Sign in Subscribe

Threads — From Short Signals to Long-Form CISO Thinking

Share

Cybersecurity moves too fast for shallow takes.

Threads is where I share short observations, questions and fragments of thought about cybersecurity, AI, digital trust and organizational resilience.

This site is where I develop those thoughts properly.

CISOsCISO is a long-form publication for leaders who want to understand not only what is happening in cybersecurity — but what it means for governance, accountability, risk and executive decision-making.

Why this site exists

Most cybersecurity discussions are either too technical for executives or too superficial for security leaders.

CISOsCISO sits deliberately in between.

It connects security strategy with operational reality. It looks at the assumptions behind modern cybersecurity programs, ISO/IEC 27001 implementations, cloud transformation, AI adoption, resilience, digital sovereignty and the changing role of the CISO.

The goal is not to publish more noise.

The goal is to create space for better questions.

What you will find here

Long-form CISO essays

Strategic articles on cybersecurity leadership, AI security, cloud risk, governance, digital trust, ISO/IEC 27001, security culture and resilience.

These are not news summaries. They are reflections from a CISO perspective — written for people who need to make decisions under uncertainty.

[Read the latest articles]

Cybersecurity 2030

A series about the assumptions that are beginning to expire.

Cybersecurity 2030 explores how leadership, governance, regulation, technology and organizational responsibility must evolve as AI, cloud dependency, geopolitical risk and digital complexity reshape the security landscape.

[Explore the series]

Practical executive perspectives

Security is not only a technical discipline.

It is also a question of ownership, incentives, accountability, culture and management attention.

This site therefore focuses on the issues that often sit between the lines: unclear responsibilities, weak governance, hidden risk acceptance, audit-driven security, dependency on cloud providers, and the gap between formal certification and actual resilience.

[Start with selected essays]

Who this is for

This publication is written for:

  • CISOs and security leaders
  • CIOs and digital transformation leaders
  • Board members and executives
  • Risk, compliance and governance professionals
  • Technology leaders working with cloud, AI, SAP, M365 or global platforms
  • Professionals who believe cybersecurity must be treated as a leadership discipline

If you are looking for simple security tips, this may not be the right place.

If you are looking for deeper thinking about how security decisions are really made in complex organizations, you are welcome here.

A CISO perspective

My name is Eckhart Mehler.

I am an information security leader, writer and advisor with more than three decades of experience in technology, cybersecurity, governance and digital transformation.

CISOsCISO is my personal publication for leaders who want to challenge assumptions before they become risks.

The articles published here reflect my personal professional perspective.

[About CISOsCISO]

Follow the short thoughts. Read the long ones.

Threads is useful for signals.

This site is for substance.

If something I post on Threads raises a question, challenges an assumption or feels unfinished, there is a good chance the deeper argument lives here — or will soon become an article.

[Follow on Threads]

[Subscribe to CISOsCISO]

Start here if you are new to CISOsCISO:

[Latest Article]

[Cybersecurity 2030 Series]

[AI Security Articles]

[Digital Trust & Governance]

[Cloud Security & Sovereignty]

[Contact]