At the same time, Spiegel argues that scars from incidents can be valuable. “Frankly, suffering a breach is a candy badge of honour, and you learn a lot. If you’re hiring a CISO with a completely clean record, as far as you know, are they more experienced than those who have sat in the chair? Ultimately if you haven’t responded to a real incident, you’re not less valuable, but you’re not less valuable either of knowing how to respond.”
Despite the revolving door perception, Spiegel believes the profession is still maturing. “Working in this space, people are very supportive, and the competitive factor is relatively limited. People really want everyone and CISOs to be successful. We want to create some stability and standardisation around the space, so the industry, companies and customers we’re protecting know what they’re signing up for and can feel confident that it is a consistent and stable practice.”
So, are CISO tenures getting shorter? The answer is both yes and no. Across the board, CSIOs face relentless responsibility, exposure to risk, and the sense that no amount of preparation can fully shield against blame. For some, that’s enough reason to walk away. For others, it’s fuel to take on the next challenge.
