 |
KitecastAuthor: Tim Freestone and Patrick Spencer
Kitecast features interviews with security, IT, compliance, and risk management leaders and influencers, highlighting best practices, trends, and strategic analysis and insights. Language: en-us Genres: Technology Contact email: Get it Feed URL: Get it iTunes ID: Get it |
Listen Now...
Aaron McCray: Ferrari Security: Speed With Guardrails
Episode 50
Wednesday, 11 March, 2026
Can you drive a Ferrari at 150 miles per hour without its enhanced safety package? Sure. Should you? That's the question Aaron McCray, Field CISO at CDW and retired U.S. Navy Commander with 27+ years in information warfare, poses to every CISO still white knuckling their way through 2026 with a 2021 playbook. In this episode of Kitecast, host Patrick Spencer and McCray dig into why the old way of doing security isn't just outdated—it's dangerous.McCray traces the CISO's evolution from post-COVID belt-tightener—the person whose job was to consolidate tools, justify every dollar, and basically serve as the "office of no"—to something far more consequential. Today's CISO needs to be a strategic risk executive who speaks the language of CFOs, not just firewalls. That means understanding EBITDA, financial risk quantification, and how a $350,000 investment in multi-factor authentication can translate into $35 million in reduced risk exposure. If you can't make that pitch, McCray argues, you're getting left behind.The conversation takes a sharp turn into the AI landscape, and McCray doesn't hold back. He's seen PCs, the internet, and mobile technology reshape the world over his career, but nothing compares to what AI is doing right now. "I don't mean that to sound like hyperbole," he says. "I really don't." The speed, the capability, the risk—it's all unprecedented. And while organizations scramble to harness AI's potential, many are sleepwalking past the dangers. Shadow AI is McCray's particular concern. He describes employees accessing public AI tools through browsers, unknowingly opening backdoors that exfiltrate proprietary data and invite threats back in.That leads to what might be the podcast's most important thread: ethics. McCray pulls no punches with real-world examples. One global organization trained AI to screen resumes and ended up systematically discriminating against qualified women. Another rushed self-driving technology to deployment before it was ready, resulting in a pedestrian's death. His message is blunt—just because you can doesn't mean you should. And without humans in the loop, governance frameworks, and genuine ethical guardrails, AI will optimize for whatever you point it at without ever asking whether it should.McCray also makes a compelling case for data security posture management, arguing that data isn't just a cybersecurity problem—it's a business problem. His parting advice for CISOs? Stop leading with fear, uncertainty, and doubt. Stop blocking innovation. Start enabling the business to move fast—but safely. He compares it to buying a Ferrari that you can drive it stock, or you can invest in the enhanced safety package. When you're doing 150 down a two-lane road, you'll want those features.LinkedIn: https://www.linkedin.com/in/awmccray/ Website: https://www.cdw.com/ Recommended Reading: Walt Powell, The CISO 3.0: A Guide to Next-Generation Cybersecurity Leadership Check out video versions of Kitecast episodes at https://www.kiteworks.com/kitecast or on YouTube at https://www.youtube.com/c/KiteworksCGCP.
