Not all days in cybersecurity are exciting. This is especially true in the case of leadership positions. Gone are the days of fixing vulnerabilities, responding to SOC alerts, otherwise generally being responsible for pressing the buttons to make the environment more secure. In leadership, these tasks are replaced by reviewing reports, assessing trends, and working with counsels to ensure we can agree to the security requirements of a new client contract. These can be tedious days. This all changes the moment you are breached.

You were hopeful this day would never come but now that it has you instantly become the center of attention for the entire company. No time to stress, this is what they paid you for. You call your family and tell them you’ll be working late knowing that late probably means through the night. Until the situation is contained and systems are back online, it’s a difficult situation to excuse yourself from.

When will we be back online?
How did it happen?
Do you know what they took?

These are all questions you will be asked multiple times and you will likely not have answers to all of them. All you can do is work with the information you have at the moment and follow your incident response plan. You communicate clearly, even if the answer is “we don’t know yet,” and you keep everyone focused on the process: contain, eradicate, recover, and learn. Staying calm under pressure and projecting confidence, even in uncertainty, is your most critical contribution. Every decision is scrutinized, and how you handle these moments will define how your leadership is remembered.

During the height of a breach, the CISO becomes the anchor in a storm of chaos. You are not just managing a technical incident…you’re managing people, expectations, and fear. Your role shifts into that of a crisis manager: coordinating teams, briefing executives, keeping stakeholders informed without creating panic. You have to translate technical realities into business impacts in real time, often while making tough calls with incomplete data. The hours blur together, but you maintain discipline, ensuring logs are collected, decisions are documented, and the narrative stays under control. You are the one who ensures the company has a fighting chance to emerge intact.

The end of the breach allows the company to move on from the issue but your job may continue for several more weeks if not months. Does someone need to be held accountable? I often find breaches are a result of oversight or failure to enforce policy. What information was lost and what is our responsibility to our clients for notification? You will work through all the intense details of the breach with your legal counsel to ensure that your message is accurate while limiting exposure. And of course, you take the necessary steps to ensure this does not happen again.

Cybersecurity leadership is hard. And breach is a humbling experience that will teach you this quickly.