CISO – CIO.works

Turning Tension Into Collaboration: How CIOs and CISOs Can Lead Together

By CIO / Blog / technology, cybersecurity, CIO, leadership, CISO

The article discusses the longstanding tension between CIOs and CISOs, highlighting that while this friction is natural due to their differing priorities—innovation versus security—it can be managed constructively to strengthen organizational resilience. It emphasizes the importance of clear accountability, collaborative risk management processes, and regular communication to turn tension into productive collaboration, enabling organizations to innovate securely without compromising cyber risk management.

https://www.cybersecuritydive.com/news/turning-tension-into-collaboration-how-cios-cisos-can-lead-together/821610/

State CISO Confidence Drops From 48% to 22%, NASCIO-Deloitte 2026 Study Finds

By CIO / Blog / risk management, cybersecurity, CISO, report

The 2026 NASCIO-Deloitte Cybersecurity Study reveals a significant drop in state CISO confidence, falling from 48% in 2022 to 22%, due to increased cyber threats, reduced federal support, aging infrastructure, and AI-enabled attacks. The study highlights the need for whole-of-state cybersecurity governance, AI risk frameworks, reassessment of federal program dependencies, and implementation of effectiveness metrics to help rebuild confidence in public-sector cybersecurity programs.

https://www.cybersecurity-insiders.com/state-ciso-confidence-nascio-deloitte-2026-study/

Cybersecurity Professionals Say High-Profile Incidents Boost Execs’ Credibility

By CIO / Blog / CISO, incident response, cybersecurity, career

A May ISC2 survey of nearly 800 cybersecurity professionals found that 76% believe leaders gain credibility by having managed real, high-profile security incidents, indicating a shift in attitude toward executives who have experienced breaches. Key traits fostering trust include strong communication of risk to senior leadership, a long-term cybersecurity vision, and the ability to work effectively with boards to secure budgets, emphasizing the importance of experienced and transparent leadership in cybersecurity.

https://www.itbrew.com/stories/cybersecurity-professionals-say-high-profile-incidents-boost-execs-credibility

More Money Is Going to Physical Security, but It’s Often CISOs That Oversee It: EY

By CIO / Blog / cybersecurity, CISO, budget, report

A recent EY survey reveals that organizations are increasing budgets for physical security, with nearly 80% allocating more funds, sometimes up to 50%, amid rising board oversight. However, many place responsibility for physical security with Chief Information Security Officers (CISOs), blending physical and cybersecurity, which can lead to under-resourcing physical protection; EY recommends centralizing security functions, clarifying accountability, and expanding security preparedness through integrated threat intelligence and realistic crisis simulations.

https://www.facilitiesdive.com/news/more-money-is-going-to-physical-security-but-its-often-cisos-that-overse/820077/

20 Leaders Who Built the CISO Era: 2 Decades of Change

By CIO / Blog / CISO, leadership

Dark Reading's 20th anniversary special coverage highlights 20 influential figures who shaped the CISO era over the past two decades, showing how cybersecurity evolved from a technical function to a critical business and national security role. The retrospective features pioneers like Steve Katz, the first CISO, and notable figures such as Dan Kaminsky, who uncovered the Great DNS Vulnerability, Marcus Hutchins, the hero who stopped WannaCry ransomware, and Troy Hunt, creator of the Have I Been Pwned? breach database, illustrating their diverse impacts in law, policy, threat intelligence, cybercrime, and device security.

https://www.darkreading.com/cybersecurity-operations/20-leaders-ciso-era-2-decades-change

What It Actually Takes to Build a Security Team That Works

By CIO / Blog / CISO, leadership

In March 2026, six security leaders discussed on Reddit the key elements of building effective security teams, emphasizing the importance of fostering a collaborative culture where security is seen as a resource rather than a roadblock. They highlighted strategies such as positioning security as the “department of engagement,” making secure practices easy through platform-based models, hiring thoughtfully with a focus on culture fit, and ensuring smaller teams and vendors build trust through documented processes and demonstrated maturity.

https://cisoseries.com/what-it-actually-takes-to-build-a-security-team-that-works/

The CISO Role Has Always Been Brutal. Here Is What Makes Some Survive It.

By CIO / Blog / leadership, CISO

Peter Liebert reflects on the challenging role of the Chief Information Security Officer (CISO), emphasizing that cybersecurity risks can be managed through people, processes, and technology but always involve residual risk based on an organization's risk appetite and resource allocation. He uses a restaurant menu analogy to illustrate how CISOs must offer informed risk options tailored to their leadership's preferences and priorities, highlighting that ultimate risk decisions rest with business leaders rather than CISOs themselves.

https://www.scworld.com/perspective/the-ciso-role-has-always-been-brutal-here-is-what-makes-some-survive-it

73% of CISOs Unprepared for the Next Big Cyber Attack, Incident Response Readiness Report Reveals

By CIO / Blog / CISO, incident response, cybersecurity, report

Sygnia's 2026 CISO Survey reveals that 73% of senior cybersecurity leaders feel unprepared to effectively execute incident response in the event of a significant cyberattack, despite widespread adoption of formal IR plans. Key challenges include organizational friction, visibility gaps across IT and OT environments, and a rapidly expanding threat landscape driven by AI, underscoring the critical need for improved executive alignment, comprehensive visibility, and strategic integration of AI to enhance cyber readiness.

https://www.sygnia.co/press-release/sygnia-released-ciso-survey-2026/

Businesses Are Paying the Price for CISO Burnout

By CIO / Blog / CISO, threads, cybersecurity, health

Burnout among chief information security officers (CISOs) poses a significant business risk beyond its personal impact, as it leads to high turnover, short tenures, and weakened security leadership continuity. Factors such as expanding job responsibilities, constant threat pressures, limited resources, and lack of enterprise-wide influence contribute to this issue, resulting in reactive security programs, increased costs, and diminished organizational resilience. Experts warn that addressing CISO burnout requires realistic job design, adequate support, authority, and resource allocation to ensure better retention and stronger business outcomes.

https://www.computerweekly.com/feature/Businesses-are-paying-the-price-for-CISO-burnout

How to Be Less Busy and More Effective in Cyber

By CIO / Blog / productivity, CISO, leadership, cybersecurity

The article discusses how cybersecurity professionals often mistake busyness for effectiveness, highlighting a new framework inspired by MITRE ATT&CK that identifies common unproductive patterns like excessive meetings and fragmented attention that degrade performance. Experts emphasize focusing on meaningful outcomes rather than activities, managing work-life boundaries, and regularly assessing tasks and meetings to improve both security posture and personal well-being.

https://cisoseries.com/how-to-be-less-busy-and-more-effective-in-cyber/