Daniel Bowden (CISO at Marsh McLennan) has led cybersecurity across some of the world’s most risk-sensitive industries. Known for his pro-active approach to cybersecurity training, we asked him to reflect on how he navigates regulatory landscapes; builds cross-functional trust; and creates real-world learning opportunities for the next generation of cyber talent.
Here’s what he told us.
“Healthcare and insurance are both highly regulated, risk-sensitive environments, but their risk profiles and attack surfaces differ significantly.
In healthcare, patient safety and privacy are critical, making cybersecurity tightly linked to clinical operations – where a breach can have life-or-death consequences.
“Conversely, the insurance sector involves managing complex regulatory requirements, vast amounts of sensitive financial data, and high expectations around business continuity and resilience.
“When transitioning between sectors, I approached it with humility – listening, understanding the specific risk language, and tailoring threat models to the regulatory landscape. My strategy anchored security to business outcomes rather than rigid frameworks, viewing compliance as a baseline. I prioritised operational resilience, data governance, and real-time risk intelligence. Because effective cybersecurity must adapt to each sector’s unique challenges.”
“Relationships are your force multiplier. When you move sectors, your technical skillset won’t save you – contextual awareness and political acumen will. So the lesson is…don’t show up thinking you're the smartest person in the room. Show up curious. Listen more than you speak, and build credibility with the business first.
“Also, don’t underestimate the cultural shift. Every industry has its tempo, jargon, and unwritten rules. Understand those quickly, or you’ll get stuck solving the wrong problems.
“And finally, bring a framework for decision-making, not a rigid program. Adaptability beats orthodoxy every time.”
“My perspective on internships and student programs has only strengthened over time. I believe meaningful, impactful work is essential for developing the next generation of cybersecurity professionals. Students need hands-on experience with real threats and challenges, not just shadowing or menial tasks, to build skills, confidence, and passion.
“At Marsh McLennan, we foster an inclusive environment that promotes learning, mentorship, and career growth through initiatives like the ‘Tech Gig’ program – a diverse, global collaboration of 20-25 security professionals and 35 colleagues from across our technology and business units. It encourages rich interactions, problem-solving, and knowledge sharing, demonstrating how meaningful engagement accelerates growth and innovation.
“Empowering students and professionals with real work enhances their development, but it also strengthens our collective cybersecurity resilience, so we can stay adaptive and prepared in a rapidly evolving threat landscape.”
“Early in my career, I thought cybersecurity was about locking things down. Control everything, restrict everything, prevent everything. Classic ‘castle-and-moat’ mindset.
“Now, I see security as an enabler of trust and resilience, not just a blocker of bad things. The real mission is risk-informed decision support that enables the business to operate confidently in a world of uncertainty.
“I’ve also learned that you can’t firewall your way out of systemic risk. You need visibility, intelligence, and adaptability. Security must be dynamic – aligned to business priorities and scalable across complex ecosystems.”
“I’d say: “Learn the business, not just the tech.” Knowing how to configure firewalls, detect intrusions, or write a killer incident report is valuable. But understanding how your business makes money, serves customers, and navigates risk – that’s priceless. “I’d also remind myself that cybersecurity is a team sport. You’ll need alliances in legal, compliance, finance, operations. Win hearts and minds early, or you’ll be stuck fighting alone. “And one more thing: never waste a crisis. When things go sideways (and they will), that’s your moment to lead.”
Thanks to Daniel Bowden at Marsh McLennan. Get your pass to attend Black Hat MEA 2025 and learn directly from the leading minds in cybersecurity.
Join the newsletter to receive the latest updates in your inbox.
Breach costs may be falling, but 90% of cyber leaders say their jobs are getting harder. A new Ponemon report reveals why securing mission-critical operations remains so challenging.
Read More
Mobile scams are exploding. Learn why hackers are targeting phones and why this isn’t just a financial threat – it’s a personal, emotional threat too.
Read More
Explore the complex psychology of threat actors with insights from cybersecurity leaders Lance James and Jason Lau. Empathy meets strategy.
Read More