In this episode of The Security Sitdown, we talked with Margarita Rivera, Global CISO of Carnival Corporation, for an honest conversation about leadership, AI, and what it really takes to lead security at enterprise scale.
From an unexpected start in cybersecurity to securing one of the worldâs largest travel and hospitality organizations, Margarita shares the experiences that shaped her leadership style and career.
We dig into how AI is reshaping both cyber threats and defenses, why security challenges are more universal across industries than many realize, and what leaders need to prioritize as technology accelerates. The conversation spans third-party risk, breach response, and the constant tension between speed and security (including Margaritaâs Formula One-inspired approach to building programs that enable innovation without sacrificing safety).
Before we dig into the key insights from the conversation, you can watch the full interview with Margarita Rivera below.
TL;DR: Key Insights for Security Leaders
- Cyber challenges are largely universal across industries; the nuance is in delivery, not the fundamentals.
- AI is accelerating capability and risk, but success still comes down to data protection, visibility, and guardrails.
- Third-party exposure remains a dominant threat vector, and customers still see it as your risk.
- Modern programs are measured by resilience, detection speed, and containment, not perfect prevention.
- Security should be engineered into innovation, not positioned as a gate or slowdown.
- Leadership sustainability matters: resilience applies to humans as much as systems.
An Accidental But Transformational Entry Into Cybersecurity
Global CISO Margarita Rivera has spent more than two decades building and leading cybersecurity programs across multiple industries, from financial services to media, real estate, and now Carnival Corporation. Her journey didnât begin with a traditional technical path, but with curiosity, adaptability, and a business-first mindset that continues to shape how she leads security today.
âWhether youâre in one industry or another, the problems are the same. Itâs the same cyber, the same technology. The nuances change, but the backbone is very similar.”
Rivera began her career in financial services after earning a business administration degree. Cybersecurity entered her life unexpectedly when she was asked to support audit-driven security needs for firewalls and antivirus systems.
âIt was the most wonderful accident. I loved it – I was mesmerized.â
That experience set off a chain of events:
- Returning to school for certifications and a masterâs degree
- Being one of the few women in technical and leadership roles
- Building credibility through execution and resilience
- Growing into senior roles across multiple organizations
Now, more than 20 years later, she leads security as Global CISO of Carnival Corporation.
Cross-Industry Reality: Different Businesses, Same Cyber Challenges
Across every company sheâs served â construction, asset management, media, hospitality â Rivera has seen the same underlying truth:
âThe challenges donât really change from company to company. Weâre all dealing with the same kinds of risks â just expressed in different ways.â
That principle guided her during a pivotal chapter in North Carolina, where she helped stand up an entirely new cyber and technology program in the middle of a major divestiture effort:
- Standing up security architecture and privacy foundations
- Building programs from a âblank sheet of paperâ
- Hiring people who think differently
- Learning from peers and applying lessons across contexts
AI: The Next Transformation Wave (With Familiar Security Fundamentals)
Rivera views AI as both transformative and evolutionary:
âAI has been around a long time, whatâs changing is the pace and how deeply itâs integrating into the business.â
Her priorities include:
- Guardrails and transparency
- Protecting sensitive data around models
- Avoiding unintended training of external systems
- Educating employees on responsible AI use
- Leveraging AI to assist security operations and visibility
She compares this moment to the shift from on-prem to cloud:
âDifferent technology â same fundamental challenge: protect the data and gain visibility.â
Shared Responsibility and Human Awareness
For Rivera, security, especially with AI, is as much about behavior as technology.
âIf people understand the risks in their personal lives, they make better decisions at work.â
Building mindset and awareness isnât optional; itâs essential.
From Prevention to Resilience: Responding When Things Go Wrong
Earlier in her career, prevention was the dominant goal. Today, Rivera leads with a resilience-first mindset:
âYou canât prevent 100% of events anymore. Success is about how quickly you detect, respond, and contain.â
She recalls a major incident that originated through a third-party compromise, long before supply-chain risk became a mainstream topic:
- Sensitive data exposure across multiple states
- Weeks of remediation and regulatory coordination
- Customer impact, regardless of where the breach occurred
âCustomers donât say, âthe vendor made a mistake.â They see it as your responsibility. Third-party risk is your risk.â
Today, she emphasizes visibility across fourth- and fifth-party ecosystems as dependence on external vendors increases.
Balancing Speed and Security, Without Slowing the Business
Rivera rejects the idea of security as a bottleneck. Instead, she believes the function must be engineered into innovation itself.
Her favorite analogy? Formula One racing.
âF1 cars are built for speed but safety is engineered into every component. You donât sacrifice safety for speed. You build them together.â
For CISOs, that means:
- Embedding controls early in design
- Enabling experimentation with guardrails
- Reducing friction through transparency
- Positioning security as a strategic partner, not a gatekeeper
Leadership, Balance, and Human Resilience
The weight of the CISO role is real, and Rivera doesnât pretend otherwise.
âMost CISOs donât sleep very well. You have to be intentional about balance.â
She speaks candidly about boundaries, support systems, and buying back time when necessary, so she can lead effectively at work while remaining present as a parent, spouse, and human being.
âResilience isnât just for systems â itâs for leaders too.â
Why Sheâs Optimistic About the Future of Cybersecurity
Despite increasing complexity, Rivera is confident about the road ahead:
- AI is reshaping how teams solve problems
- Representation and diversity are increasing
- Security is becoming more embedded in business strategy
âWeâre becoming more ingrained in how companies operate, and thatâs exactly where security belongs.â
Like this conversation? Stay connected.
If you enjoyed this episode, subscribe to The Security Sitdown for more discussions with todayâs CISOs and security leaders â no jargon, no posturing, just honest insight from the people shaping the future of cybersecurity.