Executive Perspectives: The Cybersecurity Leadership Landscape with Ryan Surry

In the latest episode of Axio’s Executive Insight Series, CEO Scott Kannry sits down with Ryan Surry, Founder and Managing Director of Intaso, to discuss the evolving role of security leadership, the challenges facing CISOs today, and the state of the cybersecurity job market. Ryan brings a unique perspective, having placed top-tier cybersecurity professionals for years, and his insights shed light on the shifting priorities and expectations of security leaders and organizations alike.

Watch the Full Interview

Key Takeaways from the Conversation

1. The High Turnover Rate Among CISO: Ryan shared a striking observation—two-thirds to three-fourths of cybersecurity professionals are open to new opportunities. The average tenure of a CISO remains around two years, creating a constant cycle of change within organizations. This frequent turnover presents challenges, as new security leaders often feel compelled to leave their mark, leading to shifts in strategy, tools, and priorities. Scott highlighted how this dynamic can create security gaps, reinforcing the need for stability in leadership.
2. The Evolving Role of the CISO: Gone are the days when security leaders were purely technical. Ryan emphasized that modern CISOs must balance technical expertise with business acumen. More organizations are recognizing the importance of security as a business enabler, not just an IT function. This shift is reflected in the rise of Business Information Security Officers (BISOs)—a role that bridges the gap between cybersecurity strategy and overall business objectives.
3. The Pressure on Security Leaders: Ryan noted that while CISOs are held to an unrealistic standard of perfection, organizations need to recognize that security is about risk management, not eliminating risk entirely. Open communication, realistic expectations, and aligning cybersecurity goals with business priorities are critical for a sustainable security function.
4. Learning from Cybersecurity Incidents: Interestingly, Ryan pointed out that CISOs who have been through major security incidents often become stronger candidates for future roles. Experience navigating a breach or security crisis provides invaluable lessons, equipping leaders with the skills needed to manage high-stakes situations. However, he also shared a concerning trend—some organizations, after suffering a breach, drastically cut their security budgets instead of strengthening their defenses, highlighting a disconnect in risk perception.
5. The Power of the Cybersecurity Community: Despite the challenges, both Scott and Ryan expressed optimism about the cybersecurity industry. They noted a growing sense of collaboration and support among security professionals, a necessary evolution given the sophisticated and ever-evolving nature of cyber threats.

As the cybersecurity landscape evolves, so too does the role of security leadership. CISOs today must balance technical expertise with business strategy, communicate risks effectively to executives, and adapt to ever-changing threats. While the challenges of security leadership—high turnover, stress, and shifting expectations—persist, the growing sense of collaboration within the industry is a positive step forward. By aligning security with business goals and fostering open communication, organizations can build resilient security programs that support long-term success.