{"id":14483,"date":"2025-07-22T07:15:48","date_gmt":"2025-07-22T07:15:48","guid":{"rendered":"https:\/\/newestek.com\/?p=14483"},"modified":"2025-07-22T07:15:48","modified_gmt":"2025-07-22T07:15:48","slug":"the-ciso-code-of-conduct-ditch-the-ego-lead-for-real","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=14483","title":{"rendered":"The CISO code of conduct: Ditch the ego, lead for real"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

Some CISOs just suck.<\/p>\n

Not because they don\u2019t know security. Not because they aren\u2019t smart. But because their egos have taken over. They\u2019ve forgotten how to be decent, collaborative, self-aware human beings. The title went to their head. The influence got addictive. The attention from vendors, peers, and press inflated a sense of importance that has nothing to do with real leadership. And let\u2019s be honest: Too many people are too afraid to call it out.<\/p>\n

Well, here it is. I\u2019m calling it out.<\/p>\n

We\u2019ve glamorized the role to the point where the worst behaviors are tolerated, even rewarded. CISOs who posture in every meeting, refuse to be challenged, hire only people who nod along, and treat vendor conversations like ego-feeding exercises are becoming more common, not less. I\u2019ve been in this role. I\u2019ve led programs. I\u2019ve made hard calls and hard mistakes. But I\u2019ve also had a front-row seat to this pattern, and I\u2019m tired of watching us pretend it\u2019s not happening.<\/p>\n

Steve Hindle<\/a>, CISO in residence at The CISO Society<\/a>, put it bluntly when he said that \u201cCISO egos are so fragile that personal liability insurance exists. Vendors worship them. The industry has given them platforms, and they\u2019re not being checked.\u201d He\u2019s right. We\u2019ve created a feedback loop that rewards title over substance, influence over integrity, and control over collaboration. The more a CISO postures, the more some people applaud.<\/p>\n

How did we get here?<\/h2>\n

The market is partially to blame for how we\u2019ve gotten here. The role exploded in visibility<\/a> and demand. Salaries jumped<\/a>. Everyone wanted a CISO on stage or on a panel. But while the job grew in importance, not everyone grew with it. As David B. Cross<\/a>, CISO at Atlassian, put it, \u201cSome people just want to be in control. Some are addicted to it. Others feel entitled because they\u2019ve worked hard and think the world owes them.\u201d That entitlement shows up everywhere, especially in how we treat others.<\/p>\n

Let\u2019s talk about how some CISOs treat vendors. I\u2019ve watched CISOs act like tyrants in meetings. Dismissive. Condescending. Impossible to engage. And it\u2019s not about vetting products or being skeptical; that\u2019s our job. It\u2019s about how some people genuinely enjoy making sales reps squirm. They treat meetings like games, with no intention of solving problems, just flexing power. Some turn it into a \u201cgotcha\u201d moment, waiting for a rep to slip up on a technical detail just so they can jump in, show off, and feel like the smartest person in the room.<\/p>\n

And I\u2019ll be honest, even as a fellow CISO, I\u2019ve found it exhausting trying to talk to some of our peers. Sorry to my friends in Sales; you\u2019re not imagining it. Some of us make it incredibly difficult to have a basic, respectful conversation. That\u2019s not leadership. That\u2019s insecurity wrapped in a title.<\/p>\n

Adam Arellano<\/a>, field CTO at Traceable, calls this \u201cpunk artist syndrome.\u201d These CISOs act like they\u2019re too cool, too principled, or too special to actually collaborate. He described it as \u201cfragile masculinity wrapped in an image they don\u2019t want to see fade.\u201d And while it\u2019s not just a male problem, let\u2019s not pretend the pattern isn\u2019t familiar.<\/p>\n

The problem doesn\u2019t stop at vendor interactions. It shows up inside their teams, too. Many CISOs don\u2019t build leadership pipelines<\/a>; they build echo chambers. They hire people who won\u2019t challenge them. They micromanage strategy. They hoard influence. And they act surprised when innovation dries up or when great people leave. As Jadee Hanson<\/a>, CISO at Vanta, put it, \u201cEgo builds walls. True leadership builds trust. The best CISOs know the difference.\u201d That distinction matters, especially when your team\u2019s success depends on your ability to listen, adapt, and share the stage.<\/p>\n

Andrew Wilder<\/a>, CSO at Vetcor, summed it up clearly: \u201cThese guys need to stop hiring \u2018Yes people.\u2019 You want people to disagree with you. Absolute power corrupts absolutely.\u201d And that\u2019s not philosophy; it\u2019s practical. Security needs friction. Debate. Context. If your whole team agrees with you, either you\u2019re not leading or they\u2019ve stopped trying.<\/p>\n

Where do we go from here?<\/h2>\n

To put a stop to this rising issue, we need to stop pretending this is someone else\u2019s problem. We stop excusing toxic behavior just because someone carries the right title. And we stop treating leadership like it\u2019s an untouchable domain reserved for those with the loudest voices or the longest r\u00e9sum\u00e9s.<\/p>\n

This isn\u2019t just about venting frustration; it\u2019s about raising the bar.<\/p>\n

Security isn\u2019t just a technical function anymore. It\u2019s a leadership discipline<\/a>. And that means we need more than frameworks and certifications; we need a shared understanding of how CISOs should show up. Internally, externally, in boardrooms, and in the broader community.<\/p>\n

That\u2019s why I\u2019m publishing this. Not because I have all the answers, but because the profession needs a new baseline. A new set of expectations. A standard we can hold ourselves, and each other, to. Not about compliance. About conduct. About how we lead.<\/p>\n

What follows is the CISO Code of Conduct<\/strong>. It\u2019s not a checklist, but a mindset. If you recognize yourself in it, good. If you don\u2019t, maybe it\u2019s time to ask why. Either way, this is the bar. Let\u2019s hold it.<\/p>\n

\n