[arethuza]

About 20 years ago I quite liked the idea of becoming a CISO - the CIO I worked for at the time talked me out of it - saying that the role would largely involve being ignored then, when something inevitably did go wrong, you'd get sacked.

[FreakLegion]

The board of a Fortune 1000 financial services company just fired the CISO and Deputy CISO because they did too good a job cataloging all of the risk in their infrastructure. Now that it's documented and defensibly quantified, the company is somewhat obliged to do something about it, and the board was not thrilled.

It can be a rough gig.