As cybersecurity professionals, we spend most of the year thinking about what could go wrong. Threat actors, vulnerabilities, misconfigurations, audit findings – the list is long and rarely dull.
Thanksgiving gives us a rare chance to pause and focus on something else
What is going right and who makes that possible? This year, I am especially thankful for a few groups who quietly and consistently shape our industry and keep organizations moving forward even when the threat landscape feels like a never-ending incident response call.
Thankful for the Cybersecurity Community
First and foremost, I am thankful for the people in this industry who show up every day to make things safer. To the practitioners who live in SIEM dashboards, patch windows, and risk registers, To the vCISOs and security leaders who translate technical risk into business language, To the engineers who fix the “one quick thing” that is never actually one quick thing. You are the reason organizations can keep operating with confidence instead of chaos.
We do not always agree on tools, frameworks, or the best way to implement multi-factor authentication. Still, the collective effort of this community is what moves the needle from “we hope we are secure” to “we know where we stand and what we need to improve.”
Thankful for Clients and Future Clients
I am also profoundly thankful for the organizations that choose to take cybersecurity seriously.
To current clients:
Thank you for trusting industry professionals with your security programs, your data, and your teams. You invite us into your environment, your strategy, and sometimes your messiest legacy systems. You ask hard questions, you challenge assumptions, and you commit to doing the work. That partnership is what turns frameworks and policies into tangible, measurable progress.
To future clients:
Thank you in advance for being willing to engage, to ask “where are our gaps,” and to act before an incident forces the issue. Choosing to invest in security is not always easy. It competes with revenue initiatives, product roadmaps, and operational priorities. But your willingness to work with security leaders is precisely what keeps your business resilient when the unexpected happens.
Thankful for the Long Hours and the People Who Work Them
Cybersecurity is not a nine-to-five profession.
Incidents do not respect time zones, holidays, or family dinners.
To everyone who has ever:
- Joined a “quick call” that turned into a multi-hour incident bridge
- Spent a weekend validating controls for an upcoming audit
- Stayed late to make sure a critical patch was deployed safely
- Rewritten a policy so it actually reflects how the organization operates
Thank you.
Your long hours rarely make headlines, but they prevent the headlines no one wants to see. You carry a lot of responsibility, and you do so with professionalism, persistence, and more caffeine than most people would admit to.
Thankful for Regulators and Governing Bodies
It may not be fashionable to say this, but I am also thankful for regulators, auditors, and governing bodies.
Are the requirements sometimes complex, evolving, and occasionally frustrating
Absolutely.
But those same regulations and frameworks give us structure and direction. They help organizations move from “we should probably do something about security” to “here is what good looks like and here is how we measure it.”
To the teams behind standards and regulations – from NIST and CIS to HIPAA, GLBA, PCI, SOC 2, and beyond – thank you for continually refining the guardrails that help us do the right thing, not just the easy thing.
To auditors and assessors who push for evidence, clarity, and consistency,
thank you for holding organizations (and consultants) accountable. You help ensure that security is more than a slide deck and that controls actually exist beyond the policy document.
Thankful for the Families Behind the Firewalls
Finally, and most importantly, I am thankful for the families and loved ones who support those of us in this field.
You are the ones who:
- See the calendar invites labeled “urgent” and know dinner might be late
- Listen to us explain why a phishing email was “actually pretty clever”
- Put up with conversations about risk, controls, and compliance at completely normal times like Saturday morning coffee
You may not be on the incident bridge or in the board presentation, but you make it possible for us to show up fully when it matters. Your patience, encouragement, and understanding are the quiet backbone of many successful security programs.
Looking Ahead With Gratitude
The threats will keep evolving. The acronyms will keep multiplying. There will always be another framework update, another audit cycle, and another “can we jump on a quick call” that is anything but quick.
But in the middle of all that, there is a lot to be thankful for:
- A community that shares knowledge instead of hoarding it
- Clients who are willing to invest in doing security the right way
- Regulators and governing bodies that keep raising the bar
- Professionals who put in the work even when no one is watching
- Families who support the mission, even when it interrupts the schedule
To everyone in and around the cybersecurity world
Thank you for what you do, for how you do it, and for the impact you have on organizations and the people they serve.
Wishing you a safe, restful, and incident-free Thanksgiving season.