Somewhere between the dashboards, the deadlines, and the daily firefights, we lost the plot.
We trained cyber leaders to fix problems quickly, but we overlooked teaching them how to lead effectively in slower situations.
We taught them how to audit systems, but not how to coach people.
We’ve built a generation of experts who can write impeccable risk reports, yet struggle to answer the fundamental question: “What will this decision mean in two years?”
In the race to secure everything, we forgot to build the one thing that truly lasts: Leaders who can thrive in uncertainty.
It’s time we stopped playing to win.
It’s time we started playing to last.
Why the cyber leadership model keeps breaking
The traditional model of cyber leadership is a game of defense. Measure the threat, reduce the exposure, report the metrics, tick the boxes.
And for a while, that worked. Until it didn’t.
A breached but “compliant” organization. A security leader was removed after a high-profile attack despite doing everything “by the book.” A team burned out from chasing alerts, not outcomes.
These aren’t anomalies. They’re symptoms of a kind of finite game thinking: The belief that cyber and risk leadership is about finishing the quarter strong, winning the board’s approval and staying ahead of yesterday’s threat.
Finite leaders measure victory in immediate gains: how many audits passed, how many policies approved, how many controls deployed.
Infinite leaders? They measure impact in ripple effects: how many people grew under their watch, how many teams stayed intact through crisis, how many decisions still hold up long after the budget’s gone.
Less performance, more purpose
The dirty secret? Most cybersecurity executives didn’t become leaders because they wanted to lead. They rose to the top because they were the best at fixing things.
But leadership in the infinite game isn’t about fixing. It’s about framing. Guiding. Sensing. Coaching.
This is where coaching earns its place: not as a soft skill, but as a strategic lever.
When done right, coaching forces the leader out of the weeds and into the wide lens. It transforms a CISO from a crisis firefighter into a builder of culture, trust and vision. It creates space to unlearn bad habits, such as reacting faster than you think or confusing control with clarity.
Take Marissa, a former SOC manager turned risk director. Coaching didn’t teach her how to write better reports. It taught her how to speak the language of the business, how to lead without playing the expert, and how to stop solving everyone’s problems and start asking better questions.
She didn’t become louder. She became clearer.
From one leader to a movement
If coaching builds the leader, mentoring builds the legacy.
Mentoring is the long game. The quiet game. The game of planting seeds you might never see grow. And yet, its impact outlives every incident response plan.
Mentorship baked into cyber programs sparks strange shifts:
Junior analysts start thinking like risk officers
Cross-functional teams begin asking better questions about ethics, not just controls
The culture shifts from compliance theatre to psychological safety
At a global fintech I worked with, one internal mentoring circle dropped attrition by 40% within nine months. More importantly, it sparked two promotions, a cross-border collaboration project and a newly minted cybersecurity ambassador network.
No framework did that. No tool. No compliance checklist.
It was one leader saying, “Come walk with me. Let me show you how to lead.”
Paradox as a leadership muscle
Leadership in cybersecurity isn’t binary. It’s not checklist-driven. It’s full of paradoxes — and the best leaders learn to hold those tensions with both hands.
Certainty vs. uncertainty
Good leaders provide clarity. Great leaders admit what they don’t know — and build systems that adapt when they’re wrong.
Control vs. empowerment
Anyone can enforce. Few can inspire. The infinite leader sets the direction but lets others navigate the terrain.
Stability vs. change
Finite leaders hold the line. Infinite leaders have the vision while evolving the plan. They don’t resist change; they make it part of their operating rhythm.
You can’t resolve these paradoxes. That’s the point. You manage them. Like a jazz musician holding rhythm and improvisation in tension, great cyber leaders play both without losing the beat.
Doubt is the quiet weapon
Here’s the part no one likes to say out loud: Doubt is a leadership superpower.
The best leaders I’ve coached weren’t the most confident. They were the most self-aware. They knew when to pause. When to test an assumption. When to say, “I don’t know, let’s find out.”
Doubt isn’t indecision. It’s the discipline to interrogate your own certainty before the world does it for you.
In governance and risk, doubt is what fuels the kind of threat modeling that matters. It’s what makes red-teaming valuable, not performative. It’s what drives scenario planning that goes beyond wishful thinking.
A leadership culture that punishes doubt creates blind spots. One that honors it builds resilience.
From power to strength
Power is finite. It’s loud, immediate and often brittle.
Strength is infinite. It’s quiet, enduring and often invisible.
We need fewer leaders addicted to power. More devoted to strength.
Power says, “Because I said so.” Strength says, “Because I showed you how.”
Power forces short-term compliance. Strength builds long-term trust.
Power builds fortresses. Strength builds bridges.
The leaders we need don’t just protect information. They protect people, ideas and future potential. They don’t just lead during the crisis. They’re the reason the team was ready for the crisis in the first place.
Leading with legacy
Let’s stop theorizing and start counting the ripple effects:
A CISO who invests in coaching for her team sees not just better decisions but fewer escalations because her team feels trusted to act.
A board member who mentors next-gen risk leaders builds fluency across the table —and retires knowing the future’s covered.
A business leader who reframes risk as strategic uncertainty rather than something to avoid creates a culture that can pivot fast, not freeze.
These aren’t dreams. They’re already happening in the corners of the cyber world where someone stopped chasing finite wins and started investing in infinite impact.
Time to play a different game
So here’s your leadership audit:
Are you rewarding answers or encouraging better questions?
Are you clinging to control or coaching for autonomy?
Are you managing risk for optics or leading it for resilience?
Are you building dashboards or shaping culture?
The tools will evolve. The threats will morph. The mandates will shift. But one thing won’t change: The need for leaders who can walk into the fog and still lead with clarity.
Coaching builds them. Mentoring sustains them. The infinite game demands them.
Are you playing to win or playing to last?
This article is published as part of the Foundry Expert Contributor Network.
Want to join?