← Resources / Blog

The Security Sitdown with Margarita Rivera, CISO at Carnival Cruise Corporation

In this episode of The Security Sitdown, we talked with Margarita Rivera, Global CISO of Carnival Corporation, for an honest conversation about leadership, AI, and what it really takes to lead security at enterprise scale.

From an unexpected start in cybersecurity to securing one of the world’s largest travel and hospitality organizations, Margarita shares the experiences that shaped her leadership style and career.

We dig into how AI is reshaping both cyber threats and defenses, why security challenges are more universal across industries than many realize, and what leaders need to prioritize as technology accelerates. The conversation spans third-party risk, breach response, and the constant tension between speed and security (including Margarita’s Formula One-inspired approach to building programs that enable innovation without sacrificing safety).

Before we dig into the key insights from the conversation, you can watch the full interview with Margarita Rivera below.



TL;DR: Key Insights for Security Leaders

  • Cyber challenges are largely universal across industries; the nuance is in delivery, not the fundamentals.
  • AI is accelerating capability and risk, but success still comes down to data protection, visibility, and guardrails.
  • Third-party exposure remains a dominant threat vector, and customers still see it as your risk.
  • Modern programs are measured by resilience, detection speed, and containment, not perfect prevention.
  • Security should be engineered into innovation, not positioned as a gate or slowdown.
  • Leadership sustainability matters: resilience applies to humans as much as systems.

An Accidental But Transformational Entry Into Cybersecurity

Global CISO Margarita Rivera has spent more than two decades building and leading cybersecurity programs across multiple industries, from financial services to media, real estate, and now Carnival Corporation. Her journey didn’t begin with a traditional technical path, but with curiosity, adaptability, and a business-first mindset that continues to shape how she leads security today.

“Whether you’re in one industry or another, the problems are the same. It’s the same cyber, the same technology. The nuances change, but the backbone is very similar.”

Rivera began her career in financial services after earning a business administration degree. Cybersecurity entered her life unexpectedly when she was asked to support audit-driven security needs for firewalls and antivirus systems.

“It was the most wonderful accident. I loved it – I was mesmerized.”

That experience set off a chain of events:

  • Returning to school for certifications and a master’s degree
  • Being one of the few women in technical and leadership roles
  • Building credibility through execution and resilience
  • Growing into senior roles across multiple organizations

Now, more than 20 years later, she leads security as Global CISO of Carnival Corporation.

Cross-Industry Reality: Different Businesses, Same Cyber Challenges

Across every company she’s served – construction, asset management, media, hospitality – Rivera has seen the same underlying truth:

“The challenges don’t really change from company to company. We’re all dealing with the same kinds of risks – just expressed in different ways.”

That principle guided her during a pivotal chapter in North Carolina, where she helped stand up an entirely new cyber and technology program in the middle of a major divestiture effort:

  • Standing up security architecture and privacy foundations
  • Building programs from a “blank sheet of paper”
  • Hiring people who think differently
  • Learning from peers and applying lessons across contexts

AI: The Next Transformation Wave (With Familiar Security Fundamentals)

Rivera views AI as both transformative and evolutionary:

“AI has been around a long time, what’s changing is the pace and how deeply it’s integrating into the business.”

Her priorities include:

  • Guardrails and transparency
  • Protecting sensitive data around models
  • Avoiding unintended training of external systems
  • Educating employees on responsible AI use
  • Leveraging AI to assist security operations and visibility

She compares this moment to the shift from on-prem to cloud:

“Different technology – same fundamental challenge: protect the data and gain visibility.”

Shared Responsibility and Human Awareness

For Rivera, security, especially with AI, is as much about behavior as technology.

“If people understand the risks in their personal lives, they make better decisions at work.”

Building mindset and awareness isn’t optional; it’s essential.

From Prevention to Resilience: Responding When Things Go Wrong

Earlier in her career, prevention was the dominant goal. Today, Rivera leads with a resilience-first mindset:

“You can’t prevent 100% of events anymore. Success is about how quickly you detect, respond, and contain.”

She recalls a major incident that originated through a third-party compromise, long before supply-chain risk became a mainstream topic:

  • Sensitive data exposure across multiple states
  • Weeks of remediation and regulatory coordination
  • Customer impact, regardless of where the breach occurred

“Customers don’t say, ‘the vendor made a mistake.’ They see it as your responsibility. Third-party risk is your risk.”

Today, she emphasizes visibility across fourth- and fifth-party ecosystems as dependence on external vendors increases.

Balancing Speed and Security, Without Slowing the Business

Rivera rejects the idea of security as a bottleneck. Instead, she believes the function must be engineered into innovation itself.

Her favorite analogy? Formula One racing.

“F1 cars are built for speed but safety is engineered into every component. You don’t sacrifice safety for speed. You build them together.”

For CISOs, that means:

  • Embedding controls early in design
  • Enabling experimentation with guardrails
  • Reducing friction through transparency
  • Positioning security as a strategic partner, not a gatekeeper

Leadership, Balance, and Human Resilience

The weight of the CISO role is real, and Rivera doesn’t pretend otherwise.

“Most CISOs don’t sleep very well. You have to be intentional about balance.”

She speaks candidly about boundaries, support systems, and buying back time when necessary, so she can lead effectively at work while remaining present as a parent, spouse, and human being.

“Resilience isn’t just for systems — it’s for leaders too.”

Why She’s Optimistic About the Future of Cybersecurity

Despite increasing complexity, Rivera is confident about the road ahead:

  • AI is reshaping how teams solve problems
  • Representation and diversity are increasing
  • Security is becoming more embedded in business strategy

“We’re becoming more ingrained in how companies operate, and that’s exactly where security belongs.”

Like this conversation? Stay connected.

If you enjoyed this episode, subscribe to The Security Sitdown for more discussions with today’s CISOs and security leaders – no jargon, no posturing, just honest insight from the people shaping the future of cybersecurity.

Chapters