Has Cybersecurity Become a Cult?
Has Cybersecurity Become a Cult?
https://www.linkedin.com/pulse/has-cybersecurity-become-cult-cisoseries-btzac
Publish Date: 2026-06-04 13:00:00
Source Domain: www.linkedin.com
We think of cybersecurity as a discipline. But when do ideas like best practices and NIST frameworks change into a system of belief?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by
David Spark
, the producer of CISO Series, and Davi Ottenheimer, principal, Flying Penguin. Joining is
Joshua Copeland
, director of security, Crescendo. Huge thanks to our sponsor,
ThreatLocker
.
Tools, not religion
Frameworks aren’t sacred, but they aren’t the problem either.
Dr. Brian McElyea
drew a clear line, saying, “Frameworks aren’t dogma, they’re guardrails. They give us common language across complex environments.” The goal is less dogma and more proof, with CISOs shifting toward continuous validation and resilience metrics rather than checklist compliance. Asrar Ismail of
Quality Management Australia (QMAus)
pushed back on the cult framing from a different angle. NIST and ISO aren’t frozen doctrine. NIST SP 800-53 has had six major revisions, and ISO 27001 is reviewed every five years. “That’s not a cult,” he said. “That’s continuous improvement.”
The case for structured discipline
Frameworks are starting points and the “rituals” that accompany them carry real value when used correctly.
Brian Bronstein
of
Appalachia Technologies, LLC
made the case for phishing tests and tabletop exercises as preparedness tools. “Think about fire drills,” he said. “They’re run endlessly, and are never perfectly executed, but the muscle memory…
