So, your CISO is a bitch.
Okay! We have established that your special Sr. Manager CISO is a 10-ply bitch. But, how come? How did we go from badass hell raisers like the Cult of the Dead Cow and l0pht who dragged the corporate world kicking and screaming into acknowledging cybersecurity to baby-shit-soft pussies who go on LinkedIn to bat for a dude accused of fucking insider trading because they think the SEC will force them do their jobs?
My humble take is still the same: It's way too easy to bullshit your way to the kids' pretend c-suite. What's a "kids' pretend c-suite" you ask? It's the c-suite for CISOs. They report into three other Chiefs and think they have any kind of real power. Put it another way, they're like Maggie Simpson in the Simpsons' opening sequence: in the back seat pretending they're driving and honking, but we all know Marge's the one actually driving. We indulge them anyways.
After the insanity of that first wave of trivial overflows, absurd SQL injections, and baffling XSSs from the early 2000s that hit everyone, things got weird. Some enterprising folks figured out that corporate IT people are just as susceptible to grifters as old folks who buy quantum-magnetic-holographic knee braces to sort out their arthritis. You just need the right idiot with a big ego who's in charge of a budget. And, boy... did the market deliver!
Given that the people in charge of running a business generally don't give much of a fuck about these details, any dork with the right haircut, the right 3-piece suit, the right reproductive organs, and enough charisma/lack of shame to vomit some jargon at their bosses with a straight face without being called out can climb the corporate ladder. It doesn't matter if they know their shit or not (they don't), as long as everyone plays along. You will go on a PIP (short for "firing your ass with extra steps") if you dare to point out any obvious, fundamental, systemic issues with their sEcUrItY pRoGrAm. Don't make your boss look bad, homie. Even when they are. And they are.
But! How can they keep this shit up? Well, that's why there's a revolving door, and why they travel in dens (if you didn't know, a den is the collective of snakes). They have their loyal foot soldiers—faithfuls they bring along whenever they take a new job—whose main task is to insulate the boss from the unwashed masses. That's why your manager wants everything in neat Jira stories, why they have such a boner for standup meetings, retros, slide decks, etc: anything that resembles quality work done by following "industry best practices"(mega lol) is better than actual work. Actual work makes lack of competence visible. Going around in bureaucratic circles muddies the water, and that's good. PMPs are the best at this.
That's why you very rarely see individual contributors being promoted: they know where the skeletons are, and competent people are anathema to the process. Unless they're really lucky, their career will peak very far away from the actual peak. You can, of course, play the long game, fake your whole career, and, when you get to the top, BOOM! Pivot! It was always me, you fools! A competent person!
You see, it's not about the job. It's not about the profession. It's not about you. It's about their personal brand. If you can figure out a way to help them grow their personal brand, you're an asset. If you damage the brand, you're out. Somewhere in the middle? You're individual contributor for life, good buddy. That's why you can't get your CISO to accept the invite for that meeting they should definitely attend: they're too fucking busy writing about the cHaLlEnGeS oF aI on LinkedIn, writing nonsense on Twitter all day long, and spending 3 hours of the workday offering hot takes on a podcast no one listens to. You know, building and polishing their brand.
Your CISO is a 10-ply bitch because he's a corporate whore who will throw anyone under the bus if they make them look bad. And they're extra bitches because they can't even make it to the real show: the actual c-suite. And vCISOs? Get a real job.
If you need to vent, complain, revolt, etc., join our Discord server. We've got some beauties there who write amazing things like this:
Love,
傷跡の海賊
Have a song!
- Previous: Thank you.
- Next: We also suck, you know?