Are CISOs Struggling to Get Respect?
Are we headed for a mass CISO exodus? Organizations may have the budget for cybersecurity, but without a commitment to process, will it leave CISOs in the lurch?
Check out this post by Dan Maslin , CISO of 澳大利亚蒙纳士大学 , for the discussion that is the basis of our conversation on this week’s episode co-hosted by David Spark , the producer of CISO Series, and Lee Parrish , CISO, 纽威品牌公司 . Joining them is David Tyburski , vp of information security and CISO, Wynn Resorts .
Huge thanks to our sponsor, Palo Alto Networks !
CISOs need to stick around
CISOs continue to struggle for respect and longevity within organizations, especially as cybersecurity budgets come under increased scrutiny. Derek A. highlights the stark reality: “Average CISO tenure is around two years. The average CFO tenure is right around five years. Average CIO tenure is right around three years.” After years of rising cybersecurity budgets with limited visible impact, boards, CEOs, and CFOs will start demanding justification for escalating security costs. Limor Sylvie Kessem, CISM, CCISO of IBM points out that while organizations focus on growth, security teams are expected to do more with less: “The talk about security budgets is all about cuts while organizations have to push growth in what they offer—without additional security investment.”?
Culture forward
Building a strong security program isn’t just about technology—it’s about culture. Without buy-in from the organization, even the best security strategies will fail. “If you don't win the culture part, it doesn't matter how good your understanding of your risks is or whether you have the best people, processes, and technology—the program has to fail because nobody will care enough to help it succeed,” said Andrew Morgan . Albert Kolbach of Springbok Agency reinforces this idea, pointing out that retention is critical to maintaining security maturity: “If employees leave, then that also means knowledge disappears and costs even more than investing in retaining good staff and a healthy corporate culture.”
CISOs need support
It can be challenging to hold the cybersecurity line when you don’t feel the organization's full support for your mission. Brett Randall of Fractl highlights the tension: “It’s a stressful time for technology leaders who are aware of the potentially catastrophic business impacts of failing to ‘do cyber well,’ but at the same time either failing to get support or seeing budgets and headcounts slashed.” We’re seeing more calls for CISOs to get a more meaningful representation with leadership. “Information security is much more than a technology conversation. The reach into other functions is extensive. It’s time the CISO had a seat at the table to deliver effective change with real accountability,” said Adam McCaig of Bytes Software Services .
This isn’t always about budget
Sometimes, cybersecurity comes down to leadership and accountability. Jason Popp of 微软 is surprised that many boards and CEOs fail to recognize their ability to transform cybersecurity posture at little to no cost: “This can be done with minimal financial investment on existing layers, if accountability is defined, communicated by the CEO, and measured for each business unit.” Jason says cybersecurity is like health: "It’s time for everyone to eat more veggies and exercise more. Expensive pills aren’t the key to being healthier.”?
Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.
Huge thanks to our sponsor, Palo Alto Networks
Subscribe to Defense in Depth podcast
Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "Defense in Depth" into your favorite podcast app.
Join us TOMORROW, Friday [02-28-25], for "Hacking the Modern Audit"
Please join us on Friday February 28, 2025 for “Hacking the Modern Audit: An hour of critical thinking about improving quality and reducing cost to this critical process.”
It all begins at 1 PM ET/10 AM PT on Friday, February 28, 2025?with guests Leith Khanafseh , Managing Director, Assurance & Compliance Products, Thoropass ?and Brett Conlon , CISO, American Century Investments .?We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.
Thanks to our Super Cyber Friday sponsor, Thoropass
Cyber Security Headlines - Week in Review
Make sure you?register on YouTube?to join the LIVE "Week In Review" this Friday for?Cyber?Security?Headlines?with?CISO Series?reporter Richard Stroffolino .?We do it this and every Friday at 3:30 PM ET/12:30 PM PT?for a short 20-minute discussion of the week's cyber news. Our guest will be Andrew Wilder , CISO, Vetcor . Thanks to Conveyor !
Thanks to our Cyber Security Headlines sponsor, Conveyor
Cyber chatter from around the web... Jump in on these conversations
"How do viruses infect every file in matter of seconds?" (More here)
"What cybersecurity principle or tool would you judge a seasoned professional for not knowing about?"?(More here)
"How MUCH networking do I need in cybersecurity"?(More here)
AMA (“Ask Me Anything”) on r/cybersecurity
I’m a Cybersecurity Researcher specializing in AI and Deepfakes—Ask Me Anything about the intersection of AI and cyber threats.
This week CISO Series is running its monthly AMA ("Ask Me Anything") on r/cybersecurity.
This week’s discussion: Cybersecurity Researchers specializing in AI and Deepfakes on the intersection of AI and cyber threats.
Our participants:
Alex Polyakov, Founder, Adversa AI
Sounil Yu, CTO, Knostic
Daniel Miessler, Founder/CEO, Unsupervised Learning
Jump into the conversation here.
Coming Up On Super Cyber Friday...
Coming up in the weeks ahead?on?Super Cyber Friday?we have:
?Save your spot and register for them all now!
Thank you for supporting CISO Series and all our programming
We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!
Everything is available at cisoseries.com.
Interested in sponsorship, contact us.
CEO of STIC CONSULTANT COMPANY & Trainer at TRECCERT
15 小时前Align cybersecurity to business goals. showing how strong security supports innovation, protects brand reputation, and enables trust. Communicate risk in dollars and business impact rather than just technical metrics. Build relationships with other executives and actively participate in business strategy discussions. Drive a culture of security across the organization so they’re seen as a partner, not a blocker.
CISO at CSB
21 小时前Absolutely Andrew Morgan -If you don’t get the culture right, even the best risk awareness, top talent, robust processes, and cutting-edge technology won’t be enough—the program will fail because no one will be invested in making it succeed
CISO | InfoSec | Risk Management | GRC | Consultant | Business Administration | Bridging security expertise with business reality.
1 天前I'm continually bringing this font and center. Effective and efficient: "many boards and CEOs fail to recognize their ability to transform cybersecurity posture at little to no cost"