The Casino Approach: Why CISOs Should Play to Win

Rapid7's Thom Langford on Why CISOs Should Embrace Rather Than Avoid Risk Mathew J. Schwartz (euroinfosec) • June 17, 2025

Cybersecurity leaders have always viewed risk as something to eliminate, mitigate and avoid. But casinos offer a different perspective on risk management. "It's extremely rare for a casino to go bankrupt, to go out of business, and that's because they understand and embrace risk, rather than just let things happen to them," said Thom Langford, EMEA CTO at Rapid7. "They monitor and watch every single piece of the casino - the individuals, the tables, the pit bosses, the croupiers - and they're looking for signs and patterns, so they can control what's going on."

See Also: Enterprise Browser Transforms App Delivery and Compliance

When it can be understood, measured and monitored, risk can be an asset, Langford said. This casino approach to cybersecurity means continuously monitoring all elements ...