Future of Threat Intelligence

Transcend's Aimee Cardwell on Turning Security into a Growth Driver

Listen Later

Most security leaders position themselves as guardians against risk, but Aimee Cardwell, CISO in Residence at Transcend and Board Member at WEX, built her reputation on a different approach: balancing risk to accelerate business growth. Her unconventional path from Fortune 5 CIO to CISO of a 1,200-person security team at UnitedHealth Group showcases how technical leaders can become true business partners rather than obstacles.

Managing two company acquisitions every month, Aimee tells David how she developed a shifted-left security integration process that actually accelerated deal timelines while improving security outcomes. Her framework for risk appetite conversations moves executives beyond fear, uncertainty and doubt into productive discussions about cyber resilience, changing how organizations think about security investment and business enablement.

 

Topics discussed:

  • How healthcare data regulations create complex compliance frameworks where companies must selectively forget customer information based on overlapping regulatory requirements.
  • The transferable advantages CIOs bring to CISO roles, particularly in software development lifecycle security and communicating complex technical concepts to non-technical stakeholders.
  • Shifting security strategy from risk prevention to intelligent risk balancing, enabling business growth while maintaining appropriate protection levels.
  • Managing large-scale acquisition security integration through pre-closing requirements that accelerate post-acquisition security improvements.
  • Establishing organizational risk appetite through worst-case scenario planning that moves leadership past emotional responses into rational decision-making frameworks.
  • Developing cyber resilience strategies that assume incident occurrence and focus on recovery speed and impact minimization rather than just prevention.
  • Scaling security controls based on business growth milestones, avoiding upfront overinvestment while ensuring appropriate protection as companies expand.
  • Building consensus-driven risk acceptance frameworks while managing competing perspectives from multiple C-level executives and board members.

    • Key Takeaways: 

    • Implement pre-closing security requirements for acquisitions, shifting security integration 45 days before deal completion to accelerate post-acquisition timelines.
    • Frame risk conversations around worst-case scenario analysis, using real examples and stock performance data to move executives past emotional responses and build resiliency.
    • Develop tiered security controls that scale with business growth, implementing basic protections early and adding complexity as revenue and user bases expand.
    • Position regulatory compliance as a competitive advantage and trust-building mechanism rather than a business constraint.
    • Create "how do we get to yes" frameworks that start with business objectives and work backward to appropriate risk mitigation strategies.
    • Use customer trust metrics and retention data to demonstrate security's direct contribution to business growth and competitive positioning.
    • Leverage software development lifecycle experience to integrate security into engineering processes rather than treating it as an external validation step.

      • Listen to more episodes: 

      Apple 

      Spotify 

      YouTube

      Website

      ...more
      View all episodesView all episodes
      Download on the App Store
      Future of Threat IntelligenceBy Team Cymru
      • 4.5
      • 4.5
      • 4.5
      • 4.5
      • 4.5

      4.5

      11 ratings

      More shows like Future of Threat Intelligence

      View all
      Global News Podcast by BBC World Service

      Global News Podcast

      7,709 Listeners

      WSJ What’s News by The Wall Street Journal

      WSJ What’s News

      4,353 Listeners

      WSJ Tech News Briefing by The Wall Street Journal

      WSJ Tech News Briefing

      1,637 Listeners

      SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

      SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

      638 Listeners

      CyberWire Daily by N2K Networks

      CyberWire Daily

      1,022 Listeners

      The Daily by The New York Times

      The Daily

      112,342 Listeners

      Click Here by Recorded Future News

      Click Here

      415 Listeners

      Darknet Diaries by Jack Rhysider

      Darknet Diaries

      8,010 Listeners

      Talkin' About [Infosec] News, Powered by Black Hills Information Security by Black Hills Information Security

      Talkin' About [Infosec] News, Powered by Black Hills Information Security

      94 Listeners

      True Spies: Espionage | Investigation | Crime | Murder | Detective | Politics by SPYSCAPE

      True Spies: Espionage | Investigation | Crime | Murder | Detective | Politics

      1,960 Listeners

      Cyber Security Headlines by CISO Series

      Cyber Security Headlines

      134 Listeners

      Security Matters by CyberArk

      Security Matters

      22 Listeners

      Bloomberg Tech by Bloomberg

      Bloomberg Tech

      60 Listeners

      Microsoft Threat Intelligence Podcast by Microsoft

      Microsoft Threat Intelligence Podcast

      22 Listeners

      Better Offline by Cool Zone Media and iHeartPodcasts

      Better Offline

      548 Listeners