{"id":31107,"date":"2026-02-06T08:45:00","date_gmt":"2026-02-06T08:45:00","guid":{"rendered":"https:\/\/www.engineernewsnetwork.com\/blog\/?p=31107"},"modified":"2026-02-05T10:33:56","modified_gmt":"2026-02-05T10:33:56","slug":"has-the-cyber-security-industry-has-made-itself-too-complicated-to-be-useful","status":"publish","type":"post","link":"https:\/\/www.engineernewsnetwork.com\/blog\/has-the-cyber-security-industry-has-made-itself-too-complicated-to-be-useful\/","title":{"rendered":"Has the cyber security industry has made itself too complicated to be useful"},"content":{"rendered":"\n<p>For many organisations, cyber security no longer feels like a source of protection. It feels like a wall of jargon, frameworks, and conflicting advice that&#8217;s difficult to question and even harder to act on.<\/p>\n\n\n\n<p>According to experienced Chief Information Security Officer Amy Lemberger, who is the founder of\u00a0<a href=\"https:\/\/post.spmailtechnol.com\/f\/a\/p_qZKw9Ba0RbcW-jzhjt1w~~\/AABK1BA~\/xEGhV9X_nEjCEyUbtb230iB14GijP6tSVxrbIp5tQ1jBFomptTJswItq8DmepotzOdaZfUHLALtUpbKYTDNATJ8A-bEcbily01rrasxlRfLLIcFLTeZmbJfh8asLGPnG\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>The CISO Hub<\/strong><\/a>, this is not a failure of businesses, it is a failure of the security industry itself.<\/p>\n\n\n\n<p>Cyber security, she argues, has become over-engineered and performative. In trying to prove its sophistication, the industry has made itself inaccessible to the very people who are expected to make decisions.<\/p>\n\n\n\n<p>&#8220;The industry has massively overcomplicated security,&#8221; Lemberger says. &#8220;We&#8217;ve turned something that should support decision-making into something people feel excluded from.&#8221;<\/p>\n\n\n\n<p>She points to a growing gap between compliance and actual protection. Frameworks, certifications, and audits are often treated as proof of security, when in reality they are only indicators of process.<\/p>\n\n\n\n<p>&#8220;Compliance and security are not the same thing,&#8221; she says. &#8220;But they&#8217;re constantly conflated. You can be compliant and still exposed in all the ways that matter.&#8221;<\/p>\n\n\n\n<p>This confusion leaves many business leaders feeling stuck. They know something isn&#8217;t right, but they don&#8217;t know how to challenge what they&#8217;re being told. Over time, that uncertainty turns into silence.<\/p>\n\n\n\n<p>&#8220;I regularly speak to senior leaders who tell me they feel too stupid to ask the right questions,&#8221; Lemberger says. &#8220;That&#8217;s not their failure. That&#8217;s ours as an industry.&#8221;<\/p>\n\n\n\n<p>Instead of clarity, businesses are often met with dense language, vendor-driven narratives, and technical detail that obscures rather than informs. Security discussions become abstract, detached from real priorities like growth, delivery, and resilience.<\/p>\n\n\n\n<p>The result is a strange contradiction. Organisations invest heavily in security yet remain unsure about what they are actually protected against. Risk is documented but not properly understood. Decisions are deferred because the conversation feels too complex to engage with.<\/p>\n\n\n\n<p>Lemberger believes this is why so many cyber security programmes stall. Not because leaders don&#8217;t care, but because the industry has made meaningful engagement unnecessarily difficult.<\/p>\n\n\n\n<p>&#8220;When people don&#8217;t understand something, they disengage,&#8221; she says. &#8220;Security then becomes something that happens around the business, not something that&#8217;s part of how the business operates.&#8221;<\/p>\n\n\n\n<p>She argues that effective security leadership is less about adding more layers and more about stripping things back. Plain language. Honest trade-offs. Clear explanations of what matters now and what can wait.<\/p>\n\n\n\n<p>Cyber security, she says, should help leaders make better decisions, not make them feel inadequate for not being technical specialists.<\/p>\n\n\n\n<p>Until the industry confronts its own role in creating confusion, the gap between effort and outcome will remain. Businesses will continue to spend, comply, and report, while still feeling uncertain about their true level of protection.<\/p>\n\n\n\n<p>Security needs to be simpler because clarity is what makes action possible.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>For many organisations, cyber security no longer feels like a source of protection. It feels like a wall of jargon, frameworks, and conflicting advice that&#8217;s difficult to question and even harder to act on. According to experienced Chief Information Security Officer Amy Lemberger, who is the founder of\u00a0The CISO Hub, this is not a failure &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[199],"tags":[590,14353],"class_list":["post-31107","post","type-post","status-publish","format-standard","","category-news-views-and-opinion","tag-cyber-security","tag-the-ciso-hub"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Has the cyber security industry has made itself too complicated to be useful - Engineer News Network<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.engineernewsnetwork.com\/blog\/has-the-cyber-security-industry-has-made-itself-too-complicated-to-be-useful\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Has the cyber security industry has made itself too complicated to be useful - Engineer News Network\" \/>\n<meta property=\"og:description\" content=\"For many organisations, cyber security no longer feels like a source of protection. It feels like a wall of jargon, frameworks, and conflicting advice that&#8217;s difficult to question and even harder to act on. According to experienced Chief Information Security Officer Amy Lemberger, who is the founder of\u00a0The CISO Hub, this is not a failure &hellip;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.engineernewsnetwork.com\/blog\/has-the-cyber-security-industry-has-made-itself-too-complicated-to-be-useful\/\" \/>\n<meta property=\"og:site_name\" content=\"Engineer News Network\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-06T08:45:00+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/has-the-cyber-security-industry-has-made-itself-too-complicated-to-be-useful\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/has-the-cyber-security-industry-has-made-itself-too-complicated-to-be-useful\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/#\\\/schema\\\/person\\\/4477342aea8e299c6a21761e513ea8e1\"},\"headline\":\"Has the cyber security industry has made itself too complicated to be useful\",\"datePublished\":\"2026-02-06T08:45:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/has-the-cyber-security-industry-has-made-itself-too-complicated-to-be-useful\\\/\"},\"wordCount\":476,\"keywords\":[\"cyber security\",\"The CISO Hub\"],\"articleSection\":[\"News, Views and Opinion\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/has-the-cyber-security-industry-has-made-itself-too-complicated-to-be-useful\\\/\",\"url\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/has-the-cyber-security-industry-has-made-itself-too-complicated-to-be-useful\\\/\",\"name\":\"Has the cyber security industry has made itself too complicated to be useful - Engineer News Network\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/#website\"},\"datePublished\":\"2026-02-06T08:45:00+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/#\\\/schema\\\/person\\\/4477342aea8e299c6a21761e513ea8e1\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/has-the-cyber-security-industry-has-made-itself-too-complicated-to-be-useful\\\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/has-the-cyber-security-industry-has-made-itself-too-complicated-to-be-useful\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/has-the-cyber-security-industry-has-made-itself-too-complicated-to-be-useful\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Has the cyber security industry has made itself too complicated to be useful\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/\",\"name\":\"Engineer News Network\",\"description\":\"The ultimate online news and information resource for today's engineer\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/#\\\/schema\\\/person\\\/4477342aea8e299c6a21761e513ea8e1\",\"name\":\"admin\",\"url\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Has the cyber security industry has made itself too complicated to be useful - Engineer News Network","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.engineernewsnetwork.com\/blog\/has-the-cyber-security-industry-has-made-itself-too-complicated-to-be-useful\/","og_locale":"en_GB","og_type":"article","og_title":"Has the cyber security industry has made itself too complicated to be useful - Engineer News Network","og_description":"For many organisations, cyber security no longer feels like a source of protection. It feels like a wall of jargon, frameworks, and conflicting advice that&#8217;s difficult to question and even harder to act on. According to experienced Chief Information Security Officer Amy Lemberger, who is the founder of\u00a0The CISO Hub, this is not a failure &hellip;","og_url":"https:\/\/www.engineernewsnetwork.com\/blog\/has-the-cyber-security-industry-has-made-itself-too-complicated-to-be-useful\/","og_site_name":"Engineer News Network","article_published_time":"2026-02-06T08:45:00+00:00","author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin","Estimated reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.engineernewsnetwork.com\/blog\/has-the-cyber-security-industry-has-made-itself-too-complicated-to-be-useful\/#article","isPartOf":{"@id":"https:\/\/www.engineernewsnetwork.com\/blog\/has-the-cyber-security-industry-has-made-itself-too-complicated-to-be-useful\/"},"author":{"name":"admin","@id":"https:\/\/www.engineernewsnetwork.com\/blog\/#\/schema\/person\/4477342aea8e299c6a21761e513ea8e1"},"headline":"Has the cyber security industry has made itself too complicated to be useful","datePublished":"2026-02-06T08:45:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.engineernewsnetwork.com\/blog\/has-the-cyber-security-industry-has-made-itself-too-complicated-to-be-useful\/"},"wordCount":476,"keywords":["cyber security","The CISO Hub"],"articleSection":["News, Views and Opinion"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/www.engineernewsnetwork.com\/blog\/has-the-cyber-security-industry-has-made-itself-too-complicated-to-be-useful\/","url":"https:\/\/www.engineernewsnetwork.com\/blog\/has-the-cyber-security-industry-has-made-itself-too-complicated-to-be-useful\/","name":"Has the cyber security industry has made itself too complicated to be useful - Engineer News Network","isPartOf":{"@id":"https:\/\/www.engineernewsnetwork.com\/blog\/#website"},"datePublished":"2026-02-06T08:45:00+00:00","author":{"@id":"https:\/\/www.engineernewsnetwork.com\/blog\/#\/schema\/person\/4477342aea8e299c6a21761e513ea8e1"},"breadcrumb":{"@id":"https:\/\/www.engineernewsnetwork.com\/blog\/has-the-cyber-security-industry-has-made-itself-too-complicated-to-be-useful\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.engineernewsnetwork.com\/blog\/has-the-cyber-security-industry-has-made-itself-too-complicated-to-be-useful\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.engineernewsnetwork.com\/blog\/has-the-cyber-security-industry-has-made-itself-too-complicated-to-be-useful\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.engineernewsnetwork.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Has the cyber security industry has made itself too complicated to be useful"}]},{"@type":"WebSite","@id":"https:\/\/www.engineernewsnetwork.com\/blog\/#website","url":"https:\/\/www.engineernewsnetwork.com\/blog\/","name":"Engineer News Network","description":"The ultimate online news and information resource for today's engineer","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.engineernewsnetwork.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/www.engineernewsnetwork.com\/blog\/#\/schema\/person\/4477342aea8e299c6a21761e513ea8e1","name":"admin","url":"https:\/\/www.engineernewsnetwork.com\/blog\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/www.engineernewsnetwork.com\/blog\/wp-json\/wp\/v2\/posts\/31107","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.engineernewsnetwork.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.engineernewsnetwork.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.engineernewsnetwork.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.engineernewsnetwork.com\/blog\/wp-json\/wp\/v2\/comments?post=31107"}],"version-history":[{"count":1,"href":"https:\/\/www.engineernewsnetwork.com\/blog\/wp-json\/wp\/v2\/posts\/31107\/revisions"}],"predecessor-version":[{"id":31108,"href":"https:\/\/www.engineernewsnetwork.com\/blog\/wp-json\/wp\/v2\/posts\/31107\/revisions\/31108"}],"wp:attachment":[{"href":"https:\/\/www.engineernewsnetwork.com\/blog\/wp-json\/wp\/v2\/media?parent=31107"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.engineernewsnetwork.com\/blog\/wp-json\/wp\/v2\/categories?post=31107"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.engineernewsnetwork.com\/blog\/wp-json\/wp\/v2\/tags?post=31107"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}