CISO as single point of failure: Zach Lewis, CISO at the University of Health Sciences and Pharmacy in St. Louis, believes the portion of CISOs looking to exit is even higher than the IANS findings.”I think it absolutely is higher than that. Every CISO I know now is open [to leaving]. They are all heavily looking. They want something new,” Lewis says, though he notes a difference in whether a CISO works for private enterprise versus a publicly held one. “Ever since the SEC started looking at charging CISOs, those [SEC] comments are making them skittish. They want to remain a CISO but not in a publicly traded company,” Lewis says. Cybersecurity consultant Brian Levine, a former federal prosecutor who today serves as executive director of FormerGov, has also seen heightened concern from CISOs at public companies.”When breach liability becomes personal and board support feels performative, CISOs start asking: ‘Is this worth it?’ Increasingly, the answer is ‘no,’” Levine says. “If boards want to retain top cyber talent, they need to stop treating CISOs like risk absorbers and start treating them like strategic enablers. Influence, budget, and legal protection aren’t perks: They’re prerequisites. That disconnect is driving some of the best out the door.”Levine also finds fault with the lack of meaningful CISO succession plans at many enterprises.”We need to build deputy pipelines and rotate talent. Right now, too many CISOs are single points of failure and they know it,” he says.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4127704/69-of-cisos-open-to-career-move-including-leaving-role-entirely.html
