What Happened
Carl Froggett combines CISO and CIO. He currently occupies both positions at Deep Instinct. Before then, he was CISO at Citi for almost 17 years. The post CISO Conversations: Carl Froggett – Combining CISO and CIO at Deep Instinct appeared first on SecurityWeek .
Why It Matters
The article reports that Carl Froggett serves in a combined CISO and CIO role at Deep Instinct, following nearly 17 years as CISO at Citi, and is responsible for both information security and IT operations at a cybersecurity-focused company. This dual role centralizes accountability for security and infrastructure, which can streamline decision-making but also concentrates risk around governance, segregation of duties, and oversight. From a CyberSE.AI perspective, organizations adopting similar combined CISO/CIO structures should formally define responsibilities, decision rights, and escalation paths to avoid conflicts of interest and ensure robust security governance and independent risk oversight. AI CISO Advisory can help design governance models, role charters, and reporting structures that maintain strong checks and balances when security and IT leadership are merged.
CyberSE Analysis
This signal maps to compliance / governance. Organizations using AI agents, LLM APIs, SaaS integrations, or sensitive data workflows should review whether this class of issue could create unauthorized tool execution, data leakage, weak approval gates, or unmanaged supply-chain exposure.
Recommended Actions
- Restrict AI agent tool permissions and production write paths.
- Review sensitive data access across prompts, logs, embeddings, memory, and SaaS integrations.
- Add human approval workflows for high-impact or state-changing actions.
- Run prompt injection and indirect prompt injection tests against affected workflows.
- Document the owner, control gap, and remediation deadline for this risk class.