Cybersecurity Is Not Working: Time To Try Something Else
Technative, Monday, April 28th, 2025
The bottom-up approaches most have been pushing for 20 years around cybersecurity have simply failed
I think it is time to accept that the role of the CISO, in its historical construction, was never born out of a positive and proactive management decision.
It was very rarely created - at first - in response to the true realization by senior management of the need to protect the business from real and active threats.
The original iteration of the role, in the late nineties for the early adopters, belongs to that first decade of infosec, which was entirely dominated by risk and compliance considerations: The Security Transformation Research Foundation established this quite clearly through its 2019 semantic analysis of the content of 17 annual Global Security Reports from EY.