expert
OPINION
“ CISOs are some of the smartest people I meet,” he said.“ But they’ re under enormous pressure. What gives me hope is how open they are in those sessions. They admit where they’ re struggling and they ask for better ways to explain risk to boards. That willingness to learn is the most important resource in the profession right now.
Building, not just guarding
What kept him in the industry was not just career security but the chance to create.“ I’ ve always been a builder,” he said.“ At first it was code, then it was teams, then organisations. What motivated me was making things that actually worked.”
At Kaiser Permanente, where he ran security operations across the United States, he saw the limits of traditional approaches.“ We had endless reports and numbers,” he said.“ You’ d run a scan and get hundreds of millions of vulnerabilities. We were drowning in noise. So what do you do? You can’ t fix everything. You have to focus on what matters to the business.”
This shift, from trying to solve everything to focusing on what is most material, remains crucial for CISOs today. With expanding attack surfaces, the ability to prioritise is often the difference between being constantly reactive and steering a clear strategy.
Change, speed and asymmetry
Seiersen had watched the industry adapt through Y2K, the dot-com crash, the rise of cloud computing, the pandemic and now Artificial Intelligence.“ AI is not a hobby,” he said.
“ Between US $ 500 billion and a trillion has been invested in it. It enables more people to build faster, which is beneficial for business, but also increases the attack surface. The pattern is the same as the Internet and cloud, but the pace is faster.”
What did not change was the imbalance.“ Businesses follow rules. Attackers don’ t. That tilts the field. If you try to secure everything, you’ ll be weak everywhere. The goal isn’ t invulnerability. It’ s resilience.”
For today’ s CISOs, that reminder is critical. The temptation to chase every new threat is constant, especially with AI accelerating both innovation and exploitation. But as Seiersen stressed, survival depends on narrowing focus to what truly matters.
The boardroom shift
Boards once saw cyber as background noise. That was beginning to shift.“ I’ ve had board members ask me for the list of metrics they should have,” he said.“ It’ s a good question, but also risky if it isn’ t tied to
business outcomes. You can chase numbers all day and never affect your mission.”
He pointed to the NACD’ s 2023 Cyber-Risk Handbook as a significant milestone.“ It was basically an ode to risk quantification,” he said.“ It told board members: think in dollars and cents. That’ s a big change.”
For CISOs, this evolution is significant. It means boards are finally starting to value cybersecurity in business terms, which opens the door for more constructive conversations – but it also raises the stakes, since vague reports no longer satisfy directors expecting clarity on financial exposure.
Moneyball for CISOs
To explain the challenge, Seiersen liked to use a baseball analogy from Moneyball.“ Billy Beane didn’ t ask,‘ Who are the best players?’. He asked,‘ How do we win with the budget we’ ve got?’. That’ s what CISOs need to do. The job isn’ t to stop every breach. It’ s to use resources wisely so the business can survive the losses that matter.”
Why it matters: CISOs rarely have unlimited budgets – thinking like Beane forces them to accept constraints and still deliver results. The discipline is not about perfection, but about being efficient enough to survive.
Learning in the room
His workshops made these ideas tangible. Rather than deliver lectures, he asked CISOs to map their organisations’ most critical processes and then identify what losses would be most damaging. The most telling moments often came in the Q & A.
“ CISOs are some of the smartest people I meet,” he said.“ But they’ re under enormous pressure. What gives me hope is how open they are in those sessions. They admit where they’ re struggling and they ask for better ways to explain risk to boards. That willingness to learn is the most important resource in the profession right now.”
Workshops matter because they give leaders a safe space to confront blind spots. In a field dominated by compliance and noise, honesty and the tools to act on it can change the way an organisation defends itself.
50 WWW. INTELLIGENTCISO. COM