In this episode, David speaks to Aman Raheja, Chief Information Security Officer at Humana. During the episode, they discuss what life and leadership is like for a CISO at a Fortune 500 healthcare company, the necessity of risk management and having a risk appetite statement, and what lies ahead for the future of cybersecurity. Topics discussed: A day in the life of a modern CISO at a Fortune 500 healthcare company, and the biggest challenges of moving from a hands-on role to an executive leadership role, including understanding business strategy, communicating a vision, and trusting his team. What a risk appetite statement is and why it's crucial that all companies have one to measure their risk and articulate their metrics, trade-offs, and compromises. What most CISOs get wrong, including prioritization, focusing too much on technology and not enough on capability, and having a disconnect between where the company is going and where the security team is going. What makes an effective cyber risk management program, and how to measure its effectiveness through KPIs, thresholds, and pressure testing. How a CISO interacts with their board, how a board should give oversight and guidance to cybersecurity, and the benefits of board members with backgrounds in technology. The future of cybersecurity, including the reevaluation of cloud and the increase of automation. Why building a high-performing team involves having an engineering mindset to creatively solve problems. Resources Mention:  LinkedIn: https://www.linkedin.com/in/rahejaaman/