Meg Anderson has spent nearly two decades leading enterprise cybersecurity, most recently as vice president and chief information security officer at Principal Financial Group. There, she helped shape cyber strategy and advised the board on digital risk.
With her experience in the C-suite trenches, Anderson is widely respected for her insights on cyber resilience and digital transformation. She’s also known for her commitment to mentoring the next generation of security leaders.
In the conversation below, Anderson—one of the 12 CSO Hall of Fame inductees at this year’s CSO Conference & Awards—shares her take on the technologies shaping cybersecurity, how the CISO role is changing, and why talent development is more important than ever.
What emerging security technologies are you most excited about, and why?
Meg Anderson: As a retired CISO in financial services, I’ve seen the threat landscape evolve from rudimentary malware to nation-state actors and sophisticated ransomware-as-a-service operations.
These days, I’m most excited about AI as a force multiplier that can surface threats in real time, automate workflows, and anticipate attacker behavior. It’s encouraging that both major security vendors and scrappy start-ups are investing heavily in AI. I’m hopeful that the focus on AI will improve detection accuracy and response speed. But as we all know, AI is also being weaponized by adversaries, and we’ll need equally sophisticated defenses to counter that.
I’m also watching data protection and identity and access management, which continue to evolve rapidly with zero trust, behavioral biometrics, and adaptive controls. I’m particularly interested in how AI can enhance these areas.
Deepfake detection is critical as well, particularly in financial services, where trust is everything. It’s very concerning that malicious actors can convincingly impersonate a customer, executive, or employee. So I’m watching closely as new tools come out to verify authenticity in voice and video.
I am excited but cautiously optimistic. The tools are getting smarter, but so are the adversaries.
Which technologies are you most cautious about from a CISO’s point of view, and why?
Meg Anderson: I’m cautious of “solutions” that don’t solve a strategic problem. CISOs only have so much budget and mindshare. You need to understand where a tool fits in your investment and strategic roadmap. There were times when my team was able to explore new technology and times when we needed to stay focused on planned initiatives.
But it’s important not to be too rigidly fixed on your plan because things change. When experimenting with emerging technology, I always used an intentional approach with clear goals of what we hoped to learn and how we would measure success.
Most CISOs are understandably cautious about emerging technologies that are rushed to market before they’re truly enterprise-grade. When employees see that “everyone else” is adopting the new, cool tech, they want to do so as well. But finding the right guardrails that allow for experimentation and fast adoption can be tricky.
What’s your assessment of the pace of tech innovation right now, and what is your advice for companies to keep up?
Meg Anderson: The speed of innovation is both thrilling and exhausting. But instead of chasing every paradigm shift, be intentional. Build a strategy that lets you absorb innovation on your terms, tied to business goals. Most companies simply can’t afford to be on the bleeding edge across every domain. And that’s okay.
What’s critical is having visibility into what’s coming, so you don’t build something that could be bought off the shelf tomorrow.
One underused strategy is deepening your relationships with existing vendors. I always encouraged my teams to ask vendors the hard questions: What’s on the horizon? How are they integrating AI? Are they investing in interoperability, or locking you into a silo? And just as importantly: Are your contracts structured to allow agility? Can you pivot quickly if a vendor rolls out a game-changing feature or product?
A close vendor relationship requires trust. But if you choose vendors wisely, you’ll be able to adopt new capabilities without procurement and integration headaches.
What are your predictions for the workforce over the next 5-10 years? Are you worried AI will cut out the entry-level rung for workers?
Meg Anderson: This is a critical issue, especially for those of us who’ve spent our careers building cybersecurity teams. I care deeply about the talent pipeline.
It’s true that foundational tasks like log analysis and ticket triage are being automated. But I don’t believe AI will eliminate junior talent; it just means the bar is shifting. Entry-level workers will need to bring more critical thinking and adaptability. They’ll be expected to work alongside AI, not beneath it.
This isn’t the first time we’ve seen such a shift. When I started as a developer before 2008, automation was reshaping how we coded, tested, and deployed. The programmers hired a decade later had a completely different toolkit and mindset.
So it’s important to hire for today’s job descriptions as well as tomorrow’s skills. Build mentorship programs, rotate junior staff, and expose them to strategic thinking early. The tools may change, but in cybersecurity, human judgment and ethical reasoning will always be irreplaceable.
How has the role of the CISO evolved during your career, and where do you think it’s headed regarding leadership and business influence?
Meg Anderson: The biggest change has been the expansion of the CISO from a niche technology leader to a leader engaging across the enterprise.
Early in my career, my focus was more on building out the technology platforms within our team. But as information security became a board-level concern, our team shifted to an enterprise-wide security strategy grounded in business outcomes. It wasn’t just about protecting systems; it was about protecting the commitments the company made to customers, investors, and other stakeholders. This shift benefited from the growing pressure on executive management to ensure that cyber risk had the proper oversight.
Accountability for security became clearer once cyber performance showed up in C-suite goals, metrics, and annual incentives. This gave the CISO more influence. Conversations about weak software development, phishing threats, and vendor due diligence hit harder when framed in terms of budgets, bonuses, and brand reputation rather than just technical risk.
As the role evolves, the CISO needs to remain front and center in risk management discussions. There’s an opportunity for more consideration of cyber risk outside of the information security team, just like a lot of financial risk is managed outside of the finance team.
What are your plans in retirement to continue advising companies on staying innovative and strengthening cybersecurity?
Meg Anderson: I’m currently advising a few companies—not through formal engagements, but by mentoring cybersecurity leaders. It’s been incredibly rewarding to help them navigate career decisions and leadership challenges. It’s less about telling them what to do and more about helping them think through the “why” and “how.”
One thing retirement experts don’t always prepare you for is the persistence of your expertise. It doesn’t vanish the day you leave the office. If anything, it becomes more distilled. But figuring out what to do with that knowledge—whether to share it, monetize it, or simply let it evolve—is a deeply personal decision.
A big lesson I’m trying to embrace is: don’t say yes to anything in the first six months of retirement. That’s been harder than I expected, and I’m trying to embrace the pause. But whatever I do next, it will be intentional, meaningful, and aligned with the kind of impact I want to have.
Learn from the Leaders Shaping Cybersecurity
Meg Anderson is just one of the security visionaries being honored at the CSO Hall of Fame. Join us at the CSO Conference & Awards to hear directly from top CISOs, explore strategic security insights, and gain actionable guidance for your organization. Register now to secure your spot.
No Responses