← Back to Library

The lazy myth that CISOs “don’t understand the business” has to go

By Ross Haleliuk · Venture in Security · · 14 min read

There are many things we repeat in security that are just not true. “Security is a department of “No” (if anything, security gets told ‘No’). “There is a talent shortage in cyber” (yes, there is a huge gap of senior specialized talent, but an oversaturation of entry-level talent). “Security is the most crowded market” (not even close; there are 5-10 times more marketing tech tools, fintechs, and many others). “Attackers only need to get it right once, defenders have to get it right every single time” (the opposite is true - attackers need to stay undetected, and a single mistake can fail them). “Sixty percent of small businesses close within 6 months of being hacked” (my friend Adrian Sanabria did a USENIX talk about this one and a few other myths).

We know that there is a lot of nonsense being repeated, and in the past decade, we have started to challenge it. There is now even a dedicated book titled “Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us” by Eugene Spafford, Leigh Metcalf, and Josiah Dykstra…The point is, we are moving in the right direction.

There are, however, several myths that are just too persistent, and many years later, they are still widely accepted as truth. In a previous article, I tackled two: that “we aren’t getting any more secure than before” (not true) and that “there are simply too many security tools and we need fewer of them” (also not true). This week, I am taking a stab at another egregious lie - that “most CISOs are really bad at understanding the business, can’t translate risk into business language”, etc.

This issue is brought to you by… Tines.

Everyone’s using AI - So why are workloads still growing?

99% of SOCs are already using AI, yet 81% say workloads increased in the past year.

To find out why teams have yet to unlock AI’s full impact, Tines surveyed 1,800+ security leaders and practitioners worldwide for their biggest Voice of Security report yet.

A few standout stats:

  • AI literacy and prompt engineering are the top skills security professionals need

  • 44% of security work is still manual

  • 87% report board-level attention to cybersecurity has increased in the last year

Get access to the full report here.

Two decades ago, there were few CISOs with a strong track record as business leaders

“CISOs aren’t business ...

Read full article on Venture in Security →

This excerpt is provided for preview purposes. Full article content is available on the original publication.