The role of CISO is not only very high-stakes role but can also greatly differ from one company to another. A CISO for a small to medium enterprise will not require the same skills and qualities as a CISO for a Fortune 500 company. That said, the role must have undeniably elementary necessary skills, including strong technical skills with great management and adaptable personality. I consider the CISO position very challenging to fill with its different facets. Thus, just applying frameworks without understanding the business cyber risks can be called ‘’insanity’’, as per doing the same thing and expecting different results.