How to Know When It’s Time To Go

This week, after spending more than seven years as CISO, I resigned. It was lovely to get an avalanche of good wishes from colleagues and teammates. I’m excited about my future opportunities. I was asked “why now?” and my response was “because I knew it was time”. And a number of folks asked,

Calendar tiles, with the day tile moving so fast you cannot read the date
Calendar tiles, with the day tile moving so fast you cannot read the date
Photo by Djim Loic on Unsplash

The simplest answer is that it just felt like the right time to go — but that’s too easy an answer, ignores a lot of soul searching that took place and is not helpful!

As a leader of an organization…

The Benefits of Working in Cybersecurity

At the time, I was completely gobsmacked that a senior leader would say something like this, during an interview no less. Since then, I’ve learned that most non-security people harbor similar thoughts: why would any self-respecting person want to work in a thankless, stress-filled, under-resourced profession like cybersecurity?

I admit to harboring these thoughts myself, especially during times when I feel like all my efforts are going nowhere. …

Congratulations, You Made It! And other good Security news.

Exploding multi-color fireworks on a black background
Exploding multi-color fireworks on a black background

It’s December already. Not just any December, but THIS December: 2020. The year of COVID and elections and COVID and BLM and COVID and natural disasters and COVID. And did I mention COVID?

Whatever state you are currently in — happy, healthy, sad, sick — I want to wish you a Happy New Year because, by golly (does anyone even use this term anymore?), you’ve earned it. You made it through a really really tough year. Maybe a little older and wiser and perhaps sadder, but you are here.

For those…

Another glorious day in Buckeye Nation

A view of the Ohio State Oval, with the university seal in the foreground. In the distance, the top of Thompson Library.
A view of the Ohio State Oval, with the university seal in the foreground. In the distance, the top of Thompson Library.
The Oval at Ohio State University

Working as a Chief Information Security Officer anywhere is a commitment. Working at a school like THE Ohio State University is a whole other level. I’ve been here seven years, and every day something new and weird comes across my desk. Security at a school as diverse as OSU is like being responsible for the information of a small city: banking, retail, medical, educational, utilities, airports, entertainment — you name it we have it, and all of it needs defending. Despite that, my days are structured, and manageable. …

As I sit in my home office, noticing how my ears sort of hurt from wearing a headset too long, three weeks into this new thing some of us call “social distancing”, I reflect on the impact of this event for Security teams everywhere.

A White Facemask
A White Facemask

It’s odd that some crisis is happening that doesn’t involve a cybersecurity event. We’re not, at this moment, the front lines, the pointy end of the spear, the canary in the coalmine. No — we are relegated to the support team! The “we’ll-call-you-if-we-need-anything” group. The “can-you-help-out-these-other-more-essential-folks-for-a-bit” substitutes. It’s all a bit unsettling, to be honest.


This picture shows a black and white image of evenly balanced weights on a scale
This picture shows a black and white image of evenly balanced weights on a scale

Like most Chief Information Security Officers (CISOs), I’m often approached by recruiters, inviting me to participate in a candidate pool for another CISO role. Also, like most CISOs, I often agree to at least have a preliminary conversation, because it might be a good opportunity for me, and if not, I might be able to refer someone who would be a viable candidate.

As a result, I’ve spoken to a fair number of recruiters about potential CISO jobs, and I’ve learned to pretty quickly identify if the job is of any interest at all. Of course, what is interesting to…

All this Security Pro wants is…

’Tis the season for gift giving. Regardless of how you spend this time of year, you would need to live under a rock (or, at least, not be connected to the Interweb) to not see the plethora of gift ideas being advertised. I admit, I’ve done my civic duty to give back lots of cash into the economy. I have a wonderful community of friends, family and co-workers for whom I am eternally thankful, and I love using this time of year to recognize all these people who mean so much to me.


The average tenure for an InfoSec Executive is two to four years. This isn’t a particularly long time, in business terms. This isn’t a long time in any term. There are a number of reasons for this, including the hot job market we’re in (a bigger paycheck can always be tempting) but I have another theory: Security people get bored easily.

Let’s face it, when incidents happen, the Security job can be an adrenaline rush and a power trip. We get to see pretty much everything happening in our organization. We get to deal with crisis after crisis, and increasingly…

My spouse is a glass-half-full, live-in-the-moment kind of person. He appreciates all we have, the time we share, and the goodness that is around us. I work with a ton of people who are the same way. They delight in the positive things they are doing, the potential upside in all they pursue, their ability to influence their little (or big) piece of the world.

I’m not that person.

I’m a tinfoil-hat-wearing, thinking-about-what-comes-next-because-we’re-not-where-we-need-to-be, they’re-out-to-get-us kind of person.

Am I this way because I’ve always been this way? Or has working in Security turned me into this person?

When I speak…

Do You Know 2.5 People Who Would Be Good for Security?

One of the biggest challenges I have, when working in Security, is that the job is NEVER. EVER. FINISHED. Every day there is the same stuff, there is new stuff, but there is always STUFF.

Now, if I was a glass half full kind of person, I would happily remind you that, because there is so much stuff, there is job security. There are loads of opportunities for improvement. There are so many new and wonderful vectors of attack and defense that the job always has variety. There are so many people wanting to get into the industry that you…

Helen Patton

Cyber Security, Technology Ethics, and Humanity. What else? I can be found on Twitter @CisoHelen

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store