CISO Series Podcast We Gave the CISO Risk and Liability, and Now They Want Authority. The Nerve.
11 snips
Feb 17, 2026 Tammy Klotz, CISO at Trinseo and author focused on empathetic leadership in cybersecurity. She tackles the accountability vs authority gap, reframes CISOs as risk advisors working with business and legal, and debunks hacklore while pushing employee empowerment. They also compare real-world attack scenarios and explore voice-cloning threats to helpdesks.
AI Snips
Chapters
Books
Transcript
Episode notes
Donated Fish After Tank Leak
- David Spark recounts discovering a top-third fish tank leak and donating his fish to a local aquarium.
- He used the experience to compare impractical fixes with pragmatic compromises in risk decisions.
Accountability Without Authority
- CISOs are often held accountable for business risk without equivalent authority to make decisions.
- Steve Zalewski warns signing documents creates explicit named executive accountability and demands understanding tradeoffs.
Be A Risk Advisor, Not Sole Owner
- Act as a risk advisor, not sole risk owner, and partner with business owners to assign accountability.
- Involve legal and risk teams when defining acceptable security levels tied to business tolerance and insurance requirements.
