That’s not a context where you can realistically develop the management finesse, the personal gravitas, the political acumen you are now expected to have to succeed in the role, given the visibility it has acquired at the corporate level.
That’s why many CISOs are struggling. No doubt there are “ego” issues with some (it’s hard not to feel important when you are being paid a fortune), but beyond that, the role has simply become impossible for many and that’s where the “bad behavior” comes from, in my view.
Nobody can be expected to be credible one day in front of the Board, the next in front of regulators, the next in front of pen testers, the next in front of developers, the next in front of suppliers, and so on…
