For those reasons, Basu is helping to establish a professional association for CISOs modeled on entities like the Bar Association or the Society of CPAs. It is calledThe Professional Association of CISOs (PAC), and the goal is to formalize the profession through standardized accreditation, advocate for legal protections, and foster a strong, supportive peer network.
“It’s time this critical leadership role is afforded the structure and recognition it rightfully deserves,” Basu says.
The CISO role is not becoming undesirable because it lacks relevance, he says. “On the contrary, it is vital to the future of enterprise trust and resilience. It is undesirable only when we fail to match responsibility with protection. If we want to attract and retain top talent in these roles, we must build the guardrails that allow CISOs to operate with authority, integrity, and confidence.”
The silver lining
These issues aren’t insurmountable, says WatchGuard’s Nachreiner. “Realizing that the CISO role is more human-centric and political than technical is key. It’s not just about wizardry with network defenses; it’s convincing the board to greenlight projects that don’t immediately boost profits, rallying department heads to embrace security measures, and nudging employees to tweak their everyday habits,” he says.
If you thrive in an environment where your curiosity is never satisfied, you’re always thinking a step ahead, and every day is different, the CISO role remains ideal, says Abnormal AI’s Titus. “Every day you’re learning new things about the field and every day there’s constant innovation happening, making my job better and faster,” she says.
“At the end of the day, while the CISO role is demanding, with the right mindset and approach, it remains a critical and rewarding position filled with potential to drive meaningful change,” agrees Nachreiner.
