{"slug": "the-last-human-relationship-in-cybersecurity", "title": "The last human relationship in cybersecurity", "summary": "A cybersecurity veteran argues that AI and governance frameworks cannot replace the human partnership between CIOs and CISOs, citing a Washington State example where daily communication between the two leaders sustained security operations. The author warns that misaligned leaders cause even well-funded programs to fail, and AI's speed makes pre-existing trust essential for incident response.", "body_md": "We are inundated with promises that artificial intelligence will save us and that the next governance framework will protect us. Buy this platform, adopt that model and the hard part finally gets easier. After 15 years in this field, I have wanted that shortcut as much as anyone.\n\nBut both promises are downstream of something neither one can produce. You cannot automate trust between two people. You cannot govern your way to a relationship. As AI moves into the core of how organizations operate, and accountability stops mapping cleanly to the org chart, what holds when the stakes are highest is not the platform or the policy. It is two human leaders who know each other well enough to carry the weight together.\n\nI think about this often now, a year after publishing a book about the pressures bearing down on security leaders, “[The CISO On The Razor’s Edge: Leading Cybersecurity When The System Is Designed To Break](https://www.amazon.com/dp/B0F6DDK8CD).” The partnership between the CIO and the CISO is the last human relationship in cybersecurity. AI raises the stakes. Governance sets the floor. The relationship is what holds.\n\nI saw it work once, up close. When I worked in Washington State, the CIO, [Bill Kehoe](https://www.linkedin.com/in/william-kehoe-a37a0714b/), talked to his CISO, [Ralph Johnson](https://www.linkedin.com/in/ralfjnsn/), every day. Weekends included. Not because a policy required it, but because the mission did. That partnership is a large part of why the role stayed sustainable for them when it broke so many others.\n\nWalk any conference floor and you will hear the same pitch in a hundred variations. The next AI layer will close the gap. The next framework will lock down the risk. The technology is usually ready. The organization is not. I have watched too many well-funded programs stall to still believe the tool is the answer, and almost every time, the breakdown traced back to leaders who were not aligned before the work began. A framework run by misaligned leaders inherits the misalignment. You can buy the best controls on the market and still watch them fail when two leaders work from different assumptions about who owns what.\n\nBill and Ralph understood this. Security decisions were not handed to Ralph after the fact to bless or block. They were made with him, inside the technology decisions, because the two had already agreed on what mattered. That is not governance. That is leadership creating the conditions in which governance can work.\n\nIt is the real lesson I came to in the book. Technical knowledge matters, but it is not enough. As I wrote then, “Influence, trust and internal relationships are non-negotiable.” Without influence, CISOs cannot lead. Without technical substance, they cannot prioritize what matters. And without partnership, especially with their CIO, “they’re operating without a safety net.”\n\nAI does not change that truth. It raises the cost of ignoring it.\n\nThe ground under both roles is shifting. Work no longer flows through people alone. It moves across people, platforms, partners and agents at the same time, and it moves fast. Decisions that once waited for a meeting now form in seconds. The org chart, built for an era when humans did the work and reporting lines explained accountability, struggles to keep up.\n\nThis is where the partnership stops being a nicety and becomes infrastructure. When decisions form at machine speed, the human escalation path has to be instant. There is no time to negotiate a relationship in the middle of an incident. Either the trust is already there, built in the quiet stretches before anything goes wrong, or it is not there when it counts.\n\nI asked Bill what he would lose if his daily calls with Ralph dropped to once a week. His answer cut straight to it.\n\n“Cyber does not rest,” he told me. “It is active and dynamic and requires 24/7/365 attention.” Drop to a weekly check-in, he explained, and “I am treating the CISO like any other executive position.” For Bill, AI only raises the stakes on that daily contact. “Relationships and partnerships between the CIO and CISO will never die due to AI,” he said. “I can’t even imagine a scenario where I don’t talk to my CISO on a daily basis including weekends to discuss the latest risks and vulnerabilities or news on potential AI attacks.”\n\nThat is the point most of the market misses. A platform can flag the anomaly. It cannot decide what the organization is willing to risk, who carries that decision or how two leaders stand behind it together. The faster the machines move, the more the partnership has to already be in place.\n\nThere is a reason some now call the CISO job the least desirable role in business. The seat carries enormous accountability and rarely the authority to match. As one security leader put it, [the pressure has never been higher and the control has never felt lower](https://www.csoonline.com/article/4016334/has-ciso-become-the-least-desirable-role-in-business.html). People are burning out and walking away from a role that has never mattered more.\n\nHere is the hard part. There is no log file for burnout. No alert fires when the weight finally exceeds the leader. That drain is invisible right up until it is not, and it raises organizational risk as surely as any unpatched system. The structural fixes the industry debates are all real and all slow.\n\nThe fastest source of relief available to a CISO is not a framework. It is a CIO who treats the relationship as a daily partnership rather than a line on a chart. An isolated CISO is a vulnerability. A partnered one is an asset.\n\nYou see what that partnership is worth in the worst moment. I asked Bill what it looks like when an incident hits and public trust is on the line. He did not reach for a tool.\n\n“I am accountable as CIO to everything that occurs in the state from a technology lens including cyber,” he said. When a severe incident hits, the call comes to him from agency leadership or the Governor’s Office. Then he follows the plan, but never alone: “I will be in constant contact with the CISO on the details of the incident.”\n\nThat is the safety net made real. The CISO is not carrying the mission alone at the moment it matters most. On the razor’s edge, leadership keeps you upright. Partnership keeps you in the fight.\n\nIn my advisory work, I sit with C-suite leaders who share values and still cannot find alignment. The barrier is rarely disagreement. It is that they are not communicating clearly or often enough to build the trust that alignment requires. I have watched negotiations that could only happen by proxy, over email, because two capable leaders had stopped talking directly.\n\nI recently sat in an hour-long discussion where alignment and shared values were present the whole time. It did not become clear until the final fifteen minutes. That is what real alignment costs: patience, persistence and a stubborn commitment to clarity. If leaders cannot do that work themselves, no AI model or governance tool will do it for them.\n\nThis is why I stand up an AI review board for the organizations I work with and host the leadership conversations that decide whether a company’s AI ambitions thrive or stall. The board itself matters less than what it provides: neutral ground, a regular cadence and an agenda that forces the hard issues into the open before a crisis forces them. If your organization has no venue like that, that absence is its own form of dysfunction. The cadence is what makes communication effective. Not easy. Effective.\n\nYou cannot framework your way to trust. But you can build it deliberately, and that is a leadership act, not a governance one. The partnership and stakeholdering skills that once looked like soft extras are now the core executive work. A few moves matter most:\n\nBuild the relationship as deliberately as you would build any critical control, because that is what it is. If you cannot connect the partnership to outcomes the business actually feels, you have a friendship, not a performance lever.\n\nA year after writing “The CISO On the Razor’s Edge,” I am even more convinced that strong leadership precedes effective governance and partnership precedes them both. This is the good news, not the hard news. The CIO and CISO who build real trust do not just reduce risk. They move faster than their competitors, because they spend no energy fighting each other. They earn the board’s confidence, because the board hears one clear voice. And they unlock the AI strategy everyone else is still struggling to govern, because they have already done the human work that makes governance hold.\n\nThat is the upside waiting on the other side of this relationship. AI will keep advancing. Governance will keep maturing. But the organizations that win the next decade will be the ones where two leaders decided the partnership was worth building before they needed it. Bill and Ralph knew it every day, weekends included. The edge is there for anyone willing to do the same.\n\n**This article is published as part of the Foundry Expert Contributor Network.****Want to join?**", "url": "https://wpnews.pro/news/the-last-human-relationship-in-cybersecurity", "canonical_source": "https://www.cio.com/article/4197971/the-last-human-relationship-in-cybersecurity.html", "published_at": "2026-07-17 12:00:00+00:00", "updated_at": "2026-07-17 12:06:18.005121+00:00", "lang": "en", "topics": ["ai-safety", "ai-policy", "ai-ethics"], "entities": ["Bill Kehoe", "Ralph Johnson", "Washington State"], "alternates": {"html": "https://wpnews.pro/news/the-last-human-relationship-in-cybersecurity", "markdown": "https://wpnews.pro/news/the-last-human-relationship-in-cybersecurity.md", "text": "https://wpnews.pro/news/the-last-human-relationship-in-cybersecurity.txt", "jsonld": "https://wpnews.pro/news/the-last-human-relationship-in-cybersecurity.jsonld"}}