Carl Froggett holds a dual role as both CISO and CIO at Deep Instinct. Prior to this, he served as CISO at Citi for nearly 17 years.
Combining CISO and CIO
Froggett has long held the view that the two positions have significant overlap, making a merged role appealing. However, this approach isn’t suitable for every organization. Citi employs over 200,000 people, while Deep Instinct has fewer than 200. Merging the CISO and CIO roles would be unmanageable for a single person at Citi, but functions effectively at Deep Instinct.
“At their core, both the CISO and CIO serve the same purpose,” he clarifies: “they both support the business. The CIO oversees the technology strategy — the software, the infrastructure, the cloud approach, and so on — while the CISO is tasked with making sure all of that remains secure.” In simple terms, each role relies on the other to properly support the business.
“Zero risk doesn’t exist,” he adds, “unless you’re willing to shut everything down and call it a day.” So, the business can’t function securely without the CISO. But at the same time, the business can’t function at all without the infrastructure the CIO provides — there would be nothing to shut down in the first place. Technology and security must collaborate for the organization’s benefit.
When the two roles are held by different people, friction can arise, even though cooperation is essential. When they’re combined, conflicts are more easily sidestepped, but objectivity can suffer.
“What you sacrifice — and I’m very conscious of this every time I make a call — is the impartial perspective and the opposing view,” he went on. “So, I rely on my IT team to push back on me constantly. The culture here is: ‘if you have something to say, speak up.'” He strives for an environment of openness where everyone challenges one another. “The biggest risk of combining the roles is that you can develop tunnel vision if you lack that opposing perspective; and tunnel vision can lead to poor decisions.”
Early career
Froggett’s path began with a passion for technology, earning a BSc in Computer Science from Loughborough University. He started out working as a contract engineer before joining Salomon Brothers in 2004, where he spent nearly four years, primarily as a network engineer.
During that time, Salomon was acquired by the Travelers Group, which then merged with Citicorp to form Citigroup. Froggett didn’t technically “leave” Salomon — he simply found himself working under the Citigroup umbrella in 1998 (which later rebranded to simply Citi in 2003).
But the corporate rebranding (effectively transitioning from Salomon to Citi in 1998) brought with it a major shift in his responsibilities. He moved away from IT engineering — the hands-on, technical work of keeping computers running — and stepped into the role of EMEA Information Security Services Manager at Citi, a position he held for roughly 9 years before being promoted to CISO. He went on to serve as Citi’s CISO for nearly 17 years.
Transitioning to cybersecurity
“I began my career in a variety of technology roles — systems administration, email, DNS, and trading systems. I was working in a trading environment [at Citi] in the early 2000s,” he recounts. This happened to be the era when business operations were migrating to the internet, and cybersecurity was establishing itself as a recognized and distinct profession. Communication had traditionally relied on physical wiring from point A to point B; but was now shifting to software-defined virtual networks that were far more vulnerable to attack.
“Given my broad experience across many technologies, I was asked to evaluate the security risks and exposure of these new communication methods,” he explained. “That’s how I stumbled into cybersecurity. But I immediately fell in love with it, because I thrive on the challenge. That sense of excitement hasn’t faded — more than 20 years into my security career, it’s still going strong.”
The reason, he noted, is that security always trails behind emerging technologies. “Look at AI and large language models today. Security perpetually lags behind the cutting edge — you’re always playing catch-up. You have to devise creative ways to reduce risk in the short term until the technology matures and built-in security controls catch up. We’re seeing this right now with guardrails, prompt injection, and other AI-related concerns.”
He doesn’t believe the fundamental need for inventive solutions to bridge that gap will ever go away. New technology keeps advancing ahead of that curve, and security must constantly find ways to address the challenge. “I’ve always relished that challenge, and over the years it has only grown more critical. And it will keep growing more critical. The short answer to why I got into cybersecurity is that someone asked me to look at a security problem they couldn’t solve. And I never looked back because I loved it.”
Froggett was given the chance to move into cybersecurity because Citi recognized that his deep technology background would help him understand and address security challenges. History has shown that Citi made the right call — but he never lost his equal passion for technology itself and always believed that technology and cybersecurity should advance in lockstep while both serving the organization’s interests. It’s no surprise that the pull of both disciplines would ultimately lead him to a role that merges the two — which is Carl Froggett today: CISO and CIO at Deep Instinct.
Being a leader
His career trajectory took him from engineer and system administrator to leading large teams across both information technology and cybersecurity. What defines a leader — and can anyone become one?
“I wasn’t a leader. I wasn’t born to lead,” he admitted.
“I’ve always wanted to be part of something greater than myself, and that means working within teams. I never had an issue with teamwork. Leadership, for me, came about through opportunity. I didn’t go looking for it — it came to me. And I ended up managing a small group of technical staff that eventually grew to more than 200 people.”
It may have happened organically, but it still came with difficulties. “One of the toughest things in my career — something I don’t often discuss,” he continued, “was the transition. I was part of a technical team, and I was a senior technical person. I wasn’t the official team leader, but the team would turn to me for informal guidance and support.”
He became the unofficial, ‘anointed’ leader of
He began as a regular member of the team. However, due to a particularly challenging problem, he was given a temporary, yet official, promotion to team leader. As often happens, what was meant to be short-term became permanent. Almost immediately, his role shifted from focusing solely on technical solutions to being accountable for the people themselves.
“That period was incredibly difficult. Overnight, the way my colleagues interacted with me changed. I felt cut off. My responsibilities expanded beyond just guiding the technical vision and architecture; I was now in charge of the team members—their performance reviews, their pay, their problems, their ambitions, and their professional development. It was a genuinely hard personal transition for me.”
Froggett didn’t naturally step into leadership; the role was placed upon him. What quality allowed him to not only manage but excel as a leader? “Empathy,” he explained. “Not only empathy for the individuals, but also empathy for the business itself.” This suggests Froggett views leadership as a connection linking the team’s personal dedication and goals with the company’s overall strategy and mission.
Career Advice
“When an opportunity presents itself, you invite it in. Never refuse an opportunity outright. You don’t have to commit to it immediately, but you can’t possibly accept it if you don’t first explore it.”
His career path clearly demonstrates he followed this principle.
“Here’s another instance,” he shared. “While working at Citi, the organization sought managers to collaborate with HR on developing leadership training programs. I was a manager, not in a senior leadership position, but I seized that chance. Ultimately, I ended up leading and delivering training and development sessions for hundreds of leaders across Citi.”
“Embracing opportunities was likely the most valuable advice I ever received. You broaden your network, meet new people, work on diverse projects, and deepen your expertise. You gain experience by navigating unfamiliar and uncomfortable situations, learning from those experiences, and then applying those lessons in completely different contexts.”
Some might attribute his success to luck. “It’s not mere chance,” he stated. “You create your own fortune by tackling difficult challenges head-on, working through them, and continuously evolving. If you remain stagnant, guarding your existing knowledge, you won’t progress. Therefore, being open to opportunities was probably the single most important piece of guidance I ever got.”
He offers the same counsel to his current team members, but with one crucial addition: Be transparent. “Mistakes happen. Don’t hide them; let’s address them directly. Minor issues can escalate rapidly.” This approach benefits him as a leader and also reveals which team members are eager to advance.
“Not everyone desires growth. Maslow’s hierarchy shows us that individuals have varying core motivations. However, when I recognize a team member’s desire to develop, I draw upon my own experiences with opportunity. I strive to provide those opportunities and encourage them to understand the value of seizing them.”
It’s a double-edged sword. He gains personally from their development. “I want them to grow because I believe it leads to their best work and increases their likelihood of staying with us.”
However, that personal development can also fuel greater ambition. “I had a team member who joined me as a fresh graduate. He rose to become a manager within my team, overseeing a significant division. Today, he leads risk management at the London Stock Exchange. He’s achieved remarkable success. Many others have followed similar paths, and I’m truly proud to have contributed to their achievements. My leadership philosophy centers on nurturing the whole person, not just their output.”
Primary Cybersecurity Concern for Today
We’ve discussed Froggett’s journey to his current position. But what cybersecurity issue currently weighs most heavily on his mind?
“Artificial intelligence,” he stated. “I see enormous potential benefits from AI for individuals, society, medical breakthroughs, and other major advancements. Conversely, it also carries significant potential for harm. From a security standpoint, we’re already witnessing this, as malicious actors exploit generative AI models to cause damage. We’re seeing them use gen-AI to write malicious code, eliminating the need for specialized skills. Gen-AI enables intent-based actions rather than requiring detailed instructions. Historically, hackers needed strong coding abilities and extensive expertise to be highly effective.”
That barrier is now gone thanks to gen-AI. While the warning signs are already present, he believes the situation will deteriorate. “It’s only a matter of time. We’ve seen this pattern before with cloud computing, the internet, battery technology, and chip technology. Progress seems to hit a wall, appearing to stall, until a major breakthrough occurs, and then advancement accelerates rapidly again.”
Companies, particularly security firms like Deep Instinct, possess deep AI expertise and are well-positioned to counter adversaries using AI. “But when I consider the broader community—my family, my parents—I’ve been actively educating them about the very real threats they already face, such as deepfakes, sophisticated phishing attacks, and highly realistic scams targeting ordinary people. It’s concerning because humans are generally trusting by nature, and I’m unsure of the solution. This genuinely keeps me up at night, especially considering I have two daughters in their early twenties.”
He also anticipates AI will significantly disrupt traditional career paths, including “the kind of career progression I was fortunate enough to experience.” Instead of requiring 100 highly skilled software developers, companies might only need one expert in AI prompting to accomplish the work of 100 people.
“I view AI as a force multiplier, but that might translate to fewer entry-level opportunities. I don’t believe they’ll vanish entirely in the near future, but I am concerned about the negative societal impact such a transformative technology could have.”
Does he fear AI might diminish human intelligence compared to machine intelligence? “I’ve fluctuated on this. We used the abacus, then pen and paper, then calculators, and now we use Excel. Yet, there are still plenty of brilliant accountants and mathematicians. So, I see these as tools that help us progress faster. The optimistic side of me hopes AI will be the same—a tool enabling us to achieve things much more rapidly, for the betterment of society.”
But every glass half full is also half empty. “Regarding human creativity, we see the impact already. I look at LinkedIn, and I know the people posting, and I can tell they didn’t write those messages themselves. It’s clearly just low-quality, AI-generated content.”
This represents the fundamental paradox of AI. If viewed optimistically, it could be an incredible tool for boosting human creativity and productivity. If viewed pessimistically, it becomes a substitute for genuine creativity and a path to mediocrity. Considering Froggett’s background, this challenge is precisely what energizes him in cybersecurity—finding innovative ways to navigate the complexities of AI concerns and unlock its potential benefits.
Related: CISO Conversations: Keith McCammon, CSO and Co-founder at Red Canary
Related: CISO Conversations: John ‘Four’ Flynn, VP of Security and Privacy at Google DeepMind
Related: CISO Conversations: Maarten Van Horenbeeck, SVP & Chief Security Officer at Adobe
Related: CISO Conversations: Kevin Winter at Deloitte and Richard Marcus at AuditBoard
