Skip to main content
CybersecurityIncident Response

Cybersecurity Pros Prefer CISOs With Live Attack Response Experience

Business professionals in a meeting with a cityscape background and a person reviewing data on a laptop.

“Leading through a major cybersecurity incident can build credibility because it gives leaders practical experience, perspective and the ability to stay composed under pressure,” Scott Beale, CEO of ISC2, told Infosecurity.

Most cybersecurity professionals place a premium on leaders who have managed real incidents

A survey published by ISC2 and reported at Infosecurity Europe found broad agreement that prior experience handling a major cyber-attack or security incident increases trust in a cybersecurity leader. ISC2 asked 796 people working in cybersecurity for their views about leadership; more than three quarters agreed that a leader’s credibility is enhanced if they had been in charge during a real, high-profile security incident. Specifically, 35% “strongly agree” and a further 41% “somewhat agree.” Under one in ten said they did not agree.

Experience matters regardless of outcome or blame

Respondents told ISC2 that the outcome of, or potential blame arising from, a previous incident did not appear to affect their confidence in the leader. The decisive factor was that the leader had direct experience during a significant incident — the practical exposure itself, rather than whether the response was later judged successful or culpable.

Technical hands-on skills versus strategic leadership: most want both

When asked whether technical hands-on experience or strategic and executive leadership experience was more valuable, a clear plurality said both were important: 71% of respondents indicated it mattered for leaders to have both technical and strategic experience. Among those who expressed a single preference, 18% said cybersecurity leaders should have strong strategic and executive leadership experience, while just 11% said extensive hands-on technical or incident response experience was the most important attribute.

Survey comments highlighted traits respondents associate with effective leaders beyond pure technical skill: the ability to drive teams through high-stress situations, business acumen, and the capacity to articulate complex ideas and technologies in simple business-oriented terms.

Four leadership practices respondents flagged as especially important

  • Communicating With Clarity and Honesty: Be transparent about risks, priorities and challenges. Teams and executives are more likely to trust leaders who provide realistic assessments rather than overly optimistic narratives
  • Leading With Consistency During Uncertainty: In high-pressure incidents or periods of change, calm and consistent decision-making reinforces confidence and demonstrates leadership maturity
  • Building Relationships Beyond the Security Function: Strong cybersecurity leaders invest time in understanding business objectives and collaborating across departments, helping position security as an enabler rather than a blocker
  • Empowering and Developing Teams: Trust grows when leaders create environments where teams feel supported, heard and accountable. Investing in professional growth and recognizing contributions strengthens both morale and organizational resilience

What this means for security teams, procurement leaders, and executives

Security teams: Practitioners who answered the ISC2 poll are likely to look to leaders who combine operational incident experience with executive judgment and the communication skills listed above.

Procurement and hiring leaders: The survey suggests a hiring preference for candidates who can demonstrate real incident leadership as well as the ability to work across business functions and articulate security priorities in business terms.

Executives and boards: Respondents emphasised transparent, calm decision-making and realistic assessments of risk — behaviors executives can expect from leaders whom security professionals deem credible.

ISC2’s continuing presence at Infosecurity Europe 2026

ISC2 will be visible at Infosecurity Europe 2026: the ISC2 London Chapter is part of Community@Infosec, and ISC2 will be at Infosecurity Europe Booth #F159.

ISC2’s report concluded on a direct note about leadership and trust: “Ultimately, the most successful cybersecurity leaders are not simply those who protect systems and data, but those who create trust in their leadership when it matters most.”

https://www.infosecurity-magazine.com/news/infosecurity-europe-isc2/