network protection with AWS VP and Distinguished Engineer Tom Scholl. In this eye-opening conversation, discover how threat detection tools like MadPot are helping AWS identify and disrupt DDoS-as-a-service providers who sell attack capabilities on the dark web. Scholl reveals how AWS's massive network scale provides unique insights into emerging threats, enabling proactive security measures and even the take down of criminal organizations like Anonymous Sudan. He also discusses AWS's approach to seamless security integration and the importance of implementing strong "front door" security measures to reinforce potential entry points in your network. This conversation is a must-watch for CISOs and security leaders looking to enhance their cloud security posture in 2025 and beyond.
Conversations with Security Leaders
Join Clarke Rodgers, Office of the CISO, as he interviews security leaders across the AWS organization and beyond, discussing everything from establishing a security department, to mitigating security risks, to achieving regulatory compliance, and building security culture into everything we do. Click here to browse the full series.
Securing Generative AI: What Matters Now
IBM and AWS recently partnered with Oxford Economics to survey 200 executives regarding their generative AI initiatives and enablement. The study revealed a concerning trend of executives prioritizing innovation over security (70%), despite also stating that secure and trustworthy AI is essential to business success (82%). Read the report to learn what it takes to implement generative AI data security.
Security foundations
No business can thrive without a strong security foundation. But what elements make some organizations more secure than others? Learn from executives why it’s essential to prioritize security culture, data strategy, and enabling innovation as key functions of your security organization.
Culture of security
Establishing security standards and educating your workforce on the importance of security is a crucial first step to reinforce your organization’s security posture. After all, many malicious actors still rely on basic phishing schemes. In this video, hear from Sara Duffer, Director of AWS Security Assurance and former Technical Advisor to the Amazon CEO about why security culture is so important and what role the CEO plays in building and reinforcing security standards.
Data management
As generative AI continues to reshape industries, organizations must adapt by cultivating a robust and secure plan for data storage and management. In this podcast, Clarke Rodgers, Office of the CISO, AWS joins guests from IBM Security to discuss the importance of data strategy for AI use cases.
Security by design
Discover how to mitigate vulnerabilities earlier in the development process through the principles of Secure by Design. AWS recently partnered with SANS Institute to explore how security by design helps organizations prioritize foundational security that meaningfully improves technical and business outcomes. Read the whitepaper to learn how you can get started on the path to building secure products with a multi-layered strategy.
Enabling innovation
In this interview with AWS CISO Chris Betz, learn how the role of the CISO is evolving. Where security organizations were often seen as blockers to innovation, AWS advocates for a security org that enables greater innovation through trusted security mechanisms.
CISOs speak on security leadership
Find your community with AWS CISO Circles
CISOs and CSOs come together in locations all around the world to discuss the biggest security topics of the moment with their peers in our CISO Circle communities. With NDAs in place and Chatham House Rule in effect, security leaders can feel free to speak their minds, ask questions, and get feedback from peers through candid conversations facilitated by AWS Security leaders.
Podcasts for security leaders
Security never sleeps, that’s why we’ve prepared a robust catalogue of audio content to inform and entertain security leaders on the move.
Two-minute security trainings
At AWS Security, we talk with CISOs daily, covering everything from common challenges they’re facing to their security aspirations for the future. We often hear a lot of the same questions around security culture, compliance, and threat mitigation. Start your conversation off right by watching these two-minute training videos on our most-requested topics. And catch our full Cloud for CISOs training series on YouTube.
Research and resources for security leaders
Refine your search:
Frequently Asked Questions
How does AWS define security leadership?
Security leadership embodies the proactive stewardship of an organization's safety and integrity. It signifies a commitment to safeguarding sensitive data and the trust and confidence of customers, partners, and stakeholders. Put simply, a security leader is responsible for creating and implementing robust security measures that mitigate risks, protect against immediate threats, and anticipate the evolving security needs of the business. And at AWS, every employee is a security leader, trained to prioritize security in every aspect of work, protect and use data responsibly, and report any perceived security threats or vulnerabilities to the business.
Security leadership is not merely a reactive posture but a strategic necessity—one that involves staying ahead of emerging threats, complying with regulatory requirements, and nurturing a culture of security awareness among employees. Effective security leadership fosters an environment where innovation can thrive securely, enabling adoption of technologies like generative AI and machine learning.
Overall, the concept of security leadership goes beyond just guarding against breaches; it entails shaping a resilient, forward-thinking organization that can navigate the complex and evolving landscape of cybersecurity while also embracing opportunities for growth and innovation.
What is a business leader's role in security and cybersecurity?
Just as data security is fundamental to business success, a leader's commitment to cybersecurity is essential. Business leaders of every level, from the Board of Directors to the CEO, must champion a culture of security within their organizations. This entails instilling awareness and best practices among employees, emphasizing the importance of data protection and cybersecurity best practices.
Beyond fostering a security-conscious workforce, leaders are responsible for crafting and implementing robust cybersecurity strategies. They must allocate resources, invest in state-of-the-art technologies, and remain informed about emerging threats. Compliance with industry-specific regulations is also part of their purview, as non-compliance can lead to severe financial and reputational consequences.
Ensuring proactive risk management is another responsibility for business leaders. They must anticipate and mitigate potential threats, ensuring the organization is resilient in the face of evolving cyber challenges. Leaders should also encourage innovation in security practices, embracing technologies like generative AI to remain vigilant against emerging threats.
Why should cybersecurity maturity be a strategic imperative for every organization?
Having a modern security practice is pivotal in safeguarding the organization's data and reputation—its most precious resources. Data breaches not only put sensitive information at risk but also damage the confidence of customers, partners, and stakeholders, potentially resulting in severe financial setbacks and harm to the organization's overall image and standing.
Furthermore, regulatory compliance is a non-negotiable aspect of modern business. Security leaders ensure the organization adheres to industry-specific regulations, avoiding crippling fines and legal repercussions that could disrupt operations and create a devastating domino effect.
Apart from mitigating risks, cybersecurity maturity is the foundation for an atmosphere of trust and assurance throughout the organization. As data remains secure, businesses can boldly venture into advanced technologies, propelling innovation and securing a competitive advantage.
In summary, having a modern and mature cybersecurity program is essential to protect assets, ensure compliance, and enable innovation. Every organization should ensure security leaders have a seat at the table when planning strategic business objectives. Only when security dependencies and innovations are prioritized can the business ensure sustained success in an environment filled with constant threats and evolving challenges.