Unusual Gathering | Episode XVII | Guests Gary Hayslip And Rick McElroy

Conversations At The Intersection Of IT Security And Society that is also part of our Chats On The Road To RSA Conference | San Francisco 2019

Gary Hayslip | Rick McElroy

Sean Martin | Marco Ciappelli

This Episode:

Why the Role of CISO Sucks and What We Should Do to Fix It!

This is a conversation about a topic very dear to us here at ITSPmagazine; it is not by accident that one of our first columns when we started our publication was ‘An Infosec Life’ and since then many cybersecurity professionals have joined our podcasts, sharing their stories with us and, of course, with our audience.

Both Gary and Rick have been on a number of our podcasts and webcasts, and it makes us proud to know that we have contributed bringing this very important topic to the large stage of RSA Conference!

In their words, this is what this talk is about:

The role of CISO is an ever-slogging fight at times to implement security, reduce risk and train employees on basic security hygiene principles. The job tends to eat at security executives with its high stress and career risk, plus the role itself is still maturing. So what is a CISO to do? Who would want this type of job? Let’s talk about some ideas on how to help our peers thrive in this role.


On today's podcast, we want to share with you what motivated them to present this talk to such a large audience. They/we believe that people are ready to make changes and, as leaders in the space, CISOs need to take the matter into their own hands — starting by helping each other. It’s time to peel back the cover, have these conversations, and collaborate with their peers while being a good role model to their team.

Thanks to our sponsors as part of our Chats on the Road to RSA Conference:
Edgescan | Bugcrowd | STEALTHbits

For companies:
Learn more about sponsoring the Unusual Gatherings Talk Show

For individuals:
We are, and will always be a free publication.
Our mission is to raise awareness for cybersecurity by making it understandable, accessible, and part of everyone’s everyday life.
If you can donate $1/month, you can help us to make a difference.

Are CISOs a happy bunch of people?

The pressures associated with the role haven’t changed much for the better over the years. With the relatively new role comes the constant change with new rules designed to engage in a battle that never ends. For the simple reason that there’s money and power to be gained, the cybersecurity problem is never gonna go away. But what methodology can be applied to alleviate that sense of constant pressure?

Here’s a simple question that might really need an elaborate answer: At what point in an organization do other leaders truly step in and help the CISO?

With the growing complexity of these modern scenarios, do CISOs find that a portion of the stress they feel is in part due to the direction (or lack thereof) and constraints (or even blockers) coming from the top and other areas of the organization? Does this pull the role and the person in the role in many directions, making requests or driving action without really understanding what a CISO really must do in order to get his/her core job done?

While it is true that the CISO does have a seat at the table with others leaders in the organization, do they have the same authority as their peers in other roles? Or are they simply the scapegoat waiting for the inevitable event to occur?

Gary and Rick sought input from the CISO community and are prepared to present a look at the past, the present and the future of this figure in a modern company.

Remember, the bottom line is that even if the role of CISO does suck, there are many things that can be done to fix it, both from a business perspective and a community perspective. Maybe the first step will actually require that the community of cybersecurity professionals not only come together but stick together to fight the good fight — and not each other.

Despite the amazing talk coming to you at RSAC 2019, and all the conversations we are having on ITSPmagazine, all of this started, was shared, and grew because these professionals love their job and want to make it even better for the next generation.

As usual, we had a good time chatting with our friends Gary and Rick, and and we hope that you enjoy, share, and join this conversation as well.

See you at RSAC 2019

Let’s listen

Gary’s Thread on LinkedIn


Engage with Gary, Rick, and the rest of the community in this post


Black Hat Unusual Gatherings Episode On Camera