Dude you ain't kidding. Security is all SaaS sales now and chasing corporate buzzwords, it's not security they're selling, it's insurance and the ability to outsource blame when you get popped.
Get a new CISO? You'll probably be buying the software from the last company he worked with and spending the next 3 years installing it all over just in time for them to declare mission accomplished you are secure and move on to the next square in the C-suite game of Life these dudes play. Then there's the people beneath them who want to be them mucking up the system playing get to the c-suite and not 'secure the company' or 'build good things'
Oh and if you've gone public your core business is probably on auto pilot with some gremlins keeping it running while your execs placate shareholders with layoffs and introducing AI.
People who actually want to do things, help people, and understand why the work needs done and is worth doing (the work that is anyway) are burnt the fuck out.
It took me worryingly long in my career (like 20 years) to realise that the CTO doesn't care if the technology solutions work, or if they're cost effective. What he cares about is not being interrupted on the golf course.
If you have a system that is down for 12 hours 3 times a year, it's fine - as long as a lot of other companies are also down. If you have one that's down for 2 hours once every 3 years, but you're the only one affected, that's terrible. Not because you're "losing sales", but because you can't bemoan a common supplier, point to "it's a global problem", and then get taken for a nice apology lunch by the account manager when your bill goes up 10% next year.
Get a new CISO? You'll probably be buying the software from the last company he worked with and spending the next 3 years installing it all over just in time for them to declare mission accomplished you are secure and move on to the next square in the C-suite game of Life these dudes play. Then there's the people beneath them who want to be them mucking up the system playing get to the c-suite and not 'secure the company' or 'build good things'
Oh and if you've gone public your core business is probably on auto pilot with some gremlins keeping it running while your execs placate shareholders with layoffs and introducing AI.
People who actually want to do things, help people, and understand why the work needs done and is worth doing (the work that is anyway) are burnt the fuck out.