Insights

What 25 Years of Security Leadership Searches Have Taught Me About This Moment

• 
• Copied

I have been placing technology and security executives for 25 years, across staffing, consulting, and in-house roles before joining DSG Global to lead our Technology, AI and Cybersecurity practice. Across more than 3,000 searches, I have watched the definition of a great security leader change more dramatically than almost any other function. The pace of that change has never been faster than right now.

There is a conversation happening across boardrooms about what the AI era actually demands from talent. The consensus is forming around curiosity, adaptability, and the ability to solve problems that have no established playbook. I have been having a version of that conversation, specifically inside the security function, for the better part of those 25 years. Here is what I have learned.

The leaders who stand apart share three things that don’t show up on a resume.

The ones who built lasting programs, navigated the hardest moments, and earned genuine board-level trust were never defined by certifications or tenure at recognizable firms. Consistently, they shared:

• Low ego. The best security leaders are not the ones who have all the answers. They are the ones comfortable enough in their expertise to admit what they do not know.
• Deep mission orientation. Driven by protecting people and organizations, not by the credential or the title.
• Compulsive curiosity about how things fail. Not just how systems work, but where they break, and how adversaries find those breaks before defenders do.

The technical foundation has not become less important. It has become more so.

The stakes of getting this wrong are not abstract.

In 2025:

• FortiGuard Labs recorded 122 billion exploitation attempts.
• Average attacker breakout time dropped to 29 minutes.
• A global hospitality brand was breached through the social engineering of a single employee account, exposing nearly 6 million customers.
• A major educational services company was compromised over three weeks before detection, ultimately affecting 1.4 million people.

These are not failures that yield to generalists. They require leaders who understand how adversaries think, how systems fail, and how risk moves through an organization before it announces itself.

The mandate has expanded into territory no one has governed before.

According to Splunk’s 2026 CISO Report, 96% of CISOs are now responsible for AI governance and risk management – a mandate that had no formal owner in most organizations just a few years ago. What that now includes:

• Model risk and data provenance
• Vendor AI exposure
• Adversarial machine learning
• AI-enabled social engineering at scale

No one has governed this environment before. The leaders who will thrive are the ones who have spent their careers building the technical depth to reason through novel problems, combined with the intellectual humility to know what they do not yet know. That combination is rarer than it sounds, and significantly harder to assess from the inside than a title or a tenure.

The leaders who can solve these problems have been building toward this moment.

The CISOs I have watched succeed through genuinely difficult moments – breaches, board-level scrutiny, organizational transformation – stayed curious long after they had earned the right to stop asking questions. They could sit with a board and say “I don’t know yet, but here is how we are going to find out” and be believed.

The conversation about what great talent looks like in the AI era is an important one. In the security function, it is also an urgent one. Finding the right leaders requires knowing what to look for, and having spent enough time in this space to recognize it when you do.

---

June 16, 2026

Lavonne Moon leads DSG Global’s Technology, AI and Cybersecurity practice. Over 25 years, she has completed more than 3,000 searches at the CISO, CTO, and VP Security level across industries.