Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The CISO role is too often just a game of roulette. The big question is whether the CISO is actually able to effect changes that have material impact on their own fate, by improving security posture. If not, then the CISO is merely compensated to play the scapegoat when luck is down.


CISOs aren't the only heads that roll.

Security incidents will often directly impact platform and infrastructure teams, who's leadership and EMs heads roll as well.

If there is a very public breach, literally everyone director upwards will inevitably get purged over the 12 months post breach.

I've worked on enough cases like this to see it happen.


If it doesn't affect stock price, though, then the CEO, board, and shareholders are all incentivized to keep IS costs low, and ignore any costly security recommendations.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: