For seasoned observers who can identify species by posture alone.
1. The Drift-Blind Executive
Habitat: Boardrooms, earnings calls, "strategic offsites."
Call: "We trust our people."
Treats insider risk as a morale issue. Believes culture prevents breaches. Thinks "we hire good people" is a control. Cannot detect misalignment even when it's on fire.
Signature move: Asking why detection is "so expensive" while hemorrhaging data.
2. The Framework Evangelist
Habitat: NIST PDFs, ISO binders, and the souls of auditors.
Call: "Have you mapped this to 800-53?"
Treats frameworks like holy scripture. Believes compliance = security. Thinks maturity is measured in checkboxes. Has never met a control they didn't want to multiply.
Signature move: Turning a 3-step process into a 47-page matrix.
3. The "AI Will Fix It" Optimist
Habitat: Keynotes, vendor booths, and futurist panels.
Call: "With AI, we can automate everything."
Believes AI can replace detection. Has never configured a model. Thinks hallucinations are "edge cases." Uses the phrase "next-gen" unironically.
Signature move: Suggesting AI can solve insider threat without understanding humans.
4. The Threat Intel Poet
Habitat: Dark rooms, RSS feeds, and Twitter at 3 AM.
Call: "We're seeing increased chatter."
Speaks in metaphors. Writes reports like noir novels. Obsessed with APT naming conventions. Believes attribution is a spiritual practice.
Signature move: Producing a 20-page report that concludes: "Threat level: unclear."
5. The Governance Mystic
Habitat: Whiteboards, philosophical debates, and existential spirals.
Call: "But what is a control?"
Treats governance like metaphysics. Invents new terms weekly. Speaks in abstractions that sound profound. Accidentally creates entire disciplines.
Signature move: Turning a simple question into a cosmology.
6. The Detection Minimalist
Habitat: Budget meetings, dashboards with zero alerts.
Call: "We haven't seen any incidents."
Believes no alerts = no problems. Thinks detection is "noise." Loves low false positives because they mean low work. Treats logs like clutter.
Signature move: Disabling rules to "reduce alert fatigue."
7. The Cloud Evangelist Who Has Never Read a Billing Report
Habitat: Architecture diagrams, cloud summits, and denial.
Call: "Just move it to the cloud."
Thinks cloud is inherently secure. Doesn't understand IAM. Believes misconfigurations are "rare." Has never seen a cloud bill over $1M.
Signature move: Creating an architecture that requires 17 roles and 0 guardrails.
8. The "We Need More Logs" Maximalist
Habitat: SIEM dashboards, storage invoices.
Call: "Ingest everything."
Wants every log from every system. Has no plan to analyze them. Treats storage costs like someone else's problem. Thinks volume = visibility.
Signature move: Drowning detection teams in terabytes of useless data.
9. The Eternal Pilot Program Champion
Habitat: POCs, trials, and never-ending evaluations.
Call: "Let's test it for another quarter."
Never commits to a tool. Loves demos. Avoids decisions. Believes pilots are progress.
Signature move: Running 12 pilots simultaneously and deploying none.
10. The "Human Risk" Motivational Speaker
Habitat: LinkedIn, conferences, leadership retreats.
Call: "This is a leadership issue."
Turns breaches into TED talks. Uses "trust" as a control. Avoids technical depth. Sells vibes as strategy.
Signature move: Saying "detection is only half the job" with absolute confidence.
Why This Taxonomy Hits So Hard
Because every one of these archetypes is real. You've met them. You've worked around them. You've watched them derail programs with confidence and charisma.
And the punchline is always the same—cybersecurity doesn't have an ego problem. It has an ego ecosystem.
A self-sustaining one.
Top comments (0)