Working in TIAA’s cybersecurity department is akin to being part of an elaborate circus act, only without the clowns—because let’s be honest, they would probably steal the show. Our fearless leader, the CISO, appears to be playing hide and seek with responsibility. He seems to have magically abstracted himself from the daily grind while trying to hold the rest of us accountable for our hybrid work schedules. Imagine getting a lecture from a guy who’s dialing in from California while we’re sweating it out in the office. “Do as I say, not as I do,” right?
Culture is always a favorite topic, championed by the Cyber C.A.T. But spoiler alert: it’s all talk and no action. We keep waiting for substantive changes to materialize, but they remain as elusive as a good cup of coffee in the break room. The recent culture survey results? They came back to become just another tool for the CISO to deflect blame. He sees numbers that suggest managers are doing great, yet somehow, he’s convinced the managers are the root of our problems. Newsflash: the results reflect a total loss of trust in senior leadership, but he believes those at the top—the CEO and her directs—are where the issues lie. Most of us don’t care about what the CEO is doing because all we see is our CISO and his cohort stumbling through leadership.
And let’s talk about team dynamics. There’s always a lovely tension brewing between our US and India teams, pitted against each other like rival factions instead of working collaboratively. Our CISO’s pawn in India can do whatever he pleases, blissfully ignoring any input from stateside teams on the history or progress of tasks. Despite multiple reports about this ongoing issue, it’s “old no action nelly” to the rescue! The question is, is this no action or is it really built in on purpose. There are really smart people on both sides that could get everything fixed in cyber if it were one team. But hey, if neither of those work out we can always hire more contractors that have no real buy-in with the company at triple the costs….oh and not only for engineering and projects but lets also hire contractors for BAU work in operations because we all know that tying BAU to strategic dollars is a great idea, right? Speaking of operations, why do you have a deputy and an ops lead that you make an MD without a clear seat at the table. It is hard to lead from the sidelines guys, but somehow that is the story for people that actually know what they are doing in cyber.
Quarterly meetings seem to wrap up with a word cloud that supposedly sums up our thoughts on where the problems lie. It’s unintentionally hilarious that this becomes just another tool for the blame game. Newsflash again: don’t do anonymous word clouds if you don’t want to hear the truth!
And let’s not overlook the CISO's endless pursuit of patents. Why is that his priority? Especially for projects that wholeheartedly fail. Do we really think he’s there to lead, or is it all about stacking patents for his own ego, even if they go nowhere? It seems his focus is less on fostering a successful environment and more on keeping up appearances.
At the end of the day, I just hope this mounting frustration doesn’t lead to a mass exodus after bonus season. I’ve heard whispers that many good people are already on the lookout for their next opportunity, and honestly, who can blame them?
So here’s to TIAA’s cybersecurity: where leadership is absent, culture is a punchline, and accountability is clearly for the little folks. If you enjoy working under a CISO who epitomizes the phrase “lead like a mo--n,” then welcome aboard!