For Trudeau, it’s about being able to translate risk into business goals.
Stay close to business. “If you don’t understand how your company creates value, you can’t protect it effectively,” Khalfan said. “Security leaders need to speak the language of growth, customer trust, and operational resilience, not just technical vulnerability.”
Trudeau agrees, saying security leaders must align their work directly with business outcomes. “If safety is seen as an alternative to growth, you will always be reacting instead of shaping decisions.”
Become an employee. “The best CISOs help the business move faster and safer, not slower,” Khalfan said. “Your job is not to create tension everywhere; it’s to create tension where the stakes are highest and remove it where trust can be increased through better design.”
Get involved early. “Pre-security is involved in product development and AI development, where you have to be more powerful to influence outcomes without slowing down teams,” Trudeau noted.
Khalfan echoes that, saying that data security, ownership, and visibility are the foundations on which reliable AI systems are built. Business and Internet groups must work together to ensure those results are achieved, he says.
“Whether it’s protecting against AI-enabled threats, protecting AI infrastructure, or assessing the risk and reward of AI innovation, security must be involved early, not after deployment,” he adds.
Always stay compliant. Khalfan says PayPal’s security organization is constantly monitoring and updating its governance and requirements based on evolving regulatory frameworks.
Solve business problems. This is a surefire way to meet today’s Internet challenges and raise your profile as a CISO. “When security becomes a driver of trust, speed, and competitive advantage, your seat at the table becomes permanent,” Khalfan said.
For example, Khalfan drove company-wide bot protection programs, a collaborative, multi-team effort that improved fraud prevention. It has greatly reduced the volume of fraudulent traffic at the top of the process, leading to higher customer engagement, he says.
Speak the speech. If you want to understand how to protect AI, you need to use AI, Khalfan stresses. “Security leaders cannot govern what they do not understand. Operational experience builds credibility and makes better decisions,” he said.
This often requires investing fluidly beyond security to understand how AI systems work, how your company builds products, and what leadership cares about, Trudeau said.
Build credibility through consistency. “As the scope of the role expands, especially with AI, leaders are looking for clear, actionable guidance, not risk models,” Trudeau said.
There is no ‘I’ in the group
A core part of meeting today’s challenges and elevating your CISO role requires security leaders to bring your teammates along. They will always be your greatest resource, says Hensley.
“My military experience is part of my DNA and has shaped every aspect of my life, especially the way I think about partner development, building highly collaborative teams, and prioritizing the most important things,” he said.
Most things in life will come and go, but your impact on others will affect generations, adds Hensley. They carry your values forward from culture, ethics, and values.
“My legacy will be the colleagues I worked with in my work,” he said. “I encourage security leaders to focus on the impact you can make on your team every day – it will ultimately raise your profile and leave a lasting mark.”
