CISOs Weigh In On Worries About AI, Cybersecurity

The CISOs discussed a number of security issues, but AI dominated the conversation.

(CISO roundtable at Check Point Software Technologies CPX 2025 conference.)

A spirted roundtable featuring large-enterprise and midmarket CISOs took place last week at Check Point Software Technologies’ CPX 2025 event in Las Vegas.

Five CISOs discussed their plans and concerns around AI and security, as AI continues to disrupt organizations. They also spoke about their experiences with the regulatory landscape, risk management and other top concerns.

The CISOs included Cindi Carter, global CISO, Check Point; Pete Nicoletti, global CISO, Americas, Check Point; Michael Calderin, CISO, Yageo Group; Nelson Gonzalez, assistant innovation and technology director/CISO at City of Coral Gables in Miami; and Russ Trainor, senior vice president of information technology at the Denver Broncos.

Here are some highlights from their discussion:

Their Take On AI

Yageo Group’s Calderin

We have [a] wide regulatory landscape that we have to adhere to ... both from the perspective of what it is—we sell electronic components that end up inside all of the products that we use, as well as from the technology landscape in general. AI is a big game-changer throughout the industry. And so the question is, how do we take advantage of it but also keep up with it? It’s a double-edged sword of sorts, and so we’re forced to think about how we can make our team more effective at the same time that we are understanding the technologies and helping the business grow.

Check Point’s Carter

First and foremost, ChatGPT, generative AI, maybe something like artificial intelligence as what it really is, very accessible to everyone, every day, all the time, and people didn’t really know what to do with it, but it was just kind of cool, right? You could take something in and get a response and it became very much a sort of as much of a household name as it was a business name like almost overnight and all of a sudden security leaders, whether it’s a CISO, a CIO and anyone in the organization leading technology initiatives are now faced with the question, how are we going to leverage this in our organizations? And we’re barely catching up. What just dropped into our lap? I always think in terms of [when] a new emerging technology comes about. Let’s think about cloud from what 10,12, years ago, we still haven’t gotten that right. People jumped on the cloud without really identifying what problem are we solving with this new technology? So, let’s go back to the business requirements. What do we need to improve with what we can leverage AI ... is there maybe some customer satisfaction issues as far as our help desk response time? Maybe a chatbot so that people can self-serve the Q&A, would that help us with it? Absolutely. Well, then let’s figure out a way to be able to build the environment so that we can be successful with leveraging chat and artificial intelligence in that capacity.

I also feel that as security leaders, again, with this new, emerging technology ... that all of a sudden, we’re expected to be new experts on it. And that’s why I said I do a lot of research in my role as well because there are different perspectives about what AI is, or whichever AI can mean to be used depending on what your situation is. I like to think in terms of, again, what problem are we trying to solve? Do we have what it takes in our organization for AI to be successful? Do we have the right infrastructure?

Check Point’s Nicoletti

Employees are using AI. And most companies, the vast majority of companies, have no idea what their employees are doing with AI. [At Check Point] we absolutely know what people are doing with AI. We put them in the right place that we have licensed agreements with. You know, we’ve all seen what’s happened to Samsung and other companies have had huge data leakage problems, and it was totally unanticipated, the rise of generative AI and access to it by ... employees.

Assessing Risk Management

City of Coral Gables Miami’s Gonzalez

You have to have a very comprehensive risk management approach. And as economic managers or security managers, we have a fully comprehensive technology and security asset management and life-cycle management program ... and contingencies ... beginning with governance and leading to technology.

And we do have cyber insurance policies that cyber insurance is only to be used to cover the cost of enabling this continuous work ... not to address the same attack, but obviously, assuming that the ... intrusion was successful, there will be a cost to report, and we have established processes and procedures with our insurance agencies.

The Ability To Secure Venues

Denver Broncos’ Trainor

I have a stadium ... that’s a terrorist thing there. We work with [the] FBI. So we work with those folks, ... [there] are practice runs in the venue, right? You’ve got to make sure that that is all kind of secure. That one keeps me up at night. Because I have some people in there on game day ... there’s a lot of unknowns that go on on game day. We need to make sure that our network is secured, wired and wireless. ... On game day, cybersecurity is at the top of my radar.