CISO Series Podcast If We Can't Do Better, at Least Do It Faster
12 snips
Feb 24, 2026 Vikas Mahajan, VP and CISO at the American Red Cross, brings experience leading enterprise security and incident resiliency. He and the hosts debate the limits of vendor questionnaires, whether to build or buy a SOC, AI governance tradeoffs, and practical shift-left tactics. Short, focused conversations on translating threats into business context and embedding security into developer tools.
AI Snips
Chapters
Transcript
Episode notes
Prioritize Vendor Resiliency Over Perfect SLAs
- Focus vendor conversations on resiliency and incident recovery, not perfect patching SLAs.
- Vikas Mahajan recommends inviting critical suppliers into tabletop exercises to co-develop survival plans for disruptions.
Security Gains Are Often Invisible
- Security has improved but become more hidden and complex; visible theater coexists with real behind-the-scenes protections.
- Vikas compares visible screening like TSA to unseen behavior analytics and identity signals that actually improve security.
Don't Idealize The Old Days In Security
- Don't romanticize the past; modern tooling and defaults (automatic updates, encrypted transports) make systems far more secure than decades ago.
- Andy Ellis contrasts 1999-era plaintext admin commands and Telnet to today's automatic iPhone and browser updates.