You and I will get breached – one day – it’s just a question of time. This is what the security community considers as the “assume breach” principle. In order to learn this mantra, we had to go through some pain: hundreds of data breaches throughout the last years and decades of companies of all sizes have demonstrated that it can and potentially will happen to everyone one day. Even worse – this can even happen to companies with strong security teams and budgets available. Strong infosec teams & culture will probably delay the breach but is no guarantee to finally prevent it.
And who is expected to prevent all this from happening: the CISO!

In this article I would like to discuss why firing your security executive (CISO/CSO) in case of a breach is not always the best step you should take. I will bring up some discussion points that raise questions whether problems could reside much deeper in your organization and making pawn sacrifices is rarely resolving the problem completely.

This article has been flying around for some time on my todo-list and it’s far from perfect since discussions could get into much more details – but I hope I’m able to transfer the core points of my opinion.