Infosecurity Europe Study: Staff Want CISOs With Real Attack Experience

A recent study conducted by ISC2 at Infosecurity Europe reveals that cybersecurity professionals strongly prefer their chief information security officers (CISOs) to have firsthand experience responding to major cyberattacks. The findings underscore a growing demand for leaders who have navigated the chaos of a real-world breach, rather than those with purely theoretical or managerial backgrounds.

The survey, which polled cybersecurity staff across various sectors, indicates that practical incident response experience is increasingly valued as a core qualification for top security roles. Respondents expressed that a CISO who has “been in the trenches” during a significant attack is better equipped to make quick, informed decisions under pressure and to communicate effectively with both technical teams and executive leadership.

This preference reflects a broader shift in the cybersecurity industry toward hands-on leadership. As threats grow more sophisticated and frequent, staff want assurance that their leaders understand the operational realities of defending networks, managing containment, and coordinating recovery efforts. The study suggests that theoretical knowledge of frameworks and compliance, while important, is no longer sufficient on its own.

The report also highlights that trust and credibility are key factors driving this sentiment. Employees who know their CISO has faced a live incident feel more confident in their organization’s overall security posture. They believe such leaders are less likely to panic or make critical errors during an actual crisis.

For aspiring CISOs, the message is clear: gaining direct attack response experience can be a decisive advantage in career advancement. Organizations, meanwhile, may need to reconsider their hiring criteria, placing greater emphasis on candidates who have demonstrated composure and strategic thinking in the heat of a real cyber incident.