A burned-out security team. A board that sees cybersecurity as a cost center. A breach lurking in the shadows. William Sterling thought he was walking into a turnaround story. He was walking into a crucible.
Every new CISO faces the same arc. William Sterling lives it in real time.
Get the lay of the land. Inherited risks, team dynamics, political landscape — and the crises that won't wait for your plan to be ready.
Frameworks, partnerships, and the hard lesson that the same security message needs different delivery for different audiences.
Distributed ownership, security as a business enabler, and proving the program works when it's tested under real pressure.
Not a victory lap. Not a defeat. Something harder to earn: clarity about what the job actually is.
Legacy systems nobody documented. Compliance gaps nobody budgeted for. And a cybersecurity team that’s been burned by the last CISO.
Every conversation is a budget fight. You know the risk is real—but translating cybersecurity risk into business language feels impossible.
The people holding your incident response together are one bad week from breaking. CISO burnout is real—and it starts with your team.
The same security message, delivered differently to every audience. Learn why the CFO needs risk metrics, the board needs business narratives, and your team needs transparency.
How to build influence without authority. When to protect someone instead of exposing them. Why grace creates more loyalty than leverage—even in incident response.
Security programs that depend on one person are one resignation away from collapse. See what sustainable cybersecurity leadership looks like when the system works without you.
A practical first-90-days framework for new CISOs—timelines, milestones, and decision points you can adapt to your own organization.
How to frame cybersecurity risk, incidents, and security investment for every audience type—from the CFO to the engineering floor.
Everything you need to launch a security champion program: role definitions, gamification templates, and the pitch deck that sells it to leadership.
Optimistic Arrival
William Sterling pulls into the parking lot of Meridian Healthcare on a Monday morning, ready to begin his new role as CISO. He’s done his research, prepared his 90-day plan, and convinced himself this time will be different.
Get updates on bonus material, future books, and resources for security leaders.
No spam. Unsubscribe anytime.
Andy Dyrcz is a cybersecurity leader and CISO who has spent his career at the uncomfortable intersection of risk, revenue, and human behavior.
Over the past decade, he has helped B2B SaaS companies build security programs that can withstand real-world pressure — from regulatory scrutiny and board expectations to production outages and late-night incident calls.
The CISO Crucible grew out of a simple realization: most security guidance tells leaders what they should do, but rarely shows what it feels like to do it while everything is on fire.
This is his first novel-length leadership story, but likely not his last.
