Quantitative risk management promises to be the missing piece of the cybersecurity puzzle, allowing CISOs to better connect their work to tangible business outcomes. But is it moving the needle or just making it easier to push technical debt down the road?
This week’s episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is Hilik Kotler, svp, CISO and IT, Expedia Group. Watch this video clip, pulled from this episode, for “5 Considerations That Separate Great Vendors From Forgettable Ones.”
Got feedback? Join the conversation on LinkedIn.
Huge thanks to our sponsor, Vanta
Full Transcript
Intro
0:00.000
[Voiceover] What I love about cybersecurity, go!
[Hilik Kotler] What I love about cybersecurity is that it forces us to reinvent ourselves every few years. Very few professions demand that level of evolution. The threat landscape changes, technology shifts, business models transform, regulation evolves, and if we are doing the same job the same way two years later, we are already behind.
Cybersecurity doesn’t reward comfort, it rewards curiosity.
[Voiceover] It’s time to begin the CISO Series Podcast.
[David Spark] Welcome to the CISO Series Podcast. My name is David Spark, I am the producer of the CISO Series. And my co-host for this episode, one of your favorites. I said this to the other co-hosts, he did not like one of the favorites, he wanted to be the favorite, but I’m calling you one of the favorites because you are.
It is Andy Ellis, the principal over at Duha. Andy, say hello to the audience.
[Andy Ellis] [Foreign language 00:01:06].
[David Spark] So, every show, Andy tries to do a different language. I think you’ve done Hebrew before, have you not?
[Andy Ellis] I’ve done Hebrew before, but in honor of our guest who speaks Hebrew, I figured I would revert back and do Hebrew again.
[David Spark] That makes sense. All right. We’ll introduce him in a second, just hang tight. We’re available, by the way, audience, at CISOseries.com. If you do not spend every single day there at least four hours a day, you’re definitely not getting your appropriate daily dosage.
Our sponsor for today’s episode is Vanta, spectacular sponsor of the CISO Series. They’ve been that way for years. Automate compliance, manage risk, and accelerate trust with AI. That is Vanta. We’re going to be talking about that a little bit later in the show.
But first, Andy, we are just a few weeks away, and any of our listeners who are in Boston on April 30th, you and I are doing a live show at Aqueduct Technologies offices in Canton, Mass. We’ve done one live show in Boston before. We get to do another one.
And you’ve been at this venue before.
[Andy Ellis] I’ve been at this venue. It’s a fantastic venue. I might have to head down early and drop by Gillette Stadium because it’s literally like two towns away.
[David Spark] So, what can you do just hanging out at Gillette Stadium?
[Andy Ellis] Well, I can go have lunch. There’s a whole shopping mall, there’s Patriot Place there. You can go to the pro shop and get some things.
[David Spark] Mm-hmm.
[Andy Ellis] And I’ll have to check to see if anything else is happening on that day. I can usually find somebody to bother.
[David Spark] Well, I’m sure people enjoy getting bothered by you. Anyways, it’s a fun event, April 30th. You can just go to the Events page on CISOseries.com. You can find the registration button, go ahead and register. What it is, you show up at five o’clock.
We’re doing a live show at 5:30 after the show, which is just 45 minutes long. There’s networking, drinks, and food from our good friends over at Aqueduct Technologies. So, please, please come and join us. All right, let’s bring our guest on. Let me just say this has been a long time coming trying to get our guest on, [Laughter] and we also had technical difficulties beforehand.
So, we have gone through mountains to get this recording with this person, and we are thrilled we finally are able to do it. It is the SVP, CISO, and IT over at the Expedia Group, none other than Hilik Kotler. Hilik, thank you so much for joining us.
[Hilik Kotler] It’s a real pleasure. I’m a big fan of your podcast, and I was waiting a few years for the invite. So, thanks for reaching out eventually, David.
[David Spark] Wait a second. I sent the invite a long time ago. [Laughter] We’ve been working on this for a while.
[Andy Ellis] It’s one of those roads that’s really hard to travel, David, and maybe we should have consulted with somebody in the travel industry.
[David Spark] That’s what we should have done.
[Andy Ellis] Yeah.
Why has this topic suddenly become the center of attention?
4:00.114
[David Spark] Is quantitative risk management, or QRM, an ice cream solution? Something that solves your craving for hard numbers, but provides no real value? Now, that’s the take from a recent post from Dr. Sam Liles, interim CISO at Blue Cross Blue Shield Massachusetts, who argued that QRM is, “A gigantic self-serving con.” Whoa.
“Designed to make decision makers comfortable with acceptable ruin, rather than actually securing anything.” He argued QRM forces CISOs to abandon engineering rigor and become “Wall Street wannabes” because boards are too lazy to learn basic cybersecurity, yet the CMO and general counsel never have to dumb down their specialized language.
This inevitably leads to incremental fixes that push technical debt down the road. So, Andy, I will start with this. I know you have some passionate feelings about this. Is QRM really just about pushing paper? And if so, how do we connect security to things the business cares about?
And can you actually slap numbers on it?
[Andy Ellis] So, I love Sam’s comments. I think he went a little overboard on some of the things he said because I’ve been in boardrooms as the director, and yeah, the CMO and general counsel do actually also dumb down what they’re talking about. But QRM, I’m in complete agreement.
I think there’s a lot of folks who really don’t understand what good quantitative risk analysis is, which is really just being able to look at multiple different risks in a quick comparative fashion and say, “Hey, it’s not just my gut, but there’s some data here.”
The challenge is all the data is made up. Even the things we’re like, oh, the average cost of a breach, but that’s not your breach. This is like semi-actuarial data you’re using in weird ways. I’ve done lots of rants about this. Anybody who wants to grab a copy of the free eBook on howtociso.com about risk, I talk about QRM there.
The biggest challenge is I think it really is people who believe that if you just throw enough hard numbers at things, decisions will make themselves. And that’s really the hidden problem of QRM is not the process of analysis. It’s this belief that at the very end, you do not have to make decisions subjectively, that the algorithm will make choices for you, which is completely flawed and doesn’t match how any businesses operate.
[David Spark] All right. Hilik, we actually had this conversation just yesterday in a recording that we did, and actually, the argument wasn’t that it was BS that Sam believes, but that it was actually a gold standard that was difficult, if not impossible to achieve.
What are your thoughts?
[Hilik Kotler] So, I’m more or less aligned with Andy here. I come from a deeply technical background, and in today’s world, especially with AI, cloud, identity-centric risk, a CISO must understand technology at the same level as the CTO or product leaders.
That’s not negotiable. But here where I feel QRM becomes powerful, it’s not about replacing technical depth. It’s about aligning that depth to enterprise priorities. QRM forces the critical conversations that many organizations avoid. Let me give you an example.
What is our risk appetite? How much risk are we willing to accept to pursue a specific business objective? Because at the end of the day, every growth decision carry risk, and if leadership hasn’t explicitly defined acceptable risk tolerance, security ends up operating in a vacuum, setting guardrails based on its interpretation of what is secured, and it makes our job to be perceived as a technology and business partner even harder.
And here is even the deeper issue. Security has always struggled because it speaks in vulnerabilities, not in impact. The CMO talks revenue, Legal talks liability, Finance talks capital efficiency, and if we refuse to translate into those dimensions, we just isolate ourselves.
So, quantitative risk management, when done properly, helps create shared language. It allows the board and executive team to say where we are comfortable with this level of exposure, where we are not comfortable with that one. Is this initiative worth the risk?
That one isn’t. And once that alignment exists, security can design controls proportionally. Without that clarity, security defaults might be at maximum caution, and that can create friction, in reality hurts. In reality, will hurt the business. So, I don’t see QRM as a paper pushing.
I see it as a good tool to connect engineering discipline to business intent.
[David Spark] All right, Andy, do you want to have a final word on that?
[Andy Ellis] I think I agree with the second half of where Hilik went, which is without the right conversations, security is trying to make risk choices that don’t match the business. I’ve never seen QRM force that right conversation, but that conversation has to happen.
I’ve found that you’re talking about unacceptable losses, which QRM can help you get to that language, but it’s a very different set of language, is often really where the business wants to be.
What’s the starting point for a CISO?
9:44.521
[David Spark] “There’s no such thing as a good market in security anymore. Only markets where you have a meaningful advantage,” this argued Ross Haleliuk of Venture in Security on LinkedIn. The moment one person has an idea, there are 10 companies trying to do the same.
We have seen VCs do this. What matters isn’t picking the right category. You have deep intuition, lived experience, unique insight, or distribution advantages. Now this echoes VC Chris Sacca’s question for startups, “What’s your unfair advantage?” Not, “What’s your differentiator?” So, as a CISO evaluating vendors, which I’m assuming you do, Hilik, how do you spot which startups actually have an unfair advantage versus those who could be ignored by the market?
Like what are telltale signs, I guess?
[Hilik Kotler] Yeah, I will, I will say five different things, and maybe it’s a lot, but for me, it’s extremely important. The first one is they need to understand the problem operationally, not the polished pitch deck version. The messy one, the real-world version.
what happens at 2 a.m. when alerts break down, where teams are overloaded? If they speak from lived experience instead of buzzwords, you can feel it immediately. Second, they need to tailor their value proposition to the business. The great ones don’t deliver the same pitch to every organization.
They understand that a global enterprise, a mid-sized company, financial services company, health or travel and hospitality ones have different priorities and competitive realities. If your solution sounds identical in every room, it’s not customer-centric, it’s product-centric, and that’s not what I’m looking for.
The third one, they need to reduce friction. Security teams do not need another dashboard. We need leverage. If adoption requires ripping out half of the stack or creating organizational drag, it’s not sustainable. Great vendors integrate naturally into workflows and make teams more effective without adding noise.
The fourth thing is data gravity, and that’s really important, especially today. Do they have a proprietary data source or feedback loop that compounds over time? If the product gets smarter only because OpenAI gets smarter, that’s not durable. If it gets smarter because of a unique telemetry or customer-specific insight, now we are talking.
And finally, it’s really important, they understand budget cycles, change management, audit implications, and long-term support. They are not trying to win a demo. They are building durable partnership. They think beyond the cell.
And here is the uncomfortable truth, Andy and David, at least in my experience. Most startups don’t lose because they lack innovation. They lose because they underestimate operational reality inside enterprises. So, when I evaluate a vendor, I ask myself, does this team have insight to my challenge others don’t?
Can they truly partner with us for the long term? And I also ask something more practical. Am I just another logo for their slide deck, their first major enterprise deal to showcase in a press release or brag about in front of their board? Or do they genuinely understand that working closely with my team, learning our environment, supporting us through real operational challenges will create long-term value for both of us?
[David Spark] All right. I want to say something to our listeners. We have a transcript of our episodes. You’re going to literally copy and paste everything that Hilik just said, and you’re going to put it up on your wall and you’re going to pay attention to it.
Andy, what are your thoughts?
[Andy Ellis] I mean, I’m a 100% with that. I might rephrase a couple of them. And then Hilik’s fourth point is really about the network effect, right? Do you have a network effect where the bigger your network of customers grows, the better your product is?
And if you don’t have that, then you’re ripe for disruption. Right? But the companies that’s like, “Oh, once we get to a 100 customers, the 101st customer is getting a 20% better product. And the 1,000th customer is getting a 40% better product. Like, that is huge because that’s how you build functional monopolies is where the value to price is increasing as your customer base grows.
So, that’s huge.
And the first thing is what I like to think of as an unjust advantage, not an unfair advantage, and I like the word “just” because the most dangerous phrase I’ve ever heard in technology is people who say, “Why don’t you just do X?” And there are so many problems where the just answer is wrong.
And if you understand that, and you can build the solution that nobody else is going to think to build, because you truly understand the problem, you’re deep in the operational realities. You know that the naive solution will not work. That gives you an unfair advantage because you actually are solving the real problem, not just the sort of surface skin problems.
So, those are the two things I would rephrase, but I think Hilik actually covered everything in there. And his sort of final point, which I think was woven into point three as well, is you actually have to know how to run a good company. A lot of startups are not running good companies.
[David Spark] We always forget that. [Laughter] It is also a business, after all.
[Andy Ellis] Yeah.
[Hilik Kotler] Yeah. Over time, you learn when you are another logo or when you are extremely important, and this is a real important point for founders.
[David Spark] Mm-hmm.
[Hilik Kotler] Working with smart teams in complex, fragmented, real-life companies, organizations, will bring them to the point that they are actually ahead of their competition. And this is the value that I’m always trying to work with the founders and with the leadership companies.
I know that the sales rep wants, [Laughter] at the end of the day, the paycheck. But again, if you understand the value, this is good partnership.
Sponsor – Vanta
16:32.642
[David Spark] Well, before I go on any further, I’m going to tell you about Vanta, and if you are not clued in, and even if you are even partially clued in, listen to this. No, it’s not your imagination. Risk and regulation are ramping up, and customers now expect proof of security just to do business.
We’ve heard this a lot, especially enterprises as well.
So, that’s why Vanta is a game changer. Vanta automates your compliance process and brings compliance, risk, and customer trust together on one AI-powered platform. So, whether you’re preparing for a SOC 2 or running an enterprise GRC program, Vanta keeps you secure and keeps your deals moving.
Companies like Ramp and Ryder spend 82% less time on audits with Vanta. That’s not just faster compliance. It’s more time for growth for your business because you do not want to spend all your time on compliance. You want to get started with this? I’m going to give you a website and it’s going to be a very specific one.
Vanta.com. You know that. But add the /CISO. Go Vanta.com/CISO. It is the easiest way to let them know that you heard about them from the CISO Series. Do me a favor. Vanta.com/CISO. Go check them out.
It’s time to play “What’s Worse?”
17:48.408
[David Spark] Hilik, I believe you are familiar with how this game is played?
[Hilik Kotler] Indeed, yes.
[David Spark] All right. I’ve got a good one. I like this one. I make Andy answer first. This comes from Dustin Sachs, who has sent us lots of wonderful ones. He’s with PsyberCog Labs now. And here you go, Andy. It’s going to be two different kinds of CEOs, I’m going to ask you which kind of CEO is worse.
Is it the CEO who wants zero risk, or a CEO who believes cyber insurance will replace security? Which one is worse?
[Andy Ellis] That’s a really fascinating two things to look at, and I’m trying to figure out what the CEO who wants zero risk means. Do they want you to tell them there’s zero risk, or do they want you to actually try to implement to zero risk?
[David Spark] Well, but hold it. This is like, and I remember asking this question on camera long before the CISO Series, which was, what do you say when the CEO says, “Are we secure?”
[Andy Ellis] Right. Like that’s the thing. CEOs will always ask you to say you’re at zero risk, but they don’t actually intend for you to go implement what it would take to get anywhere near there, even though you can’t. So, I’m trying to figure out, is this the CEO who wants you to tell them there’s zero risk or is this the CEO who basically is like, “Go spend whatever you need to eliminate risk”?
[David Spark] Oh, it’s definitely not that! It is definitely not the second one! [Laughter]
[Andy Ellis] I don’t think it’s that one.
[David Spark] I mean, if it was the second one, there’d be, you know.
[Andy Ellis] So, let’s just be honest. There’s the CEO who wants you to basically say, “Look, we got everything covered,” and there’s the CEO who’s like, “Look, I don’t need you. I’m just going to have insurance.” So, I’m going to say that one’s worse because I don’t have a job under that one.
[David Spark] [Laughter] That’s a good point.
[Andy Ellis] I have a job under the CEO who wants me to tell him that there is zero risk, and presumably he’s not saying zero risk with zero budget. Like I at least have a normal-ish security budget. But probably hard to get an incremental budget because he’s always saying, “But you’ve covered everything, right?
So, why do you need more money?” Or she, let’s be honest. I could have a female CEO who’s equally blind to crazy risk here. So, I think I’m going to go with the second one simply because…
[David Spark] Just because you wouldn’t have a job.
[Andy Ellis] I wouldn’t have a job there.
[David Spark] [Laughter] That’s a good point!
[Andy Ellis] That’s probably the worst outcome for the business. If you replace cybersecurity entirely, like you are just going to get breached. Good luck getting your insurance paid out the second time. Whereas in the first one, you still have a security program.
[David Spark] Well, okay. We’re going to assume that insurance will cover you if you have no protections at all whatsoever, which they would not.
[Andy Ellis] Right.
[David Spark] At all.
[Andy Ellis] They wouldn’t. But after you pay out the first breach, your insurance premiums are going to go up the following year. Like those are not static. So, I will violate the Nir rule slightly and just say you can’t keep buying cyber insurance at some point, or you might not even exist as a company.
[David Spark] All right.
[Andy Ellis] So, rambling.
[David Spark] No, but good rationale there. I thought that was interesting. I’m interested, Hilik, what do you think of this one? Which one’s worse? They’re both pretty bad.
[Hilik Kotler] Yeah, not bad. It’s like double down bad.
[David Spark] [Laughter]
[Hilik Kotler] Going into Andy’s comment, and I know that Andy’s always making it difficult on the CISOs but let me now make it harder on you. You said I will not have a job. So, I will go with the insurance, with the cyber insurance policy, and I would say, are you even want to work for this type of company where they think cyber insurance will do that job?
Not necessarily, right? So, this is not really the intent here, right?
[Andy Ellis] Oh. Certainly not. Just to be clear, that is half a joke there. There’s no cyber security program, so whether I want to work there or not doesn’t matter.
[Hilik Kotler] Yeah.
[David Spark] Well, he says it’s his CEO who believes cyber insurance replaces security, so you may not have a security department at all, yeah.
[Andy Ellis] Right. So, to apply the Nir rule to this one, I think we have to say you end up being a CISO without a team and without budget, but you can’t quit because you’re not allowed to change the situation.
[David Spark] Right.
[Andy Ellis] So, you have a job, but you don’t actually have a functional program because every time you try to spend money, they take it to go buy a cyber insurance premium.
[David Spark] But in the first scenario, you’re going to have a CEO who will never be satisfied.
[Andy Ellis] No, I actually don’t think it’s a CEO who will never be satisfied. I think it’s a CEO who’s going to require you to lie to them about… They’re not going to give you incremental budget because otherwise… We would all love that. If they’re like, oh, every time you say there’s a risk, they’ll give you money to go deal with the risk, like, that’s not a bad problem.
[David Spark] That would be wonderful.
[Andy Ellis] In the spirit of it being a bad problem, they don’t give you money, and they refuse to listen to new risks because they insist that you say risk is covered.
[David Spark] All right. Well, I still have not heard from you though. Hilik, where do you land?
[Hilik Kotler] I will take it differently, pivot-wise. First of all, I’m fortunate to work for amazing CEOs throughout my career, you know?
[David Spark] Yeah. By the way, when I read these, I’m not saying, “By the way, this is your company.” [Laughter]
[Hilik Kotler] Of course, but it’s very important for me to mention [Laughter] and I was fortunate. I would go with the first one being worse.
[David Spark] Oh, okay.
[Hilik Kotler] I think the first one is more strategic than the second one. The first one means a CEO that thinks that we want no risk in security probably will want no risk anywhere else. And risks, on a strategic level, you have risks everywhere. You have legal risk, you have security risks.
[Andy Ellis] It’s how you make money.
[Hilik Kotler] It’s how you make money at the end of the day. So, this is strategic. It will not be only around security, so probably they will not be as successful as maybe they could. The second one is related to security. At the end of the day, security, I’m a CISO, it’s extremely important.
But again, this is strategic. No risks whatsoever across the board. And this is cybersecurity, let’s go with insurance, whether it’s complementing the cyber program or [Laughter] replacing. Very, very bad, but less strategic than let’s have no risks whatsoever.
[David Spark] Hilik has a good answer there, Andy.
[Andy Ellis] I do actually like that answer. It’s a good one. I’ll accept that as a good way to disagree with me.
[David Spark] Oh. [Laughter] I’m glad you accept that.
[Andy Ellis] I’ve had people disagree with me just to disagree, which is I think where Hilik started, but he was actually able to parallel construct a way to interpret the scenario that made sense.
[David Spark] I think Hilik has a better answer than you do, although your answer is good because you are out of a job.
[Andy Ellis] Yeah.
[David Spark] [Laughter]
There’s got to be a better way to handle this.
24:34.865
[David Spark] “The greatest risk isn’t replacement. It’s the abdication of our values.” Karen Pfeifer of Pythian recently argued that in our rush to automate, we’re outsourcing not just tasks, but ethical judgments to systems that have no concept of ethics.
Given that AI is trained on biased historical data, when it makes a decision, it doesn’t just replicate human error. It can scale and harden that bias with terrifying efficiency. Pfeifer argues the classic human in the loop model can’t scale. Instead, she proposes humanity in the loop, a three-layer framework embedding human values at every stage, a values layer for strategic governance, a context layer for monitoring inputs and performance, and a judgment layer for high-stakes decisions.
This is a very interesting take. It’s an interesting take on the Isaac Asimov’s iRobot rules of robotics here. So, Hilik, do you agree with this? And if so, how would you actually operationalize this?
[Hilik Kotler] So, yeah, I agree with the spirit of what she’s saying, but I’d frame it slightly differently, with your permission.
[David Spark] Sure.
[Hilik Kotler] I think that the real risk isn’t that AI replaces us. It’s that we stop being intentional about what we encode into it. AI doesn’t have values. It reflects incentives, data, and guardrails. And so, the danger isn’t abdication to machines.
It’s abdication of governance by humans. And she’s definitely right about classic human in the loop doesn’t scale. You can’t put a person behind every AI decision if you are operating at platform scale. That’s not oversight. That’s practically a bottleneck.
Where I strongly agree is that values must be embedded upstream, but operationalizing humanity in the loop requires discipline in three very practical ways.
The first one is governance before deployment. You need a clear AI risk appetite, defined unacceptable use cases, and executive accountability. If no one owns the model’s outcome, you don’t have governance. You have experimentation. The second thing is instrumentation and monitoring.
The context layer she mentions is really about measurement. It means putting the right telemetry in place, monitoring for bias, tracking model drift, and using explainability metrics to understand how decisions are made. You don’t evaluate ethics abstractly.
You evaluate outcomes using data. And the third, escalation design. High-stakes decision must have defined breakpoints where automation pauses and human judgment reenters. Not randomly; intentionally. Especially in areas affecting financial harm, safety, or rights.
So, the key insight is this, in my opinion. You don’t scale ethics by adding more humans. You scale ethics by encoding clear principles into system design and continuously validating outcomes against them. AI will absolutely scale bias if left unmanaged, but it can also scale consistency, fairness, and access if governed properly.
So, I don’t think the future, human in the loop or humanity in the loop, it’s disciplined governance in the loop because values don’t belong inside the model. They belong inside the institution deploying it.
[David Spark] Hilik, that was, again, phenomenal. Andy, what are you going to add to that?
[Andy Ellis] Well, I think I’m being replaced by Hilik instead of an AI at this rate.
[David Spark] I believe you are right now. [Laughter]
[Andy Ellis] So, I read the whole essay here and I am underwhelmed. I’ll be very honest here.
[David Spark] Okay.
[Andy Ellis] I think there’s a lot of flaws in this approach. Like high level, there’s not bad ideas to think about this, but just to put in here two sentences that jumped out at me. One from very early on, where she talks about you set up an AI ethics and strategic governance board with HR and Legal and engineering leaders that will, and I quote, “Debate and codify the organization’s values and ethical red lines before a single line of code is written.” And then at the very end of the essay, it says, “Building a robust framework for human oversight is not about putting the brakes on innovation.” And I don’t think these two sentences can coexist.
Like, I don’t think you’re going to be able to get HR and Legal, let alone everybody else to agree on whether the red lines about values and ethics, like at any point within sort of finite time, like heat death of the universe might come first. But here’s sort of one of them.
I’ve got several problems with the way a lot of people are approaching AI and historical data.
First of all, the world is inherently biased. Let’s just start with that. Like tall people have certain advantages. Physically strong people have certain advantages. There’s a lot of bias in the world that is a natural description of what’s happening in the world.
And a lot of people assume that that means that’s something you can just eliminate, which means you’re going to add more bias in. There’s no such thing as debiasing. It is just more biasing. And so, anybody who starts from an approach where they’re very rigidly focused on that debiasing, I start to worry like what outcomes are you actually aiming for?
And that should actually be our conversation. We should not believe that we can build debiased AI. We should figure out like what are your ethical rules? What are you trying to establish?
And I jump back to a thing that was really popular, like almost half a decade ago, it was called the moral machine. And it was this program, I think somebody at MIT, researchers had put together that gave you a set of scenarios. You were an autonomous vehicle, and you could either remain in the road you were on or change lanes.
And sometimes you would run into a barrier. Sometimes you would run into people, and it would give you a scenario like there’s people in this crosswalk, there’s people in that crosswalk, there’s people in your car, there’s people not in the car. And then at the end, it would tell you how biased you were based on who you chose to kill.
Because you could only pick like I go this way or I go that way. If a car hits people, people die. If car hits a wall, car dies.
And I had a very simple rule, which is the vehicle should, if there’s a choice to not kill humans, don’t kill humans. Failing that, the vehicle should protect the humans who are in the car over humans who are not in the car. Failing that, it should protect humans who are following the law, not jaywalking, over ones who are not.
Like really sort of simple, like here’s my hierarchy of rules. That wasn’t in their model. So, they kept telling me things like, “Oh, you’re biased against, like you would rather kill women than men.” Because it gave me five scenarios in which like that was the underlying thing was that all the women were breaking laws or were doing things that put them into this problem.
And then I take the test again, it would give me the exact opposite result.
And this is where we need to focus on our data analytics when we think about AI, is where are there simple metrics that AIs are going to learn from and say, “Oh, I should filter on race because that’s simple,” when the real answer is “No, you’re filtering on economic status,” and there’s a bunch of things about racial data tied to economic status.
And if we’re not going to have those conversations, then we shouldn’t be bothering having these conversations at all.
Is AI going to help us or hurt us?
32:29.532
[David Spark] “We keep talking about AI alignment, but we can’t even align our teams.” How are we supposed to make sure AI is doing what we want when we can’t even manage the people around us? Argued Joshua Copeland of Crescendo. So, this is a good tag to our last segment.
Product teams optimize for velocity while security optimizes for control. Marketing wants data exposure. Legal wants data minimization. They’re all misaligned because they have varied objectives – I’ve seen this happen all the time – and therefore are measured differently.
Security is rewarded for saying no, engineering for shipping now, and compliance for documenting later. So, he warns that training AI models on our own organizations will just make them masters of office politics. [Laughter] I love that, that’s great.
Must we solve human alignment before letting AI run loose? We were just essentially talking about, this is really a good tag to this. Andy, or is it okay for AI to operate in our misaligned departmental models? What do you think?
[Andy Ellis] So, I love almost everything about this whole lead-in and paragraph. Like there’s so much quotable there that I just kind of want to go back to. I think my favorite was product teams optimize for velocity while security optimizes for control.
And I think there is a place for that; I think we do actually want to have Byzantine AIs. I think the model of saying you have one AI that makes decisions is a bad model. You should have, in every decision, you should have a designated AI whose job is to say no, to say, “Okay, we’re looking at doing this.
Why shouldn’t we?” Because that’s good human practice, right? The concept of a pre-mortem, which we’ve talked about on previous shows where you say, “What could go wrong?” Like, we want to train to have our AIs ask that question.
And so, maybe actually training AIs on office politics isn’t a bad approach and maybe we can make them more idealized. But have a world in which before we make a decision, there’s AIs that are like, “Here’s how to do it the fastest. Here’s how to do it the safest.
Here’s how to not do it.” And then synthesize to get to a better answer. Rather than trying to have humans only get one answer, maybe we can have AIs actually play out the arguments and make better choices by exploring more possible futures than humans are capable of.
[David Spark] All right. What is your take, Hilik, on this?
[Hilik Kotler] I’m aligned with Andy and less with the quote or the article. I think that we don’t have alignment problems because people are dysfunctional. We have alignment tensions because incentives are just different. To some extent, they are supposed to be.
A product should push for velocity. Security also needs to push for velocity, but we want to do it a little bit more responsibly. And Legal should push for risk minimization with regulatory constraints in mind. So, the tension is healthy. It’s how organizations avoid blind spots.
So, the problem isn’t misalignment. The problem is undefined prioritization when tradeoffs happen. AI doesn’t require perfect human harmony. That’s unrealistic. If we waited for that, we’d never deploy anything. What I feel AI does require is clarity at the enterprise level about how conflicts get resolved.
If growth and privacy conflict, which wins? If cost and resiliency conflict, which wins? If that hierarchy isn’t defined, AI will optimize for whichever signal is loudest in the data. And that’s when you get weird outcomes, not because the model is political, but because the organization might be, and we just don’t have the right conversations.
So, no, we don’t need to solve human alignment before deploying AI, but we absolutely need to have a clear enterprise-level objective, explicit guardrails, and escalation paths for high-risk decisions. AI should not inherit departmental incentives; AI should inherit enterprise priorities.
And it is the interesting part, sometimes AI exposes misalignment faster than humans do. When a model produces a decision that makes everyone uncomfortable, it forces the organization to [Inaudible 00:37:09] what it actually values. So, the real question isn’t are we aligned.
It’s have we decided what matters most when we are not? So, again, bottom line, AI doesn’t create politics. AI just makes incentives visible at scale.
[David Spark] That is a great close to this. Hold it, wait. Andy, did you want to say something?
[Andy Ellis] Well, so I had this realization as Hilik was talking that where AI is going to hurt us is once you are X’d outside the organization, and when you think about regulators and the ability of people to sort of challenge and bring in an AI-weaponizing process from outside an organization, where it’s not part of your organization, but it’s able to affect your organization.
Like imagine if you had to deal with every complaint that came in, before you could do something, some customer adversary weaponized AI to fill up your inbox with complaints.
[Hilik Kotler] Can I add one more component, David?
[David Spark] Sure.
[Hilik Kotler] So, there is one more thing that I hear too often, in my opinion, which I feel needs to be discussed. In today’s reality, security and product teams must be aligned. Not philosophically; operationally.
[David Spark] Right.
[Hilik Kotler] If security’s still acting as a late-stage gate that slows down the business because they’re afraid, [Laughter] that’s not a product problem. That’s a strategy problem on the security side. Modern security cannot afford to be a checkpoint.
It has to be embedded from inception. Product needs velocity, that’s how the business wins, and security’s job isn’t to resist that. It’s to design controls and guardrails early enough that velocity becomes sustainable. So, we are still constantly negotiating.
At the end of the process, something upstream is broken.
Now, bringing AI into this, AI will not magically fix misalignment. It will amplify whatever incentives and structures already exist. If security operates as a reactive control function, AI will optimize around it. If security operates as a design partner with embedded guardrails, AI will scale that discipline.
So, we don’t need perfect human harmony before AI, but we do need evolved governance. Security must adapt to the speed of the business, control must be automated, embedded, and measurable, and trade-offs must be explicit at the enterprise level. If we continue operating with gates, friction, and last-minute objections, the problem isn’t AI.
It’s the security team. It’s that our operating model hasn’t caught up with reality. AI just makes it much more visible and faster.
Closing
40:00.372
[David Spark] Thank you again. Two great endings for the show. So, thank you very much, Hilik. That was – I’m going to use a metaphor they probably never used in Israel – you knocked it out of the park.
[Andy Ellis] Oh, come on. The Israeli baseball team just had like two wins in the World Baseball Classic. Come on.
[David Spark] Did they?
[Hilik Kotler] Yeah, yeah.
[David Spark] How often do Israelis use baseball metaphors? Do they use them?
[Hilik Kotler] We don’t. No, no, no. We don’t. We don’t have baseball. Now there are some Americans that do, yeah.
[Andy Ellis] I mean, yeah, it’s mostly an American team playing for Israel.
[David Spark] Yes. It’s an American pastime, but I threw that metaphor in there.
[Hilik Kotler] Yeah.
[David Spark] Phenomenal job on today’s show. Thank you so, so much. I want to thank our sponsor, and that would be Vanta. Remember – automate compliance, manage risk, and accelerate trust with AI. Go to their website, vanta.com/CISO. It’s the easiest way to let them know that you heard about them through the CISO Series, vanta.com/CISO.
I’m going to ask you a closing question, by the way, Hilik, but first, Andy, as always, you did very, very well, but I think Hilik shined over you on this episode.
[Andy Ellis] He did. I love having a guest who is amazing and gives our listeners somebody to come listen to besides just listen to the two of us talk.
[David Spark] I know.
[Hilik Kotler] Listen, David, I prepared.
[Andy Ellis] Yeah.
[David Spark] Yeah. I could tell. Thank you. We love guests who prepare.
[Hilik Kotler] I’m a big fan of the show, and I knew that I cannot come without preparing in advance. It’s Andy and it’s you, and I enjoyed it greatly. So, really, really highly appreciated.
[David Spark] Well, we would love to have you back. Let me ask you a quick question. Are you hiring over at the Expedia Group?
[Hilik Kotler] Yes.
[David Spark] All right. So, our listeners can, if they’re interested, they go to the job board on Expedia Group. If they’re interested in a position, they can reach out to you via LinkedIn. We will have a link to your profile on the blog post for this very episode.
[Hilik Kotler] Absolutely.
[David Spark] Excellent. Well, thank you very much again, Hilik. Thank you again, Andy. And thank you to our audience. As I always say, and I always mean, and I’m not going to go into the earnest voice as I was doing before. I’m just going to say it straight up.
We greatly appreciate your contributions and for listening to the CISO Series Podcast.
[Voiceover] That wraps up another episode. If you haven’t subscribed to the podcast, please do. We have lots more shows on our website, CISOseries.com. Please join us on Fridays for our live shows – Super Cyber Friday, our virtual meetup, and Cyber Security Headlines Week in Review.
This show thrives on your input. Go to the Participate menu on our site for plenty of ways to get involved, including recording a question or a comment for the show. If you’re interested in sponsoring the podcast, contact David Spark directly at David@CISOseries.com.
Thank you for listening to the CISO Series Podcast.