Securing the Modern Enterprise:

Insights for Today's Security Leaders

Leaders of successful security organizations recognize that security is a collective pursuit. While the CEO may be the proverbial captain guiding the ship to its desired destination, the CSO is the navigator responsible for helping the organization avoid dangerous waters and weather storms when necessary. Here, CISOs, CSOs and others in security leadership share their experience as navigators who have helped their companies manage risk, protect vital data, and securely onboard new technologies in the pursuit of digital transformation.

Securing Generative AI: What Matters Now
IBM recently partnered with Oxford Economics to survey 200 executives regarding their generative AI initiatives and enablement. The study revealed a concerning trend of executives prioritizing innovation over security (70%), despite also stating that secure and trustworthy AI is essential to business success (82%). Read the report to learn what it takes to implement generative AI data security.
Read the report 

CISOs speak on security leadership

If cybersecurity leadership is a learned skill, then what better way to learn than from your peers? See what security leaders from various industries and regions have to say about the challenges they’ve faced, the lessons they’ve learned, and the opportunities they see for the future of security.

CISO or CSO? Which Role Defines Today’s Security Leaders Best?
A conversation with Darren Kane, CSO of NBN Co. Australia
Watch now 
Looking to the Future of Security
A conversation with Aman Sirohi, CISO of
Watch now 
A CISO and Air Force Veteran’s Perspective on Defending Data
A conversation with Mike Wagner, CISO of Kenvue
Watch now 
The Evolution of Security Leadership in the C-Suite
A conversation with Chris Rothe, Co-Founder and CTO of Red Canary
Watch now 
How Trellix is Staying at the Forefront of Security
A conversation with Martin Holste, CTO for Cloud at Trellix
Watch now 

Conversations with security leaders

In his meetings with customers, Clarke Rodgers, Director of AWS Enterprise Strategy frequently gets asked the question, “How does AWS handle [insert security topic here].” In this video series, we’re lifting the veil on AWS security culture to show you how we handle security at scale and how you can replicate some of our learnings in your own enterprise.

Join Clarke as he interviews security leaders across the AWS organization and beyond, discussing everything from establishing a security department, to mitigating security risks, to achieving regulatory compliance, and building security culture into everything we do. Catch our latest episodes below or click here to browse the full series.


As you get large and scale and complexities increase, you need to continue to make security the simplest way of doing things. By making them simple, people will naturally go towards them. If you make things hard, people will go away from them."

CJ Moses, AWS Chief Information Security Officer and Vice President of Security Engineering

Hear more from CJ Moses
AWS Chief Information Security Officer and Vice President of Security Engineering

Find your community with AWS CISO Circles

Elements of Amazon's Day 1 Culture

CISOs and CSOs come together in locations all around the world to discuss the biggest security topics of the moment with their peers in our CISO Circle communities. With NDAs in place and Chatham House Rule in effect, security leaders can feel free to speak their minds, ask questions, and get feedback from peers through candid conversations facilitated by AWS Security leaders. Reach out to your AWS account manager to find a CISO Circle community event near you.

Two-minute security trainings

At AWS Security, we talk with CISOs daily, covering everything from common challenges they’re facing to their security aspirations for the future. We often hear a lot of the same questions around security culture, compliance, and threat mitigation. Start your conversation off right by watching these two-minute training videos on our most-requested topics. And catch our full Cloud for CISOs training series on YouTube.

How Do I Build a Culture of Security?
Empower a security mindset throughout your workforce.
Watch now 
How Can I Mitigate Ransomware?
Identify how to mitigate ransomware.
Watch now 
How Do I Build My Compliance Program on Top of AWS?
Understand the cloud value proposition from the security perspective.
Watch now 

Podcasts for security leaders

Security never sleeps, that’s why we’ve prepared a robust catalogue of audio content to inform and entertain security leaders on the move. Browse our featured security episodes below or find us on Spotify, Amazon Music, or Apple Music.

 Scaling Security Operations in the Age of AI
Scaling Security Operations in the Age of AI
Generative AI is introducing new benefits and risks across nearly every area of business — and security operations is no exception. In this interview with Tom Avant, Director of AWS Security Operations, we'll discuss how the introduction of generative AI to security operations may transform the way we manage risk, monitor access, and detect future threats.

 Listen now

Building a Diverse and Empowered Security Organization
Building a Diverse and Empowered Security Organization
Join us today for a conversation with Danielle Ruderman, creator of the AWS CISO Circles program and advocate for diverse hiring in security. Tune in to learn why community is so important and what security leaders can do to attract and develop diverse talent.

 Listen now

 Identifying and Fixing the Internet’s Security Flaws
Identifying and Fixing the Internet’s Security Flaws
As an early influencer in the evolution of the Internet, Paul knows a lot about the Internet's inner workings, including its vulnerabilities. Join us as our experts discuss how AWS is working to address these security flaws and make the Internet a safer place to communicate.

 Listen now

Refine your search:

  • Publication Date
  • Alphabetical (A-Z)
  • Alphabetical (Z-A)
  • Recently Added
 We could not find any results that match your search. Please try a different search.

Take the next step


Generative AI on AWS

Dive deeper into how our customers are using generative AI, and the tools AWS offers.


Stay Connected

AWS Executive Insights is a digital destination for business and technology leaders where we share information.


Data-Driven Insights

Learn how to drive growth and implement change that scales your organization.


Listen and Learn

Listen to executive leaders and AWS Enterprise Strategists, all former C-Suite, discuss their digital transformation journeys.

Frequently Asked Questions

Q. How does AWS define security leadership?

Security leadership embodies the proactive stewardship of an organization's safety and integrity. It signifies a commitment to safeguarding sensitive data and the trust and confidence of customers, partners, and stakeholders. Put simply, a security leader is responsible for creating and implementing robust security measures that mitigate risks, protect against immediate threats, and anticipate the evolving security needs of the business. And at AWS, every employee is a security leader, trained to prioritize security in every aspect of work, protect and use data responsibly, and report any perceived security threats or vulnerabilities to the business.

Security leadership is not merely a reactive posture but a strategic necessity—one that involves staying ahead of emerging threats, complying with regulatory requirements, and nurturing a culture of security awareness among employees. Effective security leadership fosters an environment where innovation can thrive securely, enabling adoption of technologies like generative AI and machine learning.

Overall, the concept of security leadership goes beyond just guarding against breaches; it entails shaping a resilient, forward-thinking organization that can navigate the complex and evolving landscape of cybersecurity while also embracing opportunities for growth and innovation.

Q. What is a business leader's role in security and cybersecurity?

Just as data security is fundamental to business success, a leader's commitment to cybersecurity is essential. Business leaders of every level, from the Board of Directors to the CEO, must champion a culture of security within their organizations. This entails instilling awareness and best practices among employees, emphasizing the importance of data protection and cybersecurity best practices.

Beyond fostering a security-conscious workforce, leaders are responsible for crafting and implementing robust cybersecurity strategies. They must allocate resources, invest in state-of-the-art technologies, and remain informed about emerging threats. Compliance with industry-specific regulations is also part of their purview, as non-compliance can lead to severe financial and reputational consequences.

Ensuring proactive risk management is another responsibility for business leaders. They must anticipate and mitigate potential threats, ensuring the organization is resilient in the face of evolving cyber challenges. Leaders should also encourage innovation in security practices, embracing technologies like generative AI to remain vigilant against emerging threats.

Q. Why should cybersecurity maturity be a strategic imperative for every organization?

Having a modern security practice is pivotal in safeguarding the organization's data and reputation—its most precious resources. Data breaches not only put sensitive information at risk but also damage the confidence of customers, partners, and stakeholders, potentially resulting in severe financial setbacks and harm to the organization's overall image and standing.

Furthermore, regulatory compliance is a non-negotiable aspect of modern business. Security leaders ensure the organization adheres to industry-specific regulations, avoiding crippling fines and legal repercussions that could disrupt operations and create a devastating domino effect.

Apart from mitigating risks, cybersecurity maturity is the foundation for an atmosphere of trust and assurance throughout the organization. As data remains secure, businesses can boldly venture into advanced technologies, propelling innovation and securing a competitive advantage.

In summary, having a modern and mature cybersecurity program is essential to protect assets, ensure compliance, and enable innovation. Every organization should ensure security leaders have a seat at the table when planning strategic business objectives. Only when security dependencies and innovations are prioritized can the business ensure sustained success in an environment filled with constant threats and evolving challenges.