A SecurityWeek Event


An Exclusive Executive Forum Focused on
Information Security Leadership and Strategy

September 13-14, 2022

2021 CISO Forum Presented by


2021 Diamond Sponsors


2021 Platinum Sponsors


2021 Gold Sponsors


Silver Sponsors


2021 CISO Forum

SecurityWeek’s CISO Forum takes place annually at the beautiful Ritz-Carlton, Half Moon Bay, which has served as the venue of the forum since 2014.

Given the global situation resulting from the COVID-19 pandemic, SecurityWeek’s 2021 CISO Forum, Presented by Cisco, will take place virtually. Through a cutting-edge platform, attendees will be able to interact with speakers and sponsors, and visit networking lounges, specific zones & sponsor booths.

This  event is designed for security leaders to discuss, share and learn information security strategies. (Register)

Visit Here for the Latest Event Updates for the Virtual Edition

An Exclusive Executive Forum Focused on Cybersecurity Leadership and Strategy

September 14-15, 2021
Virtual Event – View Event Website

Throughout this two-day virtual event, sessions will have a strong focus on participation from CISOs in panel discussions along with talks from industry experts, analysts and other end users, and thought leadership, strategy and technical sessions.

Topics Include:

  • Fireside Chat: Adrian Stone: VP, CISO at Peloton
  • Winning Hearts and Minds on the Board
  • Designing and Architecting Security for a Hybrid World
  • CISO Panel: Navigating SBOMs and Supply Chain Security Transparency
  • Panel: CISO’s Guide to Building a Security Dream Team
  • Panel: The Top 5 Priorities of the Modern CISO
  • Defenders Playbook for Attack Simulation and Security Posture Validation
  • Virtual Expo and Networking
  • Identity-Focused Security for Your Zero Trust Journey
  • Winning Hearts and Minds on the Board
  • Securing Our Cloud Environment Against Hackers
  • Key Insights to Prevent Never-Before-Seen Cyber Attacks
  • SASE Industry Trends
  • Measuring Security and Building Trust with Leadership: Enabling Transformation Through Testing
  • How DevOps Can Make AppSec Testing Seamless
  • Addressing Sophisticated Supply Chain Attacks Head On with No Source Code Required
  • Much more! – Add to Calendar

Through a cutting-edge platform, attendees will be able to interact with speakers and sponsors, and visit networking lounges, subject-specific discussion areas, and sponsor booths in a virtual expo hall.

Adrian Stone

Adrian Stone


Anne Marie Zettlemoyer

Anne Marie Zettlemoyer

VP, Security Engineering

Caleb Sima

Caleb Sima


Allan Friedman

Allan Friedman (Invited)

Cybersecurity and Infrastructure Security Agency (CISA)
SBOM Champion

Summer Craze Fowler

Summer Craze Fowler

Argo AI

Fredrick Lee

Fredrick ‘Flee’ Lee

Chief Security Officer

Shaila Shankar

Shaila Shankar

SVP and General Manager of Cisco Cloud Network and Security

Jonathan Jaffe

Jonathan Jaffe


Aanchal Gupta

Aanchal Gupta

VP, Azure Security

Lena Smart

Lena Smart


Sounil Yu

Sounil Yu


Theresa Payton

Theresa Payton

Former White House CIO
Star of CBS TV series, “Hunted”, and Leading Cybersecurity Expert




September 24-26, 2019


1 Miramontes Point Rd, Half Moon Bay, CA 94019


+ 1 (650) 712-7000

There Is Life for the CISO After a Breach

02/03/2020 0

A survey of CISO attitudes conducted by Symantec and Dr Chris Brauer of Goldsmiths, University of London will surprise few CISOs, but should be required reading for other business leaders. It describes adrenaline junkies that fear burnout and worry about being scapegoats in an impossible position, but remain dedicated to their job.

Symantec questioned 3,000 European CISOs from the UK, France and Germany. The results (PDF) highlight what many in the security industry will immediately recognize: 82% of CISOs already feel ‘burnt out’; 65% feel that their work and position are set up for failure; 64% consider quitting their job; and 63% have considered leaving the cybersecurity industry altogether.

It is, in short, a highly stressful position. But despite this, 92% are ‘thrilled’ by their work; 92% are fully immersed despite the stress; and 90% are motivated by high pressure situations.

But despite the adrenaline junkie thrill of the job, CISOs remain pragmatic about the effect they can have. They are short-staffed, overwhelmed by the volume of security alerts received, and generally believe that the attackers have a higher skill set than the defenders. This leads to the common belief that it is not if, but when, there will be a breach.

The most interesting part of this report analyzes the ‘after the breach’ change in CISOs’ attitudes. Although 55% of CISOs fear they will be fired if a breach occurs on their watch, and 40% are afraid they will be held personally liable for that breach, nevertheless the experience of navigating an avoidable breach seems to favorably affect the CISO’s outlook.

The survey looked at the impact of known stress factors and compared responses between those (26% of the respondents) who had been through a breach with those that had not. The stress factors included increasing regulation, the alert workload, too much data with too many access points, infrastructure complexity, and the skills gap. On average, only 23% of the experienced CISOs felt that these factors increased their stress levels, while 47% of those that hadn’t experienced a breach felt associated increased stress.

This reduced stress appears elsewhere. “Only 19% of the ‘experienced’ group say they are concerned about [dismissal resulting from a breach] compared to 28% of those who had not been through a breach,” says the report. “They also cite less feelings of personal responsibility for incidents that could have been avoided (22% versus 37%) and are less likely to feel like they’re in a position where they were set up for failure (21% versus 35%).”

The beneficial psychological effect of experiencing a breach continues into job satisfaction. Twenty-three percent versus 47% feel burnt out; 22% versus 42% feel apathy or indifference toward their work; 20% versus 34% consider quitting; and 20% versus 34% consider leaving the industry.

At the same time, however, some of the adrenaline-based excitement of the work seems to dissipate. Far fewer breach-experienced CISOs remain thrilled in their work, fewer feel fully supported by the business, fewer believe they have the opportunity for creative problem-solving, and fewer believe the work provides an opportunity to make an impact/difference on the world.

“This data is fascinating,” comments Darren Thomson, Symantec CTO EMEA, “but it’s important to understand the context — in my experience, those people who have experienced a cyber security breach and come out the other side, become much more sanguine and less emotionally charged in their approach. It doesn’t mean security leaders become less committed to their responsibilities after a major incident. If anything, more of a ‘I’ve seen it all before’ mindset enables them to think more clearly, with a greater focus on longer-term, strategic priorities.”

One of the changes between breach-experienced and unexperienced CISOs noted by the survey is an increased willingness to discuss breach/attack experiences with others. Seventeen percent of experienced CISOs don’t talk to professionals outside of their business, compared to 32% of those who haven’t experienced a breach. Similarly, 14% versus 18% worry that sharing such information might adversely affect their career.

There is no direct data from the survey to suggest that cross-industry information sharing benefits cyber security, but it is a widely held belief supported by the authors. The report notes, “The problem is that there isn’t a substantive culture of sharing insights in the cyber security sector: 54% of respondents don’t discuss breaches or attacks with peers in the industry. Over a third (36%) of security professionals are also worried that sharing information about a breach during their watch — with peers, colleagues or prospective employers — would adversely impact their career.”

It then quotes Dr Steve Purser, Head of Core Operations at ENISA: “Security leaders, and the industry more broadly, need a framework for structured information sharing — whether for ongoing best practice, or as a process for learning from a breach. Enterprises or governments should be set up to handle at least three types of information. The first is strategic information for high level decision making. The second is operational information, used for improving best practices over the longer term. And the third is tactical information, such as indicators of security compromise, used for day to day responses. In each case this information should be shared with the context of a specific goal that’s being addressed.”

The implication is that CISOs do not share information, and that they should do so within a formal structure — that is, despite all other pressures and workloads, they should do something extra. It is possibly the formality of this type of information sharing that is the problem. In practice, CISOs actively seek their peers at conferences and forums, and do talk to each other about problems and solutions — but informally.

Overall, this survey provides an excellent overview of the pressures and difficulties faced by CISOs on a day to day basis. They don’t need to be told this, because they live it daily. The big takeaway for the CISO, however, is the less obvious discovery that not only is there life after a breach, it may well be a more contented life.

Related: Being CISO Is No Longer a Dead-End Job 

Related: How CISOs Can Demonstrate Business Value 

Related: Cisco Publishes Annual CISO Benchmark Study 

Related: An Ode to CISOs: How Real-World Risks Became Cyber Threats 

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe for Event News