Mahmood Khan, SVP, Global Chief Security Officer, CNA Insurance: Safeguarding the Organization Against the Expanded Threat Landscape, SVP, Global Chief Security Office, of CNA

Join Us Now

When the global pandemic forced employees to work from home, each company’s digital footprint expanded exponentially, resulting in an inflated threat landscape for all organizations, according to research that HMG Strategy conducted with Zscaler.

HMG Strategy Founder and CEO Hunter Muller recently spoke with Mahmood Khan, SVP, Global Chief Security Officer, CNA Insurance in an HMG Spotlight interview regarding the leadership lessons he has learned since the pandemic along with the approach he uses to communicate the threat landscape to the C-suite and the Board.

The following is a condensed version of their discussion.

Hunter Muller: Mahmood, congratulations on being named as a 2023 Global Leadership Institute Large-Cap CISO of the Year recipient!

Mahmood Khan: Thank you so much, Hunter. It’s truly an honor to receive this award. Certainly, it’s a testament to all of the hard work with my CNA team, the unwavering the support of our exceptional leadership and the dedication of everyone that has contributed to our progress.

HM: How would you characterize your leadership style?

MK: I would describe my leadership style as one that values open communication and transparency. This extends to fostering clear communication within my team, ensuring they grasp the overarching vision and direction. Maintaining clear and open lines of communication, both internally and externally, to foster alignment, minimize misunderstandings, and propel successful outcomes.

Equally important is maintaining transparency throughout the organization. This principle of transparency applies to operational activities like security as well as the resolution of challenges and everything in between. My leadership philosophy is rooted in promoting transparency both organization-wide and in the everyday operations of our teams.

HM: We’ve been pushed to all sorts of extremes during the pandemic. What are the biggest lessons you and your team have learned over the past 40 months?

MK: The pandemic has certainly taught all of us valuable lessons – some of which have contributed to our growth and effectiveness. Two that are significant for me are adaptability and collaboration.

The rapidly changing landscape emphasized the need to remain flexible and swiftly adjust our strategies to align with evolving circumstances. In our roles as security professionals, we found it necessary to adapt our strategies in response to a substantial expansion of the threat landscape. This shift has arisen due to the imperative of protecting assets that now stretch well beyond the physical boundaries of our office spaces.

Secondly, collaboration has emerged as a key lesson. We’ve realized that combining diverse perspectives and skill sets within the team generates innovative solutions and enhances overall productivity.

These lessons collectively shaped our team’s approach, resulting in enhanced resilience, collaboration, and efficiency.

HM: Excellent. Talk to us a little bit about leading and communicating to the C-suite and the board.

MK: I wholeheartedly believe that navigating interactions with the C-suite and board is more of an art than a science, with adaptability being key. The focus should be on translating technical intricacies into strategic insights, and I’ve been fortunate to receive considerable support and guidance from my leadership.

When engaging with the board, presenting a holistic perspective is crucial. I find that illustrating how security initiatives directly impact the organization’s overarching goals fosters transparency and garners support and productive conversation around the challenges and measures being implemented to bolster security.

HM: Excellent insights, Mahmood. Clearly, generative AI is one of the hottest technologies that’s impacting organizations right now. What are your thoughts about it?

MK: From my perspective as a Chief Security Officer,  I view generative AI with a dual lens of immense potential and significant security considerations. While generative AI opens doors to extraordinary innovation and efficiency, the rapid adoption of such transformative technology introduces inherent security complexities.

I think the most important aspect as a security professional is facilitating the seamless integration of GenAI into an organization while ensuring robust protection measures. This involves crafting robust security frameworks, fostering collaboration across departments and governance models, and staying current with the evolving threat landscape specific to generative AI.

These forums encompass not only technology and business stakeholders involved in specific use cases, but also legal, compliance, and privacy experts.

Additionally, the involvement of HR is essential to orchestrate a holistic evaluation of diverse business use cases. This collaborative approach empowers all stakeholders to contribute insights, thereby aligning our efforts towards addressing challenges and fortifying the company’s security posture.

I believe this is a technology that is still evolving, and we all need to continue to learn and evolve with it.

HM: It’s a huge challenge. How do you get people to buy into your vision?

MK: It’s all about transparency, alignment and tangible data. Ultimately, it’s about demonstrating how your vision harmoniously integrates with the broader goal of securely empowering the business.

The more concrete the evidence, the smoother the alignment process becomes. In essence, garnering support for your vision revolves around transparently illustrating its resonance with business objectives, utilizing real data to substantiate your claims, and fostering a shared understanding of the strategic alignment.

HM: Excellent stuff. Talk to us a little bit about building a high performing team.

MK: The team is the most fundamental component of any endeavor,  and the people that work within our teams are the most important assets in our organization. I’m a big believer that if you don’t have the right players that are working cohesively, it will be hard for the team to achieve the goals.

In my view, the foundation lies in maintaining transparent communication and unwavering support. These principles are paramount in nurturing the collective unit that constitutes a high performing team.

Mahmood Khan will be a featured speaker at HMG Strategy’s 2023 Chicago CIO Executive Leadership Summit on September 19. To learn more about what Mahmood will be sharing at the summit and to register for the event, click here.

Join Us
Register to join our Executive Leadership Network & Newsletter.








Powered by