What becomes of heroes? In episode 10, when everything is upside down, some individuals must remain steadfast

The CISO, that “savior, responsible and guilty” Hero!!!!

Who are the Heroes ?

In this tenth installment, we delve into the rapid transformation that occurs when ordinary employees suddenly become heroes, taking on rescue roles following a devastating cyberattack.

What I will call the “Heroes”

“ Some people said we were going to close the company, while others said, “no, he’s the guilty one, let’s lynch him”.”

Excerpts from Interviews with Heroes

When a cyberattack hits an organization, all eyes turn to one person: the Chief Information Security Officer (CISO). It is he or she who takes the lead, coordinates the response, informs management, and attempts to limit the damage. This position carries significant weight, as it often involves long hours, high stress, and great accountability.

These experts are typically on the front lines, yet they’re frequently the ones who bear the brunt of criticism. What an atmosphere!

🤔 Why is their job so challenging? Let’s explore some potential explanations.

⚔️ They are on the front line: coordinating the response, crisis management, internal and external communication… Sometimes a lot rests on their shoulders.

⏳ They work under extreme pressure: every minute counts, every decision can have major consequences.

They face intense stress, such as sleepless nights, mental overload, and the fear of failure. It’s a job where perfection is unattainable, where 100% is an illusion.

🧍‍♂️ They are often alone: little psychological support, little recognition, and a heavy culture of silence.

💸 Sometimes they lack resources, while others make budgetary and strategic decisions, yet they are held accountable.

🧨 They become scapegoats: after an attack, people look for someone to blame… and the CISO is often at the top of the list.

Yet we rarely discuss their mental health. Why?

—> The cybersecurity industry places a premium on technological robustness, not on vulnerability in humans.

–> Because acknowledging stress or anxiety means risking a loss of credibility. Even in 2025

–> Because CISOs themselves are not always allowed to make mistakes or show emotion.

The role of the CISO is sometimes misunderstood and can vary significantly from one company to another.

Traditionally, many people perceive the Chief Information Security Officer (CISO) as a barrier to innovation, due to their focus on security. However, today’s CISOs are business enablers. They enable organizations to safely explore new ideas, navigate digital risks, and fortify themselves against cyber attacks.

Furthermore, the role’s definition is unclear, as is the organizational context and management line. Regardless of his position, one thing is certain: his role is now recognized as highly stressful, even in normal times. Imagine the level of stress that could arise during a potential assault, not to mention its aftermath.

Take care of yourself. And watch out for cyberattacks!

About the Author

Didier Annet is an Operational & Data Resilience Specialist and a Certified Professional Coach dedicated to empowering individuals and teams to navigate the complexities of an ever-changing digital landscape.

Find him on LinkedIn: Didier Annet