“It was a 24/7 job; there was no downtime,” Zalewski said, adding that he used to describe his role as running a triage shop. “I constantly had people coming in that had been attacked. My job was not to make them whole but to understand how to limit the damage to that line of business and keep doing business. So not to put the fingers back but maybe just to save the arm.”

Coming down from that kind of nonstop stress takes time, Zalewski found. He cautioned that the first phase of life after the CISO role — recovering and resetting — could take three months, six months or a year.

“You have to find who you are again,” Zalewski said. “You have to reach the point where you’re just happy to wake up in the morning and don’t feel like you’re back in the battle.”

“It gives them the ability to keep their skills sharp and stay on the edge of the newest technology without the never-ending pressure and accountability of a CISO role,”

Steve Tcherchian
CISO and Chief Product Officer
XYPRO Technology

Then, reassess and reboot
In the Heidrick & Struggles survey, just 17% of North American CISOs said they would like to retire when they leave their current roles. For his part, Zalewski briefly considered it.

Read the article