In this candid conversation, Nikk Gilbert, Chief Information Security Officer at RWE, shares his perspective on zero risk myths, burnout, organizational pace, and why resilience is the real strategy. His answers are unfiltered and grounded in decades of frontline experience.
Q: Can a company ever really achieve zero risk if it spends enough?
“No company can achieve absolute zero risk — but what you can achieve is the confidence that when incidents happen, you’re prepared, tested, and ready to respond effectively. That is real strength, and that’s where investment truly pays off.”
Q: Burnout is a huge problem in your role. How do you avoid it?
“This role is demanding, but sustainability matters. I’ve learned that balance doesn’t mean counting hours — it means energy management. I aim for work-life harmony. When I’m at work, I’m fully engaged. When I disconnect, I recover. That rhythm keeps me sharp, and it means the company gets my best, consistently.”
Q: What should boards and executives really hear from a CISO?
“Boards deserve clarity. They need to know that cyber risk is not about perfection but preparation. Attackers will always try — what matters is that the company has the right plans, people, and response capability. With strong preparation, we keep the narrative under control: RWE is resilient, capable, and never caught off guard.”
Q: What about organizational speed?
“Every organization has its natural pace. The goal of a CISO is not to fight that, but to align with it and still move forward steadily. A battleship doesn’t turn quickly, but once it turns, it’s unstoppable. That’s the power of discipline and direction.”
Q: At the end of the day, how do you see your role?
“Cybersecurity is one part of a much larger machine. Our job is not to be the center of attention, but to quietly ensure resilience is built into the company’s DNA. When risk becomes reality, our role is to steady the ship and protect trust. That’s leadership in action, even if it’s behind the scenes.”