Cybersecurity leadership often looks decisive from the outside, but inside the role, it’s defined by tradeoffs, resource constraints, and the constant challenge of preparing for risks you can’t yet see. CISO Diaries exists to capture that reality. This interview series goes beyond frameworks and tooling to explore how CISOs actually operate day-to-day: how they allocate attention, prioritize finite resources, lean on trusted peers, and translate cyber risk into business-relevant decisions. By focusing on routines, habits, and hard-earned lessons, CISO Diaries offers a grounded look at modern security leadership in practice.
About the Interviewee: Andrew Wilder
Andrew Wilder is a seasoned cybersecurity and risk executive with more than 25 years of experience spanning consumer packaged goods, retail, manufacturing, financial services, logistics, healthcare, and consulting. Currently Chief Security Officer at Vetcor, Andrew has led large-scale global security transformations across North America, Latin America, Europe, and Asia, architecting organizational and security program redesigns that have driven more than $100 million in cost savings.
At Vetcor, he built the cybersecurity strategy and team from the ground up, rapidly increasing cyber maturity from 43% to 97% in just 12 months. His leadership experience covers nearly every major security domain, including cyber risk quantification, cloud and identity security, security operations, incident response, DevSecOps, data privacy, third-party risk, and OT/IoT environments. Known for his pragmatic, business-first approach, Andrew focuses on presenting clear risk scenarios and options to leadership, ensuring security decisions are informed, scalable, and aligned with real-world constraints.
How do you usually explain what you do to someone outside of cybersecurity?
I help protect our business from Cyber attacks.
What does a “routine” workday look like for you, if such a thing exists?
Plenty of meetings. Balance between leadership, peers, my team, and our partners.
What part of your role takes the most mental energy right now?
Ensuring that we are utilizing our finite resources in the best way.
What’s one security habit or routine you personally never skip? (Work or personal.)
Multi-Factor Authentication.
What does your own personal security setup look like? (Password manager, MFA, backups, devices, at a high level.)
I use a physical security key.
What book, podcast, or resource has influenced how you think about leadership or security? (Doesn’t have to be technical.)
My favorite Cybersecurity book is Cybersecurity First Principles by Rick Howard.
What’s a lesson you learned the hard way in your career?
Not to get my heart set on a specific solution. My role is a Subject Matter Expert in Cyber Risk. I need to present the business with that risk and options to address it.
What keeps you up at night right now, from a security perspective?
The risks we don’t know about.
How do you measure whether your security program is actually working?
Internal and external assessments.
What advice would you give to someone stepping into their first CISO role today?
Leverage your peer network. I have learned a ton through the many CISO groups that I belong to.
What do you think will matter less in security five to ten years from now?
Perimeter.
Looking ahead 10 years, what do you believe security teams will spend most of their time on that they don’t today?
Running groups of AI agents.