From Vigilance to Vision: What 2025 Taught Us—and What 2026 Demands from InfoSec Leaders
As this year draws to a close, I’ve been reflecting on what 2025 revealed about our industry—and what it quietly prepared us for next.
This past year wasn’t just about new threats, faster attacks, or shinier tools. It was about people. About leadership. About challenging long-held assumptions around what security is for and who it should serve. Those lessons now form the foundation for how we must lead in 2026.
A Year Rooted in Human-Centered Security
One of the most meaningful milestones of 2025 for me was stepping into a leadership role as a Board Member of the Women’s Society of Cyberjutsu. Joining a community so deeply committed to advancing equity, mentorship, and strategic leadership reinforced something I’ve believed throughout my career: diversity isn’t a “nice to have”—it’s a resilience strategy.
Cybersecurity does not thrive on monoculture. It thrives when we intentionally create space for voices that have historically been sidelined, and when leadership pipelines reflect the world we’re trying to protect.
Voices of the Vigilant: Conversations That Center People
That same belief guided Voices of the Vigilant throughout 2025. The podcast became a space for honest, thoughtful conversations that went far beyond firewalls and frameworks.
Across the year, we explored:
• How women and marginalized leaders navigate—and reshape—cybersecurity careers
• The relationship between collaboration, leadership, and meaningful security outcomes
• The power of human resilience, creativity, and non-technical strengths in strengthening defenses
The show’s growth wasn’t fueled by buzzwords. It grew because it centered people—their stories, their challenges, and their hard-won wisdom—and invited listeners into a community built on curiosity and care.
Writing with Purpose for Security Leaders
On the Vigilant Violet blog and in trade publication interviews, I focused on issues leaders are grappling with every day:
• Securing generative AI with intention and discipline
• Cutting through vulnerability management noise to restore clarity
• Leading with authenticity, identity, and influence
These weren’t purely technical explorations. They were invitations to rethink how we practice security—with empathy, strategic intent, and an understanding that leadership is inseparable from identity.
Leadership Beyond the Office
In external interviews and media appearances this year, one theme kept resurfacing: empathy is not a soft skill—it’s a security skill. Calm, communicative leadership shapes how organizations respond to risk, incidents, and change. Listening builds trust. Connection strengthens culture. And both are foundational to resilient security programs.
What 2025 Taught Us
Looking back, three themes defined the year:
People First
Security is not tech-driven—it’s people-driven. Investing in careers, teams, and leadership pipelines pays exponential dividends.
Humanizing Complexity
Our work is complex, but our communication doesn’t have to be. Translating technical risk into accessible insight is now a leadership requirement.
Courageous Inclusion
Equity is strategic. The future of InfoSec depends on cultivating voices that reflect the diversity of the environments we protect.
These lessons matter because they set the stage for what comes next.
What InfoSec Leaders Must Pay Attention to in 2026
If 2025 was the year we realized that “faster” doesn’t always mean “better,” then 2026 is the year we’ll be forced to prove it.
AI Is No Longer a Tool—It’s a Force Multiplier
AI is embedded in our environments whether we planned for it or not. The risk in 2026 isn’t using AI—it’s using it without governance, accountability, or intent.
Leaders must focus on:
• AI-accelerated attack timelines
• Shadow AI adoption inside the business
• Model risk, prompt injection, and over-reliance on probabilistic outputs
The shift must be from “Can we block AI?” to “How do we enable it safely?” AI amplifies outcomes—good or bad—based on the quality of human judgment guiding it.
Post-Quantum Security Is No Longer Theoretical
While cryptographically relevant quantum computers aren’t mainstream yet, harvest-now-decrypt-later threats are very real.
2026 is the year to:
• Inventory cryptography across environments
• Build crypto agility into systems
• Hold vendors accountable for credible post-quantum roadmaps
This isn’t about panic. It’s about responsibility.
Identity Is Still the Perimeter—and It’s Still Leaking
Identity failures continue to dominate breach narratives, not because the technology is immature, but because governance often is.
Leaders must reassess:
• Human and non-human identities
• Over-privileged access
• The evolution of MFA fatigue into manipulation
Identity risk is rarely a surprise. It’s usually a known issue left unattended.
Burnout Is a Security Risk
In 2026, people risk becomes operational risk.
Alert fatigue, constant urgency, and unsustainable workloads lead to missed signals and attrition. Resilience is not endurance.
Security leaders must:
• Reduce noise ruthlessly
• Design sustainable workflows
• Normalize rest, learning, and psychological safety
A resilient program is built by resilient people.
Leadership Credibility Will Matter More Than Technical Brilliance
As uncertainty grows, leaders will be judged less on technical depth and more on their ability to communicate risk, trade-offs, and ambiguity with clarity and honesty.
Trust will increasingly separate reactive programs from strategic ones.
Looking Ahead
2026 will reward InfoSec leaders who:
• Embrace AI without surrendering accountability
• Prepare for post-quantum realities without fear
• Treat identity as governance, not compliance
• Care for their people as fiercely as their systems
• Lead with clarity, humility, and empathy
The future of security won’t be built by those who react the fastest—but by those who think the clearest, lead the bravest, and remember that security exists to serve people, not the other way around.
To everyone who listened, read, challenged, and collaborated this year—thank you. I’m committed to continuing this work in 2026: pushing boundaries, building community, and keeping humanity at the center of cybersecurity.
Stay vigilant. Stay human.
