The Death of the CISO Resume
- Michael Piacente, Hitch Partners
I hate resumes, there, I said it. Anyone who has worked with me knows my disdain for them, but it's not for the reason you might think. I'm actually a history nerd who enjoys reading about a person's journey and how they became who they are.
For years, companies have relied on the resume to evaluate CISO talent. That reliance is a mistake because the resume is an outdated, ineffective way to evaluate executive talent, and it’s failing both job seekers and hiring companies. The resume with its bullet points and chronological format is a relic that simply can’t capture the complexity of a modern CISO’s skills and experiences. While a resume might be a career timeline, it completely misses the most critical part of the story.
The Resume Is Obsolete
A resume is a career anthology, but its value stops there. It's an outdated and ineffective way to truly evaluate executive talent, especially for a CISO. The modern CISO role isn't one job—it's 10 to 12 roles rolled into one, a complexity the resume can't begin to capture. When a company is hiring a CISO, they need to evaluate a candidate's skills, scale, and experience, which the resume fails to capture.
There have been many articles claiming that the resume’s value is waning as hiring shifts to a skills-based approach. From my view, the CISO resume is already well past obsolete. Appropriately evaluating a CISO’s fit requires a keen focus on what a CISO has done, where they did it, who they did it with, and how they could apply their experience in a new and challenging environment. CISOs are not just the "Chief How Have You Kept Your Companies Safe Officers," they are also "Chief Anticipate What's Around The Corner Officers." They are the masters of many skills and often a few superpowers. Being these things and many others requires the modern CISO to be a true storyteller.
The Problem of Context
The problem is that a resume is a detailed timeline of bullet points that only attempts to show a CISO's scale and scope. I've seen it happen time and again, where a hiring manager dismisses a candidate based on a pre-conceived notion about a past employer, only to change their mind once they hear the full story. Without this context, hiring managers are forced to fill in the blanks, often with their own biases.
It completely misses the context: why they did what they did, what was going on at the company at the time, and who they collaborated with to do what they did. Without this context, evaluators often resort to their own biases, judging a candidate’s perceived skills and basing their evaluation on a company's reputation or their own unrelated experiences. We are constantly catching hiring teams on this.
Having reviewed over 10,000 CISO resumes, I can say with confidence that most CISOs struggle with the format. They rarely frame the "where and why” they've done what they've done," or focus on the key people—the stakeholders, customers, and partners—that are so critical in a skills-based hiring world. This is why the traditional CISO resume has failed both the job seeker and the company.
The answer isn't a better resume—it's getting rid of them altogether
The Storyboard Solution
The answer isn't a better resume—it's getting rid of them altogether.
At our firm, we took a different approach nearly a decade ago. We stopped sending resumes to clients and instead began creating storyboards. We work to understand a client's specific growth areas, risks, and concerns, then we match a candidate's stories to those needs. This approach allows us to show clients exactly why a candidate is the right fit, which has resulted in a significantly higher rate of success in getting candidates an interview.
A Call to Action for CISOs
If you are a CISO looking for a new role, you should create a personal storyboard for yourself. Continually tweak and practice telling your stories—the ones that convey what, where, why, and who of your career. I’m not suggesting constructing another client facing storyboard anthology. This isn't a document you give to an interviewer; it's a tool for you, so these stories become so ingrained they're second nature. Stories need to be in your hippocampus.
In an unprecedented job market flooded with qualified talent, relying on an obsolete tool like the resume is a disservice to both companies and candidates. The time has come to move beyond bullet points and embrace the power of storytelling. For CISOs, this means turning your experiences into a compelling narrative; for companies, it means demanding more than just a list of past roles to find the right leader for the future.