{"id":5512,"date":"2025-10-23T07:00:00","date_gmt":"2025-10-23T07:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=5512"},"modified":"2025-10-23T07:00:00","modified_gmt":"2025-10-23T07:00:00","slug":"why-must-cisos-slay-a-cyber-dragon-to-earn-business-respect","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=5512","title":{"rendered":"Why must CISOs slay a cyber dragon to earn business respect?"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>How CISOs respond to a major security incident can be a make-or-break moment for their career.<\/p>\n<p>Although one in four security leaders <a href=\"https:\/\/www.csoonline.com\/article\/4040156\/25-of-security-leaders-replaced-after-ransomware-attack.html\">find themselves replaced after a ransomware attack<\/a>, for example, other CISOs are finding incident-hardened experiences \u2014 with transparent and successful outcomes \u2014\u00a0to be <a href=\"https:\/\/www.csoonline.com\/article\/4033026\/cso-hiring-on-the-rise-how-to-land-a-top-security-exec-role.html\">increasingly sought after in the hiring market<\/a>.<\/p>\n<p>A recent survey underscores this point, with 65% of security leaders saying that leading an incident response elevated their internal reputation, while only 5% said it hurt it.<\/p>\n<p>According to <a href=\"https:\/\/cytactic.com\/resources\/cybersecurity-incident-response-management-report-2025\/\">Cytactic\u2019s survey<\/a> of 480 senior US cybersecurity leaders, including 165 CISOs, \u201ca well-managed incident response demonstrates that security is a business enabler that protects revenue, brand reputation, and operational continuity in times of extreme stress. The CISO who leads a successful response elevates not just their own reputation, but the perceived value of the entire security program.\u201d<\/p>\n<p>The report added: \u201cA well-managed incident demonstrates resilience, competence, and calm under pressure, which are highly valued by boards and CEOs.\u201d<\/p>\n<p>Repeat-CISO <a href=\"https:\/\/www.linkedin.com\/in\/mymso\">Michael Oberlaender<\/a> experienced firsthand this internal respect boost after a successful defense.\u00a0<\/p>\n<p>\u201cWhen I spoke up during meetings, and I raised \u2014 slightly \u2014 my voice to speak, the entire room went silent and listened.\u00a0I was sometimes surprised and thought I was not clear enough in what I said and looked into people\u2019s faces to see if they understood. Then I realized they were just carefully listening and following,\u201d he says.\u00a0\u201cBusiness line leaders were more open to hear what I had to say.\u201d<\/p>\n<p>Oberlaender, who was given \u201cfull authority to sign the checks during the major crisis,\u201d also found that Finance took his requests more seriously in the wake of his defense success, he says.<\/p>\n<p>Cybersecurity consultant <a href=\"https:\/\/formergov.com\/directory\/brianlevine\">Brian Levine<\/a>, a former federal prosecutor who serves as executive director of FormerGov and previously served as managing director for cybersecurity at EY-Parthenon, contends that a better budget position is really the only concrete improvement a CISO might expect after a successful defense, and even then not because of any new admiration for the CISO but because a large attack happened and improved defenses are needed.<\/p>\n<p>For some CISOs, the issue is visibility and communication, Levine says, giving an example of an enterprise that was hit with a massive ransomware attack. Because of the excellent upfront work by the CISO\u2019s team, nothing was lost. Everything was backed up perfectly. So why wasn\u2019t the CISO hailed as a hero?\u00a0<\/p>\n<p>\u201cHe had been telling the board \u2014 and presumably his CEO \u2014 for months that his team prevents some 50,000 attacks a day. So when his team <em>really<\/em> prevents one, the board shrugs,\u201d Levine says. CISOs \u201ckind of normalize the idea that the company is constantly under attack. That is certainly true, but it makes it very difficult for the board to get worked up over preventing a single attack.\u201d<\/p>\n<h2 class=\"wp-block-heading\">In defense of defense<\/h2>\n<p>Moreover, this issue begs the question: Why should a security leader need to experience a major cyber incident to earn business colleagues\u2019 respect?<\/p>\n<p><a href=\"https:\/\/www.forrester.com\/analyst-bio\/jeff-pollard\/BIO10584\">Jeff Pollard<\/a>, VP and principal analyst at Forrester, says this enterprise perception problem is \u201cjust part of human nature. If we don\u2019t see the bad thing happening, we don\u2019t appreciate all of the things that were done to prevent that bad thing from happening.\u201d<\/p>\n<p>Of course, if an attack turns into an incident and defense goes poorly, \u201cit can easily turn from a hero moment to a scapegoat moment,\u201d Pollard says.\u00a0<\/p>\n<p>Oberlaender, who now works as a cybersecurity consultant, is among those who believe hard-earned experience should be rewarded, but that\u2019s not what he\u2019s seeing in the market today.<\/p>\n<p>Historically, \u201ca smart company would not hire a greenhorn into the CISO seat, but a battle-tested, really and truly experienced CISO with multiple decades of experience,\u201d Oberlaender says. \u201cBut unfortunately, in the current business climate, the opposite is happening. Companies hire cheap, inexperienced, unqualified, non-knowledgeable, and often so-called virtual CISOs for a fraction of the salary and then wonder why they have data breaches and poorly managed incidents exploding in their face.\u201d<\/p>\n<p>Meanwhile, security leaders have other avenues for fortifying their positions in the business ranks, other industry experts suggest \u2014 for example, focusing on the financial value they deliver in terms of winning and retaining customers.\u00a0<\/p>\n<p>CISOs \u201cfeel that they need to fight off an attack to show value, but there are many other successes they can do and show,\u201d says <a href=\"https:\/\/www.infotech.com\/profiles\/erik-avakian\">Erik Avakian<\/a>, technical counselor at Info-Tech Research Group. \u201c<a href=\"https:\/\/www.csoonline.com\/article\/551891\/how-cisos-can-create-security-kpis-and-kris.html\">Building KPIs<\/a> is a powerful way to show their value.\u201d<\/p>\n<p>\u201cShow [the CEO and other executives] what they are getting from these tools in terms of cost avoidance,\u201d Avakian says, offering email spam filters as a low-level example. \u201cWithout those filters, far more emails will clog employee inboxes and that will deliver less efficiency\u201d and productivity.<\/p>\n<p>Those other executives \u201cunderstand dollars and cents\u201d and the problem is that too many CISOs \u201cdon\u2019t bother to show the actual value in real KPIs down to those dollars and cents,\u201d Avakian says.<\/p>\n<p><a href=\"https:\/\/www.pluralsight.com\/authors\/chris-jackson\">Chris Jackson<\/a>, a senior cybersecurity specialist with tech education vendor Pluralsight, reinforces the frustration that many enterprise CISOs feel about the lack of appropriate respect from their colleagues and bosses.\u00a0<\/p>\n<p>\u201cCISOs are a lot like pro sports coaches. It doesn\u2019t matter how well they performed during the season or how many games they won. If they don\u2019t win the championship, it\u2019s seen as a failure, and the coach is often the first to go,\u201d Jackson says. \u201cIn the same way, CISOs can go 10 years without a breach, but a single incident can end their tenure. Too often, CISOs become the convenient scapegoat.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>How CISOs respond to a major security incident can be a make-or-break moment for their career. Although one in four security leaders find themselves replaced after a ransomware attack, for example, other CISOs are finding incident-hardened experiences \u2014 with transparent and successful outcomes \u2014\u00a0to be increasingly sought after in the hiring market. A recent survey [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":5513,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-5512","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/5512"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5512"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/5512\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/5513"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5512"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5512"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5512"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}