47% of CISOs now carry executive-level titles. 41% of boards address cyber issues monthly. The seat at the table is being offered. But sitting at the table and being heard are two different things. The difference is translation — connecting every security metric to revenue protected, customers retained, or regulatory penalties avoided.
94% of CIOs expect major changes to their plans within 24 months, yet fewer than half of digital initiatives hit their targets. That gap isn't a technology problem — it's a leadership problem. Adaptive leaders treat plans as hypotheses, decentralise decision-making, and build organisations that adjust when reality intervenes. In 2026, that capability is no longer optional.
The author revitalizes their joy of coding after a decade by building a knowledge management application, Masterful, using Claude Code, which allowed for an interactive collaboration that minimized the cognitive load typically associated with software development. This experience restored their ability to realize ideas into tangible products, combining their architectural insight with AI's coding capabilities.
We talk about compromise as though it's a virtue. The mature leader finds the middle ground. The wise professional picks their battles. But nobody talks about what gets left on the table. In cybersecurity, we don't call it a 'mutual understanding' when an attacker gains entry. We call it a compromise — because something that was whole is no longer whole.
We like to think our decisions are rational. They rarely are. Here are 12 cognitive biases that quietly shape — and often distort — the way leaders think, judge, and choose.
There's a phrase making the rounds in security leadership circles: 'Cyber is 20% technology and 80% behaviour.' The most respected CISOs aren't saying this to downplay technical rigour — they're saying it because they've lived the lesson. You can build the most sophisticated security stack on the planet and still suffer a breach because of one human decision.
Something shifted quietly in the past few months. AI agents are being deployed into real workflows — triaging requests, routing decisions, executing multi-step processes with minimal human oversight. 76% of executives now view agentic AI as more like a coworker than a tool. That changes something fundamental about what leadership means — and most leaders haven't caught up yet.
AI is extraordinary at handling the messy, repetitive work that once built judgment in junior practitioners. For senior leaders it's a genuine multiplier. For junior people the story is different — they're producing polished outputs while skipping the part where people actually learn. That gap won't show up in your productivity metrics. It will surface five years from now, in a leadership bench with portfolios but no instincts.
We tend to think culture change requires a dramatic intervention — new org charts, new leaders, a values reset. But culture shifts because of small, deliberate improvements that compound. A 1% gain in how meetings run, how feedback lands, how decisions are documented — none of it feels revolutionary. Together, it transforms.
Resilient teams absorb shocks and return to their original state. Antifragile teams improve because of them. As volatility becomes the norm in digital, cyber, and technology domains, the teams that thrive won't be those with the most rigid plans — but those with the most adaptive habits.
Phishing remains the most reliable entry point for attackers, and user behaviour is a material risk variable — not a soft issue. But constant warnings and aggressive simulations create fatigue. The reframe from 'cyber awareness' to 'digital safety' makes the message personal, practical, and far more likely to stick.
When Anthropic announced Claude for Security, the question was immediate: is this the end of the SOC? The short answer is no. But something far more interesting is happening. AI is challenging why we built SOCs the way we did — and opening the door to a smarter, engineering-led model.
Suneth Mendis, a seasoned leader with a diverse career across four countries and military experience, utilizes his blog to connect theoretical concepts with real-world experiences in cybersecurity and technology leadership. He aims to provide insights for leaders who prefer practical, stress-tested thinking over abstract theory.