CyberWire Daily

Is the role of the CISO adding to the confusion? [CISOP]

Mar 13, 2026
Guest
Patty Ryan
Patty Ryan, an experienced cybersecurity executive and long-time CISO, reflects on how the CISO role evolved and why it often lacks clear authority. She talks about career pathways that shape security leaders. She explores burnout, shifting from tactical fixes to strategic risk management, and growing security talent with coaching and soft skills.
Ask episode
AI Snips
Chapters
Transcript
Episode notes
INSIGHT

Undefined CISO Career Risks Role Erosion

  • The CISO career path is ill-defined, allowing people with varied backgrounds to occupy roles without consistent prerequisites.
  • Kim Jones argues this ambiguity risks the CISO remit being absorbed into other roles and losing executive stature, like the VP of telephony.
ANECDOTE

Sudden Promotion Into The CISO Chair

  • Patty Ryan was promoted to CISO unexpectedly after 15 years in IT and had to learn on the job.
  • She recalls her boss announcing she was CISO with 20 direct reports and she admitting she didn't know what the job was initially.
ADVICE

Accept Human Error And Plan Recovery

  • Build for the inevitable: accept human error and plan to minimize impact and recover fast.
  • Patty Ryan advises focusing on acceptable risk levels, crisis management, and architecture that anticipates mistakes.
Get the Snipd Podcast app to discover more snips from this episode
Get the app