"Nobody writes the new playbooks alone."

The new ones have to come from the organizations dealing with the challenges firsthand, not from people observing from the sidelines.

It’s 1:30 AM and I have my kids’ soccer games all day tomorrow. Gadi posted the initial call to action Friday morning and I couldn’t just repost it and move on. I needed to take a beat and explain why this actually matters before you decide whether to keep scrolling.

Because this is new. And it matters.

Gadi Evron said something to me I can’t reproduce exactly (I genuinely wish I had written it down), but the core of it was this: Every playbook we have for cybersecurity is being thrown out because of AI, and the new ones have to come from the organizations dealing with the challenges firsthand, not from people observing from the sidelines.

It’s the same principle SANS has operated on. We want practitioners teaching, not academics. Real-world experience over theoretical distance.

Gadi applied that same logic to a much bigger problem: nobody writes the new playbooks alone. Not one vendor, not one brilliant person, not one startup or training company. We each carry a piece of it.

The only way to assemble it is to get the people facing the challenges into the same room and actually work together. That’s what we’re building in San Francisco, NYC, and DC.

That’s why I need CISOs there. Not to observe or to take notes at some transmission-based event where a speaker downloads information at you for two days.

Come to work, challenge assumptions, test outputs, and ask the questions nobody in your organization can ask because you’re the only one who sees the full picture.

“But what if I’m still figuring out AI? How can I contribute to a playbook?”

If we had it figured out, we wouldn’t need these working groups. (I want to be very clear about this.) Nobody in that room is walking in with all the answers. I don’t. Gadi doesn’t.

The entire point is that we’re all wearing the same shoes: trying to learn fast enough, watching questions multiply faster than answers, feeling more isolated than we should in a field full of smart people facing identical problems.

What Gadi saw, and what I’ve come to believe, is that we need to form something like a massive cybersecurity LLM made of CISOs. A collective that can answer hard questions no single organization can answer alone, where nobody has to figure this out in isolation.

That collective needs your experience in it. Your specific context. The things your team is struggling with right now that haven’t made it into any framework yet, because the frameworks are all six months behind where you already are.

We’re starting with CISO leadership deliberately. Organizational alignment starts at the top, and this problem requires organizations to carve out real time and real attention.

One of the actual outputs of these workshops will be identifying which other groups of professionals need to swarm together to do this correctly. (My instinct is that list gets long, fast.)

But leadership comes first, because that’s what creates the conditions for everyone else to do the same work.

I’m part of this because Gadi saw the need before most people did. He believed the Mythos paper was the right first step, and this CISO collective is the logical next one. I’m along for the ride because I think he’s right, and because I’m not able to solve this alone any more than you are. (I’m learning and struggling with this daily too. I just stopped pretending otherwise.)

Come to San Francisco. Come to NYC. Come to DC. Bring your real problems, your half-formed opinions, and your unanswered questions. No one is coming to save us by writing a book by themselves. We’re writing it together, as a community.

I’ll see you there.

Thank you, Gadi, for seeing what this needed to be.

Thank you!

-Rob T. Lee

Comments

[Matthew Franz]

Love it. And glad folks on the East Coast don't have to catch a long (and expensive) flight to SF to attend.