This year’s CISO Bootcamp at RSAC 2025 was a powerful reminder that while technology continues to evolve, the heart of cybersecurity remains the same: people and risk management. The role of the CISO (Chief Information Security Officer) is more complex than ever — balancing business alignment, technical oversight, and team leadership in a world of constant change.
Here are the key takeaways that every security leader should reflect on — and how partnering with the right MSSP (Managed Security Service Provider), like OpenText™, can help you stay ahead.
1. The CISO role is about risk, not just technology
The modern CISO is first and foremost a risk manager. The bootcamp emphasized that understanding and articulating risk is more important than knowing every tool in the stack.
If a risk isn’t communicated, it doesn’t exist
Transparency is essential. CISOs must ensure that risks are documented, communicated, and addressed. This is where a strong MSSP can be a game-changer. OpenText’s Risk & Compliance Advisory Services help CISOs identify, assess, and communicate risk in a way that aligns with business priorities.
Are you doing business in the EU? Check out Ensuring compliance with the NIS2 Directive.
2. Simplify and modernize your tech stack
Many organizations are burdened by complex, overlapping security tools. The advice from RSAC was clear: simplify. Focus on outcomes, not tool count.
Whether you’re building from scratch or modernizing, OpenText’s end-to-end Cybersecurity solutions — overseen by our Managed Security Services — can help you streamline operations, reduce noise, and focus on what matters most: protecting your business.
3. Build a team that has your back
Leadership is about people. The best CISOs build teams that are diverse, resilient, and aligned. Some of the most practical advice from the bootcamp included:
- Spend time with your team — take 15 minutes per person regularly.
- Foster a no-ego, no-jerk culture — because culture is everything.
- Diversity means bringing in people from both inside and outside cyber.
- Support your team like family. Recognition should flow to them, not to you.
If your team can meet without you and still move toward the North Star, you’re doing it right
4. Communicate like a business leader
CISOs must be exceptional communicators. That means translating technical risk into business language and aligning with corporate executive priorities.
Yes, we can—but here’s what it takes
This mindset positions the information security team as a business enabler. And when you need to benchmark or prioritize, OpenText’s Risk and Compliance Advisory — including our Security Assessment — can provide the insights and peer comparisons you need to make informed decisions.
5. Cybersecurity in 2025: Still a people problem
Despite the rise of AI and automation, the consensus at RSAC was clear: cybersecurity is still about people. You need a lean, skilled, and trusted team.
Experience is the sum of your failures
That’s why it’s critical to invest in people, not just tools. OpenText’s Managed Extended Detection and Response (MxDR) is designed to augment your internal team, not replace it — giving you access to top-tier talent and 24/7 coverage without the overhead.
6. Justify your headcount with trust and data
Budget constraints are real. To justify your team size, you need:
- Benchmarking – Compare your team structure to industry standards.
- Peer consultation – Talk to other CISOs about how they build out their team and model their security strategies.
But most importantly, you need trust. Build credibility with your CEO and your Board by showing that your team is aligned with business goals and delivering measurable value. OpenText can help you map your program to industry benchmarks and provide the data you need to make your case.
7. Today’s threat landscape: Beyond technology
Cybersecurity is no longer just about firewalls and endpoints. Today’s threats are shaped by:
- Geopolitical tensions
- Third-party risks
- Regulatory pressure
- Human behavior
Attackers in 2025 are targeting your communications, your information, your infrastructure, and are placing backdoors. It’s not a matter of if an incident will happen — it’s when. That’s why OpenText’s Digital Forensics and Incident Response (DFIR) services are so critical.
8. Define the North Star, not the roadmap
As a CISO, your job is to define the vision, not micromanage the execution. The roadmap will change. Threats will evolve. But your North Star — your guiding principles — should remain constant.
Let your team own the roadmap. Empower them to adapt, innovate, and lead. Your role is to remove obstacles, build culture, and keep everyone aligned.
9. Practice, practice, practice
Whether it’s tabletop exercises, red team drills, or communication rehearsals, practice is everything. The more you train, the more confident your team will be when the real thing happens.
OpenText’s Incident Response Simulation drills your team and the entire organization to gain awareness, confidence, and readiness for the inevitable incident.
10. Final thought: who has your back?
The CISO role is demanding, high-stakes, and often lonely. That’s why it’s essential to surround yourself with people—and partners—who support you.
Pick a leadership team that has your back
For many organizations, that includes a trusted MSSP. OpenText Managed Security Services offer a full spectrum of cybersecurity services—from strategic advisory to 24/7 threat detection and response. Whether you’re building a program from scratch or looking to mature your existing capabilities, OpenText has software solutions for SMB and Enterprise as well as the expertise, scale, and commitment to help you succeed.
The modern CISO must be a risk manager, a business enabler, a people leader, a clear communicator, and a visionary. Technology is important—but it’s the last piece of the puzzle. The real work is aligning security with business goals, building strong teams, and leading with empathy and clarity. If you’re a CISO in 2025, remember: It’s still about people. And the right partner makes all the difference.
Explore OpenText Cybersecurity Solutions
Ready to strengthen your cybersecurity program? Discover how OpenText’s end-to-end Cybersecurity Services can help you lead with confidence through our Risk & Compliance Advisory, Digital Forensics and Incident Response (DFIR), and other Cybersecurity Services.
Whether you’re building from scratch or maturing your program, OpenText Managed Security Services offers the scale, expertise, and commitment to help you succeed—across SMB and enterprise environments.
