Events , Leadership & Executive Communication , RSA Conference

What Executive Liability Means for a CISO

Varied Cybersecurity Executives Share Prevention and Protection Advice
Solomon Adote, CSO, state of Delaware; Rick Doten, vice president and CISO, Healthcare Enterprises and International, Centene Corp.; Aravind Swaminathan, global co-chair, cybersecurity and data privacy, Orrick, Herrington & Sutcliffe LLP; Rocco Grillo, managing director, global cyber risk services and incident response investigations, Alvarez & Marsal; and Ankur Ahuja, global vice president and CISO, Fareportal Inc.

Executive liability, where decision-makers face personal liability for making professional decisions, is a topic trending yet again as former Uber CSO Joe Sullivan was recently sentenced to probation and a fine for his role in covering up a data breach that affected tens of millions of Uber account holders.

See Also: NHS Ransomware Attack: Healthcare Industry Infrastructures Are Critical

It's crucial for executives to understand their role, build a relationship with the board and maintain clear and constant communication, said Rick Doten, CISO of Healthcare Enterprises and International subsidiaries at Centene Corp.

"Technical people don't make business decisions. As long as you know that, you defer up to the CEO or the board that this is a business decision, and it's not my decision," he said.

In this video of a panel discussion sponsored by CyberEdBoard and recorded at RSA Conference 2023 - Doten; Solomon Adote, chief security officer for the state of Delaware; Aravind Swaminathan, global co-chair for cybersecurity and data privacy at Orrick, Herrington & Sutcliffe; Rocco Grillo, managing director of global cyber risk services and incident response investigations at Alvarez & Marsal; and Ankur Ahuja, global vice president and CISO at Fareportal Inc. - also discuss:

  • Juggling compliance with blocking and tackling cyberthreats;
  • Interpretation of regulations that apply to distinct situations;
  • How executives can protect themselves and their organizations from liability.

Doten is vice president of information security at Centene Corp., CISO for Centene's Healthcare Enterprise and international subsidiaries and CISO of Carolina Complete Health Medicaid health plan. With more than 25 years of experience, he has led several ethical hacking, incident response and forensics, and risk management teams.

Adote leads an information security program charged with protecting the Delaware state network, systems, applications and data. He has more than 20 years of experience in IT with a focus on cybersecurity. He designs information security programs and oversees the deployment of some of the industry's leading technologies.

As a strategic cybersecurity adviser, Swaminathan advises clients on cybersecurity strategy to plan for crises, improve resiliency, protect their business and defend against litigation and enforcement.

Grillo leads multidisciplinary teams who provide cyber risk and incident response services to clients globally. He and his teams work with the FBI, the U.S. Secret Service and other government agencies in combatting cyber crimes. His expertise in commercial sector challenges helped influence the development of the NIST Cybersecurity Framework.

Ahuja is responsible for securing all Fareportal digital brands, including and He has more than 15 years of experience in cybersecurity consulting and industry leadership and is a security board adviser to Payworld and ZebPay.

CyberEdBoard is ISMG's premier members-only community of senior-most executives and thought leaders in the fields of security, risk, privacy and IT. CyberEdBoard provides executives with a powerful, peer-driven collaborative ecosystem, private meetings and a library of resources to address complex challenges shared by thousands of CISOs and senior security leaders located in 65 different countries worldwide.

Join the Community -

Apply for membership

About the Author

Information Security Media Group

Information Security Media Group (ISMG) is the world's largest media company devoted to information security and risk management. Each of its 37 media sites provides relevant education, research and news that is specifically tailored to key vertical sectors including banking, healthcare and the public sector; geographies from North America to Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud. Its yearly global summit series connects senior security professionals with industry thought leaders to find actionable solutions for pressing cybersecurity challenges.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.