From 2003-2004, Aman served as the Chief Technology Officer for AGF Technologies, during which time he also co-founded a company called Pi Squared Technologies, LLC. Subsequently, he served as a consultant for MasterCard, and an adjunct lecturer for Southern Illinois University, Edwardsville. In 2005, Aman started a new role with Citi, where he ascended to SVP, Group Information Security Officer. In 2015, he became the U.S. Chief Information Security Officer and Head of Enterprise Information Security Solutions for BMO Financial Group, where he was invited to assume the role of CISO. Aman joined Humana in 2020.

In this interview excerpt from the CISO’s Secrets podcast, Aman Raheja discusses his CISO career path, what it really takes to serve as a CISO in today’s world, and so much more. Don’t miss this!

You have accomplished a lot in your career. How did you get started in cyber security?

Interestingly, I can’t say that this was planned. Because it wasn’t. I did my undergrad in India and started out in software engineering. I started writing programs and doing software development.

The website that I took over from my predecessor actually got hacked, at which point my boss walked into my workspace and said ‘hey, you own this website now, go fix it’. I had no idea what was broken, so I had to teach myself how to do web hacking.

So that was my starting point — I simply used a couple of books, because that was in 2001-2002, and there wasn’t YouTube and all the Google information and the podcasts and everything that you have today.

I went off to Borders, bought a couple of books, and I still have them, as they remind me of my start. Taught myself how to do pen-testing, started to do pen-testing for other organizations in the St. Louis area, and just stuck with the theme.

That’s extraordinary. One of the things that I find interesting is that a lot of the leaders who I speak with started in the development world. How do you feel that that has contributed to your role as a Chief Information Security Officer?

I think that regardless of whether someone starts in software or system administration, it’s extremely helpful to have fundamental knowledge of the basics and of how things work. At the crux of what we do —underlying it— is a tremendous amount of engineering power. If you understand it well enough, you can actually do a lot better as an executive. I firmly believe that and think that a lot of successful people have development backgrounds.

Not to say that there aren’t executives without that type of depth — there are and they’re also successful…

So, technical knowledge is extremely helpful…although in and of itself, it’s not sufficient to be successful in a senior role.

A lot of people think that being a CISO is solely about information security. But the role has evolved, wouldn’t you say?

It has. Up until a point, it was sufficient for me to have the technical details about a topic, and to converse with management about it. But then, what changed was that at some point, I decided that I did want to get into management. Once you make that decision, there’s a completely different skill set that you need to work on…

It takes an ongoing learning mindset in order to be successful. It’s also important to be able to talk with the business in terms that leaders will appreciate…

We are digitizing every aspect of our business. There are so many elements of risk. Digital transformation is a double-edged sword, as it means that there’s more to be done when it comes to cyber security.

Yes, absolutely. Let me break my response up into two parts. First of all, I think that the definition of a transformation is continuing to evolve and change…I don’t know of any two companies that even define digital transformation the same way.

There was a point, earlier in my career, where we went through a digital transformation and it truly meant moving away from paper and digitizing…The definition of digital transformation then shifted to creating mobile applications. It moved to adopting cloud…The next phase of digital transformation, as we all know is…

Did you find this interesting? Get the full conversation here.

                                                                       For more CISO insights:

  • Check out this interview with the CISO of Archer Daniels Midland Company – See article
  • Explore cyber security training for C-level executives – Right here
  • Do you know about this CISO advisory service? – More information