“We’re hiring selectively for AI and machine learning expertise, but we’re also investing in our existing talent — training them to understand how AI works, how to validate models, and how to use these tools responsibly,” she says.
Feeling the pressure to work fast
Knesek remains concerned about AI’s unknowns, yet she says companies are pushing security teams to quickly build out new capabilities so they can say they have AI embedded in their products. Security and IT are “kind of the transportation team to lay the roads and guardrails so things don’t spin out of control,” she says. “We’re working at breakneck speed in some areas and the reality is, we don’t know exactly what the threats are. So, we’re trying to make sure that we’ve got the strongest rules in place.”
Jill Knesek, CISO, BlackLine
BlackLine
Echoing Oleksak, Knesek says she feels strongly about utilizing traditional security and having the right controls in place. Getting foundational security right will get you a long way, she says.
‘Then, as you learn about more sophisticated attacks … we’ll have to pivot our tooling and capabilities to those risks.” For now, “the most important thing for us is just to stay aligned with where the business is driving us very quickly [and] make sure today [security] is doing what it needs to do from a foundational standpoint,” she says.
Questioning the output
As organizations rethink their approach to security, Oleksak advises CISOs to not get “dazzled by the hype,” and remember that AI is not a strategy but a tool. “Treat it like any other technology investment,” he says. “Start with your risk priorities, then decide where AI can realistically help.”
That means remembering AI magnifies strengths and weaknesses. “If your asset inventory is incomplete, if your IAM controls are loose, or if your patching cadence is poor, AI will not fix those problems; it will accelerate the mess,” Oleksak says.
It’s also important to take a cautious approach to deployment. He advises piloting AI tools in narrow use cases — such as for alert triage, log analysis, and phishing detection — and measuring outcomes. “Focus on augmenting human judgment, not replacing it,” he says.
Security teams will also build trust through transparency. “Train your teams to question AI output and educate your executives and employees on both the benefits and risks,” Oleksak says. “The CISO’s job is not just to deploy AI tools, but to ensure the organization understands how they fit into the bigger security picture.”
Building coalitions
AI should be used where it helps reduce risk, improve speed, or strengthen resilience, says DeFiore. “Build partnerships early — especially with legal, data, and operations teams,” she says. “Invest in education across the organization and stay grounded in ethics. AI decisions have real-world consequences, so organizations should use AI with care and consider potential accountability implications related to how it’s used.”
While AI is a powerful tool, DeFiore says it’s people who make it meaningful. “At United, safety is our foundation. AI helps us deliver on that promise with more precision and agility — but it’s the human judgment behind it that drives trust, impact and long-term value,” she says.
AI is not something to be feared, but its singular impact on security must be respected, says Oleksak.
Lander emphasizes the need to recognize that AI isn’t just a new tool but also “a new domain that requires careful governance, thoughtful integration, strategic thinking, and continuous learning. By embedding security from day one, engaging cross-functional stakeholders, anticipating unique AI risks, and investing in people and adaptive frameworks, CISOs can guide their organizations to responsibly and confidently harness AI’s potential.” He recommends that CISOs should plan and prepare for the AI era by building coalitions, ensuring AI is not managed as a silo, but as a shared responsibility. “The next few years will require an open mind and a view that AI is like a new member of the team who makes everyone better,” Lander says. “The CISO of the future is not just securing systems, they’re securing AI-enabled business success.”
