following then I'll die a happy "security purist":
-A CISO who is more than a sacrificial lamb. To qualify their tenure
must be of a serious duration and have survived a major security
incident or made quantifiable material risk reduction.
-An executive who thinks strategically about IT risk and doesn't "knee
jerk" after an incident or do the minimum to "cover their proverbial"
- a security solution that is well maintained and configure in line
with it's documented and approved configuration
- a project manager who will delay a milestone to ensure that a
security governance requirement is adequately met.
What things would you like to tick off on your infosec bucket list?