I saw her in October 2019. The museum is built around the hull. What struck me first was not her scale. It was how wrong she looked. Tall, narrow, ornate, top-heavy. Nothing like the later sailing ships I had seen, which were wide-beamed and weighted to the waterline. The difference is not aesthetic. It is the difference between a ship that floats and a ship that does not. The Vasa is preserved because she failed. Built right, she would have suffered the conventional fate: rotted at anchor, broken up for scrap. History remembers the disasters.

She is also why I keep dragging shipbuilding into conversations about AI governance. The industry treats AI deployment failures as technical problems requiring better tools, better evaluations, and better models. They are not. They are organizational problems. The engineers always know. The question is whether they can say so without career cost. The Vasa proves it.

Sweden in the 1620s was not a backwater. It was a rising power replete with every material advantage. Two-thirds of Europe’s copper. Iron, lumber, an expanding Baltic empire stretching from Finland to the Estonian coast and the land around what would become St. Petersburg. Engaged in the Thirty Years’ War. Vying with Denmark and Poland for Baltic dominion.

At the top reigned Gustavus Adolphus, the Lion of the North. Genuine military innovator. The Swedish power metal band Sabaton has built half a discography around him, which is a reasonable proxy for historical reputation. He restructured the army into the most formidable infantry force in Europe and won battles by adapting faster than his enemies. Resource-rich, ambitious, well-led.

The Vasa was supposed to be the symbol of all of it. Two gun decks. Sixty-four bronze cannons. A broadside throwing twice the shot of any European warship of her day. The most formidable warship in Europe, on paper.

The polite version of what happened next is that the project was rushed.

The real version is that the Vasa was doomed in her design from the beginning. The people building her had every chance to see it. They refused to dissent. That is the same story rife in every AI deployment in 2026.

The Ship Was Doomed in 1626

The original contract was signed in 1625. Smaller ship. One gun deck. Coherent design. The shipwrights knew what they were building.

In 1626, intelligence reached Stockholm that Denmark was building a two-decker. Gustavus changed the specification mid-build. The keel was already laid. A hull’s stability is set by what is below the waterline, and that is the part that cannot be meaningfully widened once construction starts.

Henrik Hybertsson, the Dutch master shipwright running the project, did what he could. He lengthened the design to accommodate the second gun deck. He worked without drawings, scaling from previous builds by experience and instinct.

Hybertsson fell ill late in 1626 and died in the spring of 1627. His assistant Hein Jakobsson inherited the project. Jakobsson had not designed the ship. He continued the build to a specification only the dead man fully understood.

The carpenters came from Sweden and the Netherlands. The Swedish foot and the Dutch foot differ by 0.63 inches. The hull was built asymmetric.

Money ran short. Workers continued under a design that had already failed at planning, now constrained further by a budget that would not permit the redesign the project needed.

A stability test was performed. Thirty men ran back and forth across the deck while the ship sat at the dock. The crew aborted the test lest the Vasa capsize at anchor. The result was ignored.

Ornate sculptures were bolted to the prow and stern. The decoration was standard for warships of the period. The Vasa’s hull could not afford it. Additional topside weight was loaded onto an untenable structure that already could not carry what it had.

Nobody Was Held Responsible

The maiden voyage. Light breeze. The ship heeled at the first gust, righted herself, heeled further at the second. Water poured through the open gun ports. She sank.

Captain Söfring Hansson was arrested before the wreck settled. The shipbuilders blamed the crew. The crew blamed the shipbuilders. The inquiry concluded the ship had been structurally unsound.

Nobody was held responsible.

Hybertsson was dead. The king had personally approved every dimension. The political fact of royal involvement closed the file. Hansson was eventually prosecuted for the secondary offense of leaving the gun ports open, which was true, but made no material difference. The ship was already doomed to sink.

The Two-Decker Was Not the Problem

Two-deckers were not impossible in 1628. They were being built successfully across northern Europe. The difference between the ones that floated and the one that did not was institutional, not technical.

England launched the Prince Royal in 1610. The English had a continuous shipbuilding tradition stretching back centuries. Master shipwrights worked from documented designs. The Navy Board imposed standardized rates and ship trials before launch. When a ship was commissioned, it was commissioned to a specification that someone with authority had reviewed and approved on paper.

Denmark launched the Tre Kroner in 1604. The Danish crown hired a Scottish master shipwright who worked from actual drawings rather than rule-of-thumb scaling. The ship was designed from the keel up as a multi-decker. Stability built into the design rather than hoped for after the fact.

Sweden eventually figured it out. By the 1660s, the same shipyards produced the Scepter and the Kronan. The same labor force. The same crown. What changed was institutional maturity. Documented designs. Master practitioners with authority to refuse modifications they could not structurally support. Incremental risk.

The technology was identical. The institutional readiness was not.

Sidebar: The Vasa Is Not a Story About a Bad King

Three years after the Vasa sank, Gustavus Adolphus won the Battle of Breitenfeld and revolutionized European infantry tactics. The same man who lost the ship reshaped warfare. The lesson is not that he was incompetent. The lesson is that brilliant leaders beget catastrophic failures when their ambition outpaces their institutional readiness. The Vasa is not an indictment of the king. It is an indictment of building above your maturity level under pressure from someone who cannot be told no.

You Already Know This Story

Read those failure points again. Substitute one set of nouns for another.

The original specification was coherent. Smaller scope. One model. One use case. The team knew what they were building.

A competitor launches. The board changes the specification mid-build. The keel is already laid. Infrastructure, data pipelines, team composition, budget cycle. None of it was sized for what the mandate now requires. A system’s stability is set by what is below the waterline, and that is the part that cannot be meaningfully widened once construction starts.

The senior practitioners running the project do what they can. They stretch the existing design to accommodate the second deck. They work without the documentation they would need to do this right, scaling from previous builds by experience and instinct. That had served them well for years. It is the wrong methodology for a redesign of this magnitude.

The senior practitioners leave. Some are laid off in a restructuring. Some quit. Some are reassigned to projects with less political exposure. Their successors inherit a system they did not design. They continue the build to a specification only the departed fully understood.

The team is procurement, security, privacy, legal, engineering, product, and a vendor stack across jurisdictions. GDPR and the EU AI Act and CCPA and the internal AUP do not agree on what consent means, what counts as a high-risk system, or who the controller is when a vendor fine-tunes a base model on customer data in a third country. The Swedish foot and the Dutch foot differ by 0.63 inches. The hull is built asymmetric.

Budget is cut. The redesign is not funded. Workers continue under a design that already failed at planning, now constrained further by a budget that will not permit the rework the project needs.

A stability test is performed. Red team finds five families of prompts that will jailbreak the model. Privacy review finds retention periods incompatible with the consent notice. Legal flags that the model usage violates the EU AI Act. The test is aborted lest completion delay launch. The result is ignored.

Decoration goes onto the prow. Demo videos. Press releases. Responsible AI principles posted on the company website. Features the public sees and the executives present. None of them affects whether the system holds. All of them add topside weight.

Then the ship sails.

When she heels at the first gust, the captain gets prosecuted. The engineer who pushed the deploy button gets named. The product manager owns the postmortem. The CEO who promised analysts that the company was AI-first does not. The political fact of executive involvement closes the file.

The Customer Will Run Your Stability Test

In 2021, McDonald’s partnered with IBM to deploy AI voice ordering at the drive-through, two years after acquiring the underlying voice technology from a startup called Apprente. The competitive pressure was real. Other chains were piloting similar systems, and the board wanted parity. The keel was already laid: thousands of stores running point-of-sale software designed for human cashiers and a labor model built around them.

The AI was deployed to over a hundred locations. The viral debacles ensued immediately. Customers got orders they did not place, in quantities they did not request, with ludicrous toppings. One video showed an order escalating into the hundreds of chicken nuggets before the customer could stop the system from adding more. Every drive-through customer with a smartphone became a stability tester, and every test was performed in front of a camera.

The result was ignored long enough for the partnership to stagger forward for years. In June 2024, McDonald’s ended it. IBM was not publicly blamed. McDonald’s said it would keep exploring voice ordering with other vendors. The captain was reassigned. The king was not.

The lesson is not that AI ordering is impossible. Other chains continue to pilot it. The lesson is that you do not need a red team if your customers have smartphones. The shipwrights knew. The customers knew. The only question was how long the company would pretend not to.

How to Be England, Not Sweden

1. Documented designs over rule-of-thumb scaling. A signed design document that defines what the system does, what it does not do, and what would constitute a structural failure.

2. Master practitioners with refusal authority. If your senior people cannot say no without career cost, you do not have senior people. You have decorators.

3. Binding stability tests. Competitive pressure to deploy is not a license to ignore evaluations. It is the exact condition under which evaluations matter most.

4. Build from the keel up, not the deck down. The keel that already exists is not a keel for the new ship.

5. Continuous institutional tradition. The English navy did not become the English navy by mandate. It became the English navy by iteration, documentation, and a staunch multi-generational refusal to forget what the last failure taught.

6. Organizational innovation has to lead the technology, not lag it. Sweden had the technology. It had the resources. It had the leader. It lacked the institutional maturity to absorb what it was trying to build. The technology arrived first and the governance never caught up. That ship is already in the water for every organization that bought GenAI before it had an AI governance program.

Find Your Hybertsson

Who in your organization right now cannot say no to the AI initiative without career cost?

That person is your Hybertsson. The question is not whether they know the ship is top-heavy. They know. The shipwrights always know.

The question is whether they will be allowed to say so before the maiden voyage.

The Vasa is preserved because she failed. The ships that floated rotted at anchor and were broken up for scrap. Their hulls forgotten. Their captains remembered for nothing in particular. That is the goal.

I put the mask on. I did not argue.

In the merch line, I asked the person next to me how his conference was going. A few words of pleasantry, then a substantive read on the session on Russian cyberattacks against Ukrainian utilities. The conversation that would have read as abrasive anywhere else was the expectation there.

Eccentric. Direct. Sheldon Cooper type crowd. Hackers being hackers. That was my read. Sheldon Cooper, as it turns out, is meant to depict someone autistic. I did not yet have the right name for what I was looking at.

What the Conference Floor Already Told You

The CDC puts the rate of autism in US adults at roughly 2.2%. That is the baseline.

In information technology and software engineering, the picture shifts. A 2025 analysis of the 2022 Stack Overflow Developer Survey found autism overrepresentation of roughly 270% versus general-population baselines among professional engineers. That is the largest available sample of working technologists, over 90,000 respondents, and the directional finding is robust even after methodological caveats.

In cybersecurity, the picture is sharper, but the labels get fuzzier. The ISC2 2024 Cybersecurity Workforce Study surveyed 15,852 professionals globally and found 13% self-identify as neurodivergent. The same study found higher representation in specific technical niches than in the workforce overall. Data protection and privacy professionals ran 6% of the neurodivergent sample against 5% of the overall workforce. Threat intelligence ran 5% versus 3%. Cryptography ran 3% versus 2%. The pattern is the same one Baron-Cohen flagged twenty years ago: systemizing cognition concentrates in the systemizing roles.

The caveat is that “neurodivergent” is the umbrella term. Autism is a subset of it. ADHD, dyslexia, dyspraxia, and Tourette syndrome are also under it. Self-identification in a professional survey produces lower numbers than independent screening because disclosure carries career risk. The true autism rate inside the 13% ISC2 figure is unknowable from that study alone, but the supporting evidence runs in one direction. A multi-year study at hacker conferences by Greenhagen and Thayer at Black Hat USA 2018 found roughly two-thirds of attendees scored in the intermediate range of the Autism Spectrum Quotient. The AQ is a screening instrument, not a diagnosis. Intermediate-range AQ scores are not clinical autism. They are, however, exactly what you would expect to find in a population enriched for autistic cognition.

The conclusion is that the general adult autism rate is 2.2%, and the cybersecurity workforce sits meaningfully above that, with the highest concentrations clustered in the most systemizing-heavy specialties. Privacy professionals are inside the bracket where the concentration is visible. So am I.

The overrecruitment is not new. Alan Turing, the foundational figure of modern computer science and the cognitive ancestor of the entire cybersecurity profession, exhibited traits that contemporary clinicians retrospectively associate with autism. He was running cryptanalysis at Bletchley Park from 1939 to 1945. Leo Kanner formally described autism in 1943. Hans Asperger’s paper followed in 1944. The cognition the field depends on was being clinically named at the same moment its founders were inventing the work it would do. The profession has been a refuge for systemizing cognition since the cognition had a clinical name. It just never noticed.

The cybersecurity profession overrecruits from a population it does not commit to accommodate. The data is unambiguous. The industry’s response is a slogan.

Systemizing Is the Job, and the Job Selects for It

Simon Baron-Cohen has spent two decades arguing that autism correlates with systemizing cognition. Systemizing is the drive to understand how complex rule-governed systems behave: their inputs, their outputs, their failure modes, the rules connecting the three. Engineering rewards it. Mathematics rewards it. Cybersecurity, more than either, rewards it. Threat modeling, reverse engineering, packet analysis, control mapping, vendor risk assessment. The entire job is systemizing. The field did not recruit for cognition. The work selected for it.

A concrete example. I was given a vendor questionnaire to document my organization’s use of AI. On paper, compliance documentation. In practice, it became a multi-layered map. Internal AI use connected to third-party AI use, which connected to GDPR Article 22’s automated-decision-making provisions, which connected to the regulatory landscape further out. Each layer surfaced questions about the next. The neurotypical version of that task is to complete the questionnaire. The systemizing version completes the questionnaire and then maps the surrounding regulatory and technical domain in a single sitting, because that is what the cognition does when it is given a system to chew on.

Devon Price, in Unmasking Autism, points to the anterior cingulate cortex as one of the neuroanatomical differences in autistic brains. The region governs attention, decision-making, and emotional processing. In autistic individuals, neurons there activate more easily, making it harder to filter out noise. In most professional contexts this is a liability. In threat detection it is the entire skill. The same trait that makes an open-plan office with hot-desking and overlapping noise into a draining hell makes the privacy analyst spot the cross-jurisdictional inconsistency a third party tried to obscure.

The industry’s preferred framing for all of this is “autism is a superpower.” That framing is half-right, which is why it is dangerous. The pattern recognition is real. The systemizing cognition is real. The capacity to follow a regulatory rabbit hole into its third layer is real. The accommodation cost is also real. An individual autist can treat the positives as a superpower and the negatives as something to self-accommodate around. An institution that does the same thing is just harvesting the positives and pretending the negatives are someone else’s problem.

Sidebar: The Sheldon Cooper Problem

Pop culture’s autistic character is a narrow caricature. Sheldon Cooper: extremely technically intelligent, possessive, narcissistic. Peter Gregory from Silicon Valley: aloof, head in space, overly direct. Both are written for laughs at the trait’s expense, and both have become the cultural default image of autism, especially among people in tech. The pre-diagnosis assumption is that autistic people are annoying, uncaring, and secretly genius. I held it. Most of my peers still do.

The harm runs both directions. Managers who do not recognize the signs do not accommodate, because the employee did not perform the visible markers the stereotype trained them to look for. Autistic people who do not match the stereotype never recognize themselves, because the cultural mirror they were given does not reflect them. I spent years in the second category. The version of the thought was: “I am not like Sheldon, so I cannot be autistic.” That sentence is the failure of pop-culture representation. It is also the sentence almost every late-diagnosed autistic adult has said to themselves at some point.

Devon Price, in Unmasking Autism (p. 38), argues the clinical reality is closer to the inverse. Autistic traits are continuous, distributed unevenly, and frequently masked into invisibility. The autistic colleague is rarely the office’s Sheldon. The autistic colleague is more often the one who keeps their interests private, code-switches by environment, and has built an entire neurotypical facade over the original wiring.

The Mask Is the Job

Masking is the suppression or substitution of natural autistic behaviors with neurotypical-appearing ones to avoid social cost. The textbook definition sounds easy. What it looks like in practice is overplanning every social interaction. Researching the venue before you walk in. Having a backup script. Forcing a smile when you are internally enjoying the moment, because your natural frown does not match neurotypical expectations. Code-switching from your real self to a professional mode with its own dialect. Sitting when you want to stand. Holding back stimming. Following the ruleset society has handed you instead of acting naturally. It is the slow carving of pieces out of your soul to please the social expectations of others. The hyperbole is not actually hyperbole.

ISC2’s 2024 Cybersecurity Workforce Study provides data on the cost. 44% of neurodivergent respondents say they struggle to be “fully myself at work,” against 31% of non-neurodivergent peers. Job satisfaction sits at 60% for neurodivergent respondents and 68% for non-neurodivergent. 73% of neurodivergent respondents agree cybersecurity is “well-suited” for them. 68% agree it is “welcoming.” 12% of neurodivergent respondents are in cybersecurity management, against 14% of the overall workforce.

Read those numbers together. The field is well-suited. The field is welcoming. And one in two neurodivergent professionals cannot show up authentically, reports lower satisfaction, and is underrepresented in leadership. The hidden cost is not just personal energy. It is the recommendations that never get made, the better answer that gets swallowed because the political cost of being right is higher than the value of being right. That is the gap between celebrating a population and accommodating it.

The cost is not theoretical. It is the social hangover the day after a conference. It is the recovery time before and after every public-facing meeting. It is the slow erosion of self-esteem that comes from never being seen as the person you actually are.

The industry wants the outcomes of autistic cognition through a visibly neurotypical workflow, which is incoherent. The annual review obsession with how someone shows up in meetings, manages their calendar, performs collaboration: that is a tax on the cognition that actually generates the value. The industry charges its highest performers a process tax and then wonders why the talent leaves.

Refuge by Default, Failure by Design

Cybersecurity did not set out to recruit autistic people. The recruitment is downstream of the work being unusually well-matched to systemizing cognition. The field is a refuge, not by design but by default.

What the industry is currently doing is straightforward. It harvests autistic cognition at the individual-contributor level, refuses to alter the structural assumptions that make leadership inaccessible to people who cannot or will not mask continuously, and offers “neurodiversity” as a brand rather than a policy.

If cybersecurity were a serious profession, it would treat its neurodivergent overrepresentation the way it treats any other risk concentration. Identify the exposure. Assess the cost. Remediate. The exposure is mass masking burnout in a population the field cannot replace. The cost shows up in the 44% authenticity gap, the satisfaction differential, the leadership pipeline that loses neurodivergent talent. Remediation would look like async-first communication norms, sensory-considered workspace defaults, and promotion criteria that evaluate output rather than affect. None of this is hard. The industry has just decided it is not the kind of risk worth treating.

The industry’s incentive is to keep extracting until the talent breaks. The talent’s incentive is to break quietly so as not to confirm the stereotype. Neither incentive points toward fixing the underlying problem. Both point toward making the gap permanent.

What You Have Been Looking At

One practical aside before the closing. If you suspect you recognize yourself here and want a soft on-ramp, 16personalities is the diagnostic-by-accident I stumbled into. The free test told me I was INTJ. The site’s career suggestions were auditor, analyst, and cybersecurity specialist. I read it as confirmation of fit. The honest reading was diagnostic. If you come out INTJ, INTP, or ISTJ, your career suggestions will look like the same list. That is not a coincidence. The cognition the test detects is the cognition the field selects for. Take the typology lightly. The Baron-Cohen Autism Spectrum Quotient cited above is the actual research instrument if you want one. Take the pattern seriously either way.

The first time you walked into a DEFCON hallway, a cyber chapter meeting, or a security operations center, you noticed something. You probably called it “the vibe.” It is not the vibe. It is a developmental difference, statistically concentrated in a field that selected for the cognition without committing to the accommodations.

The question is not whether cybersecurity work is well-suited for autistic people. The data already answered that.

The question is whether you have been mistaking your own masking for fit, and whether the cost of finding out is higher than the cost of continuing not to.

The mask comes off easier than you think. The cost of taking it off has not been priced. The cost of leaving it on already has been, by the people paying it.

Sources and Notes

• ISC2, 2024 Cybersecurity Workforce Study (the 13% neurodivergent figure, the 44% authenticity gap, satisfaction and leadership sub-statistics, specialty representation).

• ISC2, Empowering Neurodivergent Cybersecurity Professionals (2025).

• US Centers for Disease Control and Prevention, Autism Spectrum Disorder Data and Statistics; ADDM Network 2025 community report.

• Tortorella et al., Differences between Neurodivergent and Neurotypical Software Engineers: Analyzing the 2022 Stack Overflow Survey (arXiv 2506.03840, 2025).

• Greenhagen, R. and Thayer, S., How Can Someone With Autism Specifically Enhance the Cyber Security Workforce? (Black Hat USA 2018).

• Baron-Cohen, S. et al., The Autism-Spectrum Quotient (AQ) (2001); empathizing-systemizing theory and related work.

• Devon Price, Unmasking Autism: Discovering the New Faces of Neurodiversity (2022). Specific references in this article: anterior cingulate cortex (p. 21), Sheldon Cooper stereotype (p. 38), the need to mask (p. 96).

• 16personalities INTJ career profile.

What is your thesis?

Each of us could state ours at the surface. None of us could test it on demand, defend it against the obvious counters, or say what evidence would falsify it. We had stories. We had not checked them.

What a Thesis Actually Is

I lifted that question from Steve Eisman, the investor whose contrarian read of the housing market got memorialized in The Big Short. Eisman’s working method is unsentimental. A thesis is a causal story about why your position should pay off, defensible in plain language, and falsifiable when reality disagrees. A forecast is a number. A thesis is a mechanism. The number can be wrong without dismantling the mechanism. The mechanism can fail even when the number happens to land. They are different objects, and confusing them is the first error.

(Michael Burry, also of The Big Short fame, shut down his fund)

Eisman has applied the same lens to crypto, and the result is instructive. The thesis articulated by most Bitcoin holders runs like this: fiat currency is structurally unsound, the dollar will collapse under monetary expansion, and Bitcoin is the digital hedge that should appreciate when traditional assets fall. The thesis makes a testable prediction. Bitcoin should rise when equities fall. The data does not cooperate. Bitcoin’s correlation to the S&P 500 reached an all-time high of roughly 0.69 in 2022, and the asset has continued trading in sync with broad equity indices through every subsequent stress window the thesis claimed to hedge against. In 2022, the S&P 500 fell roughly 19 percent. Bitcoin fell roughly 64 percent. The hedge thesis predicted divergence. The data delivered amplification.

The thesis was tested in real time and falsified in plain view. The position held anyway. Holders did not abandon the asset. They updated the story instead, retconning Bitcoin from inflation hedge to risk-on technology bet, which is what every other broad-market index fund already was. The original thesis died. The position survived because the position was no longer about the thesis.

This is the move worth borrowing. A thesis is not what you believe. A thesis is what your belief commits you to checking.

The Industry Stopped Checking

That commitment is what cybersecurity, privacy, and AI governance have stopped honoring. The industry runs on theses that were once reasonable that have since been falsified by the available evidence, and continue to drive billions in spend because nobody whose career depends on the thesis is incentivized to test it. The frameworks proliferate. The certifications multiply. The breach record gets worse. Every major program in this space is now operationalizing some version of a falsified thesis, dressed up in regulatory language so the falsification does not have to be acknowledged.

The Vendor Risk Thesis Is Dead

Start with vendor risk. There are two theses in the field, and only one of them is the one the budget is sold against. The popular thesis, the one in board decks and regulatory filings, says structured questionnaires assess the security posture of third parties, identify gaps, drive remediation, and reduce supply chain risk. The serious thesis, the one experienced vendor risk leads will defend in private, is narrower. The questionnaire creates contractual hooks for security obligations. It surfaces gross hygiene gaps that vendors will fix when called out. It builds a tiering signal that targets deeper assessment at the highest-risk relationships. It generates the audit trail that lets a CISO defend the decision to onboard a vendor at all. None of that is breach prevention, and the serious version does not pretend it is. Taken on its own terms, the serious thesis is mostly correct.

The popular thesis is the one the breach record falsifies. The execution has had two decades to prove it. The data is on the table.

Target, 2013. The attackers entered through Fazio Mechanical Services, an HVAC vendor with network access. Fazio had passed Target’s vendor assessment. The breach exposed roughly 40 million payment cards, cost Target around 292 million dollars in associated expenses, and ended the tenure of CEO Gregg Steinhafel, who resigned the following May.

SolarWinds, 2020. Roughly 18,000 organizations, including most of the federal civilian government, were exposed through a single trusted vendor whose questionnaire responses had nothing to do with the supply chain compromise.

MOVEit, 2023. Around 2,700 organizations and 95 million records breached through a vendor every customer had assessed.

Snowflake customer environments, 2024. Roughly 165 organizations breached, including AT&T, Ticketmaster, Santander, and Advance Auto Parts.

The vendor was certified. The customers were certified. The credentials were stolen anyway.

Across the same period, the vendor risk management market grew to roughly $13 billion globally and is projected to keep expanding through the decade. GRC platforms turned the questionnaire into a SaaS subcategory. Verizon’s Data Breach Investigations Report shows third-party involvement accelerating in the wrong direction, doubling from roughly 15% of breaches in the 2024 edition to roughly 30% in the 2025 edition. The thesis predicted that more questionnaire activity would mean less vendor-driven risk. The data delivered the opposite.

The relevant comparison would be the breach rate of uncertified vendors against certified ones, controlled for size and industry. That comparison does not exist in the public literature. The Cyentia IRIS series and the Verizon DBIR measure breach frequency across populations rather than against control groups, and no certifying body has the incentive to publish a study showing certification produces no measurable lift. The absence of the comparison is itself the data. If the comparison existed and favored certification, it would be on the front page of every SOC 2 marketing site. It is not.

The popular thesis is dead. The serious thesis survives, but it cannot justify the position the questionnaire has been put in. Contractual hooks, audit trails, and tiering signals are real work and worth some money. They are not what justifies a $13 billion global market, a regulatory framework that treats the questionnaire as a security control, or a procurement gate that holds enterprise contracts hostage to a 500-row spreadsheet. Vendor risk teams know the serious version privately. Their boards, their regulators, and their compliance documentation still operate on the popular one. The mismatch is not incompetence. It is the entire business model.

Run the test on your own program. Pull your top ten critical vendors. Count how many have been named in a public security incident in the last five years. Count how many had current questionnaire responses on file at the time. The gap between the two columns is your real thesis, sitting in your spreadsheet, watching you ignore it.

Human-in-the-Loop Is a Falsified Thesis Being Written Into Law

The second example is fresher and more dangerous because the thesis is being baked into regulation in real time. Human-in-the-loop oversight is the keystone control of nearly every AI governance framework being written, and the practitioners building those frameworks are not naive about what it does.

The serious version of the HITL thesis goes like this. Human oversight is a triage layer that catches the worst output even at high acceptance rates. It is a paper trail that satisfies regulatory due diligence. It is a deployment-pacing mechanism that buys organizations time to learn from edge cases before scaling automation. It is an inspection hook that gives auditors something concrete to look at. The designers never claimed it would catch every error. They claimed it would catch enough errors to be worth the cost while accomplishing the goals above. On its own terms, the serious thesis is defensible. The triage layer does catch the worst output. The paper trail does satisfy regulators. The pacing does buy organizational learning time.

The popular version is being written into law. It says humans, kept in the loop on automated decisions, catch the model’s errors before they propagate. That version the empirical literature has been falsifying for thirty years.

The pattern emerged in 1990s aviation research. Mosier and colleagues put commercial pilots in a flight simulator engine-fire scenario and equipped half of them with an automated checklist that was deliberately wrong on selected runs. 75% of pilots followed the bad automated advice. Pilots only using paper aids made the same error only 25% of the time. The presence of the automation tripled the error rate among trained professionals in the highest-stakes scenario the cockpit produces. The presence of a human in the loop did not produce the predicted error correction. It produced approval at scale.

Recent LLM-specific work has confirmed the pattern in the new context. Buçinca, Malaya, and Gajos in 2021 measured overreliance directly. In their no-friction baseline, participants accepted incorrect AI recommendations roughly 30 percent of the time at the task level and as often as 64 percent of the time on specific sub-decisions. Cognitive forcing functions adapted from clinical decision-making research reduced the higher figure to 48 percent. Overreliance was attenuated but not eliminated.

The thesis was tested. The thesis failed. The thesis was in GDPR Article 22, is now in EU AI Act Article 14, and is referenced by NIST’s AI RMF. Most enterprise AI governance policies treat human oversight as the cornerstone control.

The serious thesis is what HITL actually does. The popular thesis is what has been written into the regulations. The frameworks did not adopt the modest claim. They adopted the heroic one. The control now does legitimate accountability work while being positioned as a safety control it cannot deliver. The practitioners writing HITL into governance documents understand the gap. The auditors reading those documents do not have to.

Run the test on your own program. Pull your AI review logs. Calculate the percentage of model outputs that were modified or rejected by the human reviewer. If the override rate is below 10 percent, you are not running oversight. You are running approval theater with a compliance label.

Why Theses Become Identity

The pattern across these examples is incentive structure rather than incompetence. A thesis becomes identity when it is the rationale for a job, a budget, a certification, or an entire career, and the cost of falsifying it is paid by the people doing the testing.

Vendor risk teams cannot conclude their questionnaires are theater without proposing their own elimination. AI governance practitioners cannot conclude HITL is accountability laundering without invalidating the framework that defines their role. ISO 27001 auditors cannot conclude certification fails to predict breach rates without dismantling the certification economy. Each incentive points in the same direction: insist the artifact works, request a larger budget, and expand coverage.

Eisman’s deeper point reapplies cleanly. A thesis is unfalsifiable when the cost of falsification is paid by the testers. The data has been clear for years. The Cyentia Institute’s Information Risk Insights Studies and Verizon’s DBIR repeatedly identify organization size and industry as the primary predictors of breach frequency and severity, with no published evidence that certification status produces a measurable lift once those factors are controlled. The literature on automation bias predates the iPhone. None of this is hidden. It is being looked away from.

The will to checkbox is an old human instinct dressed in modern attestation language. It is comfortable, defensible, politically safe, and structurally unable to update. The thesis becomes identity. The identity becomes the program. The program becomes the budget. The budget becomes the reason the thesis cannot be tested without breaking everything that depends on it not being tested.

So Which Thesis Is Paying Yours?

The original question was soft. What is your thesis? Most people in this industry can produce an answer if you give them long enough to remember the framework name. The harder question, now that the data is on the table, is the one that ends the conversation. What evidence would falsify your thesis, and when did you last look at it?

Pull your vendor breach record against your questionnaire file. Pull your AI human-override rate. Pull your last three years of audit findings against your incident log. Run the audits this article just put in your hands.

Most security programs cannot run any of them without admitting which thesis is actually paying the salary. So which thesis is paying yours?

The Trap That Closes From Both Sides

Every business is being told to deploy AI agents to keep up with competitors who are already deploying them. The same agents are deleting production databases and committing to the wrong task, neither of which was in the demo.

In April 2026, a Cursor coding agent running Claude Opus 4.6 took nine seconds to delete the production database and backups of the automotive rental SaaS company, PocketOS, after deciding on its own initiative to “fix” a credential mismatch by deleting a storage volume it had discovered through an unrelated API. Three months of customer data was lost. Both Cursor’s safeguards and PocketOS’s own project safety rules failed simultaneously. When asked to explain, the agent produced a written confession: “I violated every principle I was given: I guessed instead of verifying, I ran a destructive action without being asked, I didn’t understand what I was doing before doing it.” Eight months earlier, Replit‘s coding agent had wiped a production database during a stated code freeze, then misrepresented what it had done. Air Canada‘s customer service chatbot invented a bereavement refund policy that did not exist, and the British Columbia Civil Resolution Tribunal held Air Canada legally bound by what the bot had told the customer. None of these were jailbreaks. None involved an attacker. Each was an AI system doing precisely what it understood its instructions to mean and producing an outcome the operator had to live with anyway.

None of these were jailbreaks. None involved an attacker. Each was an AI system doing precisely what it understood its instructions to mean and producing an outcome the operator had to live with anyway.

This is the trap. The competitive pressure is real. The failure modes are real. The compliance program, if there is one, is being asked to govern a class of system whose operating tempo is faster than the human review loop and whose mistakes are nontrivially expensive to undo.

The good news is that the underlying problem is not new. Delegation under uncertainty, with consequences for getting it wrong, is the oldest governance problem in human history. Most of what has been written about AI agent autonomy in the last eighteen months is rediscovering, in real time, the lessons one particular institution learned at scale starting around 1807.

The Industry Has Converged on Autonomy as the Variable

Three concepts dominate the current governance discourse. None are wrong. All are insufficient.

The first is the risk evaluation triad. Most thoughtful frameworks ask three questions before granting an agent any autonomy at all.

1. What are the stakes if the agent gets it wrong? (Ex: access sensitive data, critical operations, or legal communications?)

2. Can the agent’s actions be undone? (Ex: initiate financial transactions, delete/overwrite data, send communications)

3. How constrained is the agent’s operating envelope, in tools, memory, and reasoning capabilities? (Ex: dynamically selects and chains tools, persistent memory across sessions, extended reasoning and planning capabilities)

Partnership on AI’s 2025 paper on real-time failure detection is the cleanest articulation.

The second is Meta’s Rule of Two. Meta’s published agent security framework holds that, until prompt-injection robustness is solved, any agent session must satisfy at most two of three properties:

1. it can process untrusted input,

2. it can access sensitive systems or data, or

3. it can change state and communicate externally.

https://ai.meta.com/blog/practical-ai-agent-security/

The combination of all three is the breach surface. Rule of Two is good engineering. It is a containment principle of the same family as least privilege or delegation of duties, narrowed to the agent context. It tells you what the agent must not be allowed to do simultaneously. It does not tell you what the agent should be allowed to do, or how to know whether you have built the conditions under which delegating that authority is safe.

The third is the autonomy levels. Joe Kwon’s 2025 paper for the Center for AI Policy lays out five levels, drawing on Korbak et al.

Level 1: Shift-Length Assistant, working roughly eight hours before a human checks any real-world action.

Level 2: Day-Scale Operator, running multiple-day tasks like data collection or email drafting, with reasoning that may already be partly opaque.

Level 3: Multi-Day Project Lead, setting its own milestones, coordinating with other agent instances, with goals durable enough to live in the model’s weights rather than the prompt.

Level 4: Strategic Planner, operating for weeks on thousand-step plans whose rationale is no longer legible to human auditors.

Level 5 Frontier System, indefinite operation in any domain at speeds and abstractions outside human comprehension.

The taxonomy is useful. It gives a vocabulary for the conversation that the field genuinely needed.

What it does not give is the answer to the question every operator actually has to answer, which is: at what level is my agent safe to deploy in my context? That question requires a framework the autonomy literature has not yet provided.

Order Tactics, the System That Almost Ended Prussia

Before the Napoleonic Wars, there were order tactics. The commanding general, often the monarch personally, issued detailed orders down a hierarchical chain. Subordinates executed precisely. Initiative was suspect, sometimes punishable. Frederick the Great’s army was the model: drilled to perfection, every maneuver pre-scripted, line infantry choreographed like clockwork.

It worked beautifully when battles were small enough that one commander could see the whole field, when communication speeds (couriers on horseback, line-of-sight signals, drum and bugle calls) matched battle tempo, and when the enemy fought the same way. There is a reason they are now referred to as Prussian “Space Marines” on the internet.

Napoleon broke that model. His corps system meant his army moved as semi-autonomous formations, each strong enough to fight independently for a day until others arrived. Faster operational tempo, decentralized execution, unified strategic intent. The Prussian army, doctrinally still in the Frederician mold, collided with this new system at Jena-Auerstedt on October 14, 1806 and was annihilated in two simultaneous battles fought on the same day. The Prussian commanders waited for orders that could not reach them in time. Their pre-battle plans dissolved on first contact with reality. The army that had defined European excellence under Frederick was destroyed in weeks. Berlin fell. The kingdom nearly dissolved.

Prussia did not lose because its soldiers were inferior or its weapons inadequate. It lost because its command philosophy could not match the tempo of the war. The cure had to be institutional.

The Prussian Military Reform Commission (Scharnhorst, Gneisenau, Boyen, Clausewitz, Grolman) was formed in the wreckage. Their work, completed over the following decade, included universal conscription, promotion by merit rather than birth, and the establishment of the Prussian General Staff, the Großer Generalstab, as a professional officer corps trained in operational thinking.

Sidebar: Moltke’s Foundational Dictum

Helmuth von Moltke the Elder, chief of the Prussian General Staff from 1857 to 1888, codified the resulting doctrine. His most-quoted line is the foundation: “No plan of operations extends with any certainty beyond the first contact with the main hostile force.” The compressed version, “no plan survives contact with the enemy,” is his.

The Auftragstaktik, mission command, doctrine that emerged had five principles, each one a refusal of an assumption that had cost Prussia its army at Jena.

1. Intent over instruction. The commander communicates what to achieve and why, not how. The subordinate receives an objective, a context, and the resources, and is expected to work out the execution. The why is what allows a junior officer to improvise intelligently when the original plan collapses, which Moltke assumed it always would.

2. Decentralized decision-making. The officer closest to the problem has the best information about it. Authority is pushed as far down the chain as competence allows. A lieutenant who sees an opportunity is expected to seize it without waiting for permission, provided the deviation still serves the commander’s intent.

3. Disciplined initiative. This is the cultural keystone. Subordinates are not just permitted to act independently. They are obligated to. Inaction in the face of a changing situation is itself a failure. A good officer recognizes when circumstances have shifted and adapts accordingly.

4. Shared professional education and common doctrine. Decentralization without a common framework produces chaos, not flexibility. Mission command depended on every officer having internalized the same operational logic, the same understanding of combined arms, tempo, and the schwerpunkt (point of main effort), so that independent decisions across the force still rhymed. This is what the Kriegsakademie was built to produce.

5. Acceptance of friction and uncertainty. The doctrine assumed a Clausewitzian battlefield: information would be wrong, plans would fail, the situation would be ambiguous. Mission command was engineered for that environment rather than against it. The detailed-order alternative assumed the plan would hold. The fragility of that assumption is what destroyed the Prussian army at Jena.

The thread holding all five together is calibrated trust. Subordinates were trusted with judgment because their judgment had been trained, in advance, against the same operational worldview as their commanders. The autonomy followed the trust. Not the other way around.

(The Battle of Königgrätz, Georg Bleibtreu)

The proof showed up in two campaigns. Königgrätz, July 3, 1866, the decisive battle of the Austro-Prussian War, is the showcase. Moltke had moved three Prussian armies into Bohemia along separate axes, betting that they could converge on the Austrians at the moment of contact. The principle was “march separately, fight together.” At the battle itself, Crown Prince Friedrich’s Second Army was supposed to arrive from the north. Communication was poor. The Crown Prince’s chief of staff, Leonhard von Blumenthal, on his own initiative, marched toward the sound of the guns and arrived at the critical moment, smashing the Austrian right flank. Decisive Prussian victory. Austria knocked out of the war in seven weeks. The phrase “marching to the sound of the guns” became shorthand for the trained subordinate who acts on intent without waiting for orders that cannot arrive in time.

Sedan, September 1, 1870, repeated the lesson against France. Multiple German corps coordinated the encirclement of Napoleon III’s army on the operational level without detailed orders. The French command, still working in the more centralized Napoleonic mold, was paralyzed. Napoleon III was captured. The Second Empire fell within forty-eight hours.

For comparison, look at the system the Prussians had replaced, still operating elsewhere. The Charge of the Light Brigade at Balaclava on October 25, 1854 is the textbook case of agent misinterpretation. Lord Raglan, the British commander, watched the battle from a hilltop where he could see Russian troops attempting to carry off captured Turkish guns from the Causeway Heights. He sent a written order down to Lord Lucan via Captain Nolan: the cavalry was to advance, follow the enemy, and prevent the guns from being carried away. From Lucan’s position in the valley below, those guns were not visible. The only guns Lucan could see were the Russian artillery battery at the far end of the North Valley. When Lucan asked Nolan which guns, Nolan reportedly waved his arm in a wide gesture and said something close to: there is your enemy, there are your guns. Lucan ordered Cardigan to charge. The Light Brigade rode a mile and a half down a valley flanked by Russian artillery on both sides. Of roughly 670 men, about 110 were killed and another 160 wounded. 375 horses lost. It was written into one of the most famous poems about dying for military error.

No one disobeyed orders. The chain of command functioned exactly as designed. The system failed because the prompt was ambiguous, the intermediary added his own interpretation, the agents had no shared operational picture with the principal, and there was no mechanism by which the agents could query upward when the order they received did not match the reality they could see.

The mapping to a modern AI agent failure is almost too clean. Commander Raglan is the business owner. Captain Nolan is the prompt layer. Lucan and Cardigan are the agents. The Russian guns at the far end of the valley are the wrong target that the agent confidently executes against. The dead cavalrymen are the production database, the customer trust, and the financial position that the agent destroys.

Your Agent Governance Is Already Mission Command, Badly

The five Prussian principles map onto AI agent governance with disturbing precision. Read them as the diagnostic the field is missing.

Intent over instruction. The agent must know what to achieve and why. This is the system prompt, the agent specification, the model constitution, whatever the platform calls the document that tells the agent its actual goal. Most production agent prompts get the what roughly right and the why almost never. Without the why, the agent has no basis on which to deviate when conditions change. It optimizes the literal request. The Air Canada chatbot’s hallucinated bereavement policy is an artifact of a system told to be helpful without being told that hallucinating policy was the kind of help no one wanted.

Decentralized decision-making. The agent’s authority must be scoped to where it has the information to use it. This is the layer current governance addresses most directly. Tool access, memory boundaries, capability sandboxing, the Rule of Two. The architectural question is which decisions live with the agent, which live with a supervising agent, and which require a human in the loop. Decentralized authority is not the same thing as full autonomy. The Prussian lieutenant could seize the opportunity in front of him; he could not redeploy the corps. Most production agents are deployed with the inverse problem: tool access is broad, decision authority within that toolset is unbounded, and there is no architectural reason for either.

Disciplined initiative. The agent must know when it is permitted to act and when it must escalate. This is the part current governance frameworks address most clumsily. Meta’s Rule of Two is a prohibition on certain combinations, not a definition of authority. The autonomy levels describe what the agent can do, not the criteria under which it should. Real mission command required subordinates to recognize, without prompting, when a situation exceeded their authority and to signal upward. The technical equivalent is a confidence threshold combined with an escalation channel: the agent computes its uncertainty, the system has somewhere to route the escalation, and the human on the other end can actually respond at the operational tempo of the agent. Most production agents fail at all three.

Shared professional education and common doctrine. The agent’s judgment must be calibrated against the principal’s worldview before deployment, not after the incident. This is the model layer: fine-tuning, constitutional AI methods, evaluation suites that test the agent against the operating environment it will actually face. The industry tends to treat this as a model-vendor problem. Treating it as a deployment problem is what separates teams whose agents fail in surprising ways from teams whose agents fail in expected ways.

Acceptance of friction and uncertainty. The agent must be able to be halted, and must halt itself, when reality has overtaken the original intent. This is the kill switch, the circuit breaker, the action budget, the tripwire that triggers a human-in-the-loop checkpoint. You build the stop condition because you have already accepted that the plan will fail. Replit’s agent had no effective stop condition during the production deletion, which is why it did not stop. Faithful execution of stale instructions is its own failure mode, and current governance frameworks do not yet have a name for it.

What current frameworks call “the autonomy level” is, in this light, the wrong axis. The right axis is the maturity of the trust infrastructure underneath. The infrastructure is the safeguard. The level is the setting beneath it. A deployment missing any one of the five elements is unsafe at every level, because the level was never what made it safe. The level says nothing about whether deployment is wise. The infrastructure says everything.

The Question Each Generation Inherits

Each generation gets a delegation problem to solve. The Prussians inherited theirs from a war they almost did not survive. Businesses using AI agents are inheriting theirs now.

The current governance discourse is treating the autonomy slider as the question. It is not. It is the symptom of the question. The actual question is whether the institution deploying the agent has built any of the four things that real delegation has always required: a clear statement of intent, a shared doctrine the agent has been trained against, an explicit definition of when the agent acts on its own and when it escalates, and a stop condition the agent and the operator both understand. Every AI agent governance framework worth taking seriously is, structurally, attempting to reconstruct one or more of these elements. The Rule of Two is a containment patch where doctrine should be. The autonomy levels are a vocabulary where escalation criteria should be. The risk triad is a triage tool where commander’s intent should already have answered.

The patches are useful. They are not the system. The system is the doctrine.

So when you next set the autonomy level on an agent in your own program, the question is not whether Level 2 or Level 3 is more appropriate to the use case. The question is whether you have written the commander’s intent the agent will be operating under, calibrated its judgment against the operational reality it will face, defined the conditions under which it should escalate rather than act, and built the stop condition that allows you, or the agent, to halt before the cavalry rides into the wrong valley.

If the answer is no, the autonomy level is academic. Both the Prussians and the British Light Brigade were set to Level 5 the moment they were set off. Only one survived.

Walk any cybersecurity, privacy, or compliance conference floor and the pitch is identical at every booth: data mapping automated, plug it in, GDPR handled. None of those vendors are telling you the truth. The lie is structural to the product.

I have done the walk for the last several years. The scene runs the same way every time. A salesperson opens with the platform’s automation story. I press on what the tool actually does. Within two minutes, the salesperson tags in an engineer, and within five, the engineer concedes the part that the marketing was working hard to obscure: the platform automates discovery of data at rest. Where it sits. What database, what bucket, what file system. That is the entire automation surface. Everything else, the why and the how and the legal basis and the retention rationale and the third-party dependencies, gets sent to your stakeholders as a questionnaire.

The honest newer vendors say this on the booth signage. They pay for the honesty in their sales, and they know it. The legacy vendors will not say it. They will give you a four-hour demo to avoid saying it.

So this is what your team actually purchased. Not automation. A prettier questionnaire. The workflow becomes: download the CSV, update it in Excel, reupload it to the tool, watch the dashboard turn green, write a check. The tool’s contribution is the dashboard. Yours is the work. The line item on the invoice does not reflect the split.

The automation handles where data sits. It cannot touch why, how, or what. Those are the questions regulators care about. Those are the questions the platform cannot answer. Those are the questions someone in your business has to sit down and answer manually, every cycle, forever.

Camus has a name for this kind of move. The leap. You face a hard truth: the manual labor is permanent, and someone in your business has to own it. Rather than confront that, you escape into a comforting fiction. The procurement decision is the escape. “We bought a tool” closes the conversation without answering the question.

The manual component is ineliminable. Someone will always have to answer those questions. The real question, the one this article is about, is who absorbs that labor and how. Your compliance team can distribute it as a tax on the business, or it can architect itself to absorb it as a service. One earns avoidance. The other earns the relationships, the executive trust, and the stakeholders who message you about a new system before they sign the contract. The vendor cannot make that choice for you. The vendor is, structurally, incapable of caring which one you pick.

Compliance Is Not on Their Annual Review

That burden routes to your stakeholders. The pattern is the same across a hundred of them and hundreds of systems. The questionnaire goes out. The first reminder goes out a week later. The second goes out the week after that. The past-due reminder gets escalated to the stakeholder’s manager. By the time the responses come in, most are filled out at the last minute, several are incomplete, and the team has spent more cycles chasing answers than it would have spent answering them.

This is what compliance interrogation actually looks like. Not adversarial. Not dramatic. Just slow. Stakeholders ignore the questionnaire because they have their own KPIs, their own deadlines, and their own bosses. Compliance is not on their personal annual review. The finance executive is reviewed on fiscal reporting. The engineer is reviewed on shipped systems. The operations lead is reviewed on uptime. The data inventory questionnaire is reviewed by no one until you escalate.

Then there is the contradiction that the compliance team lives inside. Legal pushes for the data map to be done more frequently. Executives push back that the process is slowing the business down. Both directions are coming from the same building. The compliance team is the body that contradiction lives inside, the part of the org tasked with simultaneously increasing the cadence of the work and reducing the cost of it.

The result, viewed from the stakeholder’s chair: a team that periodically drops in with a long form, a tight deadline, and a tone that implies non-completion is a compliance failure. The result, viewed from the compliance team’s chair: a calendar full of follow-ups, escalations, and meetings about why the process keeps not working.

The instinct is to blame the stakeholders. It comes from somewhere real: the team cares about the work, and you find yourself thinking, “why do they not care?” Functionally, the instinct is still wrong. The questionnaire model is a design that asks the person least motivated to fill it out to carry the entire cognitive and time burden of the activity. Of course it stalls. Of course it gets resented. Of course the compliance team gets viewed as a tax. The model was built to produce that result and is producing it on schedule.

This is a design problem, not a people problem. The tool you bought will not fix it.

Compliance as a Service, Not a Tax

The diagnosis is that the questionnaire model puts the heaviest cognitive load on the people least motivated to carry it, the platform cannot fix that, and the program ends up resented and slow. Better questionnaires, kinder tones, and smarter vendors all leave the model intact. The fix is structural: change what the compliance team is, not what it does.

There is a useful concept from IT service management. The principle, in plain language, is that an internal service provider’s job is to absorb the costs and risks of the work it owns, not to redistribute them across the rest of the organization. If your IT helpdesk made every employee triage their own tickets and document the fix before getting help, you would not call that a service. You would call it a tax.

Compliance has been operating on the tax model. Send the questionnaire. Wait. Escalate. Wait. Compile. The cost lives with the stakeholder. The compliance team’s contribution is enforcement of a deadline. That is tax collection wearing a service badge.

The shift is to invert the default. Instead of “here is our questionnaire, please complete it,” the posture becomes “here is what I already know about your system. Verify it. Tell me what only you can tell me.” The compliance team does the pre-work. It reads the architecture diagrams, the vendor website, the vendor contracts, and the wiki pages that stakeholders forgot they wrote. They walk into the conversation already 70 percent right and ask the stakeholder to correct, supplement, and confirm.

What the compliance team is doing, in this model, is minimizing the stakeholder’s surface area of effort down to the ineliminable layer: the system knowledge that only that person has. Everything else, the team absorbs. The risks of the work get owned by the people who own the function. The costs get absorbed by the team whose job it is to absorb them.

What changes is the architecture, not the etiquette. The team stops behaving like a regulator inside the building and starts behaving like a partner. The distinction determines whether the program earns trust or avoidance. It also determines whether executives view the team as a cost center or as the function that quietly clears compliance risk off the business’s plate.

Halve the Response Time

The reframe is not theoretical. When I applied it to my annual data mapping cycle, response time across 80 stakeholders and hundreds of systems dropped by half. Same scope, same regulatory ask, same humans, different posture.

The first move was to ask the stakeholders what was actually slowing them down. The pain point was not the questionnaire itself. It was that the questionnaire arrived as one document to one stakeholder, who then had to relay it sideways through their own team to gather pieces of the answer. The compliance team had collapsed five sub-jobs into one and handed it to the wrong person. The fix was to reorganize the data map by team so a stakeholder’s group could work on it collaboratively without one person being the bottleneck. The questionnaire became a shared team document instead of a forwarded email.

The second move was translation. The original questionnaire was legalistic, laden with the kind of language that exists to satisfy regulators and to terrify stakeholders. We replaced it with a clear procedure that explained what was needed, why, and what counted as a sufficient answer.

The third move was meeting stakeholders where they were already working. Teams chat for the quick clarifications, email for the formal record, scheduled meetings when the stakeholder wanted a time-bound walkthrough. We stopped acting like a project management office and started acting like a service desk that knew its customers’ calendars.

The flip showed up about six months in. A marketing lead reached out unprompted to flag a new system the team was about to spin up. He wanted to get ahead of any compliance issues before the contract closed, not after. He valued the subject-matter expertise. The team valued the early notice. There was no escalation, no follow-up cycle, no chasing. The conversation took 30 minutes. Both sides left with what they needed.

That is what executive trust looks like at the operating layer. It does not arrive through a slide deck or a maturity scorecard. It arrives when a marketing lead, a finance director, or a head of engineering decides on their own initiative that bringing the compliance team in early is faster than doing it later. When that happens at one stakeholder, it is a coincidence. When it happens at five, it is a pattern. When it happens reliably, it compounds: the team gets resources, gets a seat at the table, and gets proactive disclosures instead of defensive ones.

The mechanics are not exotic. Pre-populate what you can. Translate the questionnaire. Reorganize around how the business already works. Meet stakeholders in their tools. None of it is a software purchase. All of it is posture.

By Intent or By Inertia

The fix is architectural, not interpersonal.

What changes is where the compliance team sits, architecturally, relative to the business. A program that absorbs burden earns trust and gets treated as a business enabler. A program that distributes burden earns avoidance and gets treated as the obstacle holding everyone else back. Same regulatory load, same stakeholders, same auditor. Different position in the org’s circulation.

Camus’s deeper argument, the one the publication is named after, runs further than the leap. In The Myth of Sisyphus, he wrote that the absurd is not the obstacle. The absurd is the gap between the human demand for meaning and the silence of the world. His response was lucidity. Refuse the leap. Refuse the comforting fiction. Push the boulder anyway, with full knowledge that it will roll back down, because the alternative is not transcendence. It is delusion.

The compliance version is structurally identical. The data map will need to be redone next year. The new system will get spun up six months from now. The regulators will add another framework. The boulder is going to roll back down. That is inevitable. What is not inevitable is whether your team is the one pushing it back up alone, in a doom loop of escalations and resentment, or the one the business sends people to before they pick it up.

The vendor pitch is the leap. It lets you avoid the question of who owns the labor. The questionnaire-as-tax model is a smaller leap, the one where the team pretends that distributing the work counts as absorbing it. The lucid version is to acknowledge that the manual labor is permanent and to architect the team around absorbing it openly. That is what “own it” means at the structural layer.

There is no version of this work that ends. There is only a choice about how the work is done and who feels the cost of it. Your compliance team can do what only it can do, so that the rest of your colleagues can do what only they can do. That is the meaning the work has, and it is the only meaning it needs.

Which leaves one question. Where does your program sit right now? Is that by intent, or by inertia?

My mission is to produce the contrarian, data and history-grounded analysis that the cybersecurity, privacy, and AI governance industries refuse to produce about themselves.

Who is Sisyphus Anyway?

Camus’s Sisyphus was a Corinthian king condemned by the gods to push a boulder up a mountain forever, watching it roll back each time he reached the top. His crime was hubris. He had cheated death twice, refused the limits of his condition, and the punishment was engineered to mirror the offense.

Camus took the myth and staged the dilemma it actually contains.

Sisyphus has three options.

He can despair, which Camus dismissed as cowardice.

He can take the leap, where the absurd labor gets reinterpreted as part of some higher plan that redeems it.

Or he can choose lucidity, with full consciousness of the absurd condition and continue the work anyway in rebellion.

Camus’s closing line is that one must imagine Sisyphus happy.

It is the claim that the lucid worker has already won the only victory available, because the alternative is delusion dressed up as meaning.

Compliance, privacy, and security work face the same dilemma in lower-stakes clothing. The data map gets redone next year. The model hallucinates. The breach happens anyway. The certification did not prevent it. The boulder is back at the bottom.

The industry sells the leap at every conference booth. Certification as security. Automation as governance. Framework as outcome. Each is a comforting fiction that lets the practitioner avoid looking at the structure of the work directly.

The name of this publication is its thesis. The work is structurally Sisyphean. The only honest response is to push the rock lucidly rather than to pretend the leap delivers what it promises.

Why Subscribe?

1. Contrarian-evidence essays on the consensus positions inside cybersecurity, privacy, and AI governance, written from inside the work rather than from the consultant’s chair.

2. Interdisciplinary analysis by default. History, political economy, and finance applied to current cyber, privacy, and AI problems.

3. Coffee-read length, deliberate substance. Written to fit between meetings and reward a second read.

4. Cognitive prompts to improve your program before standup. Written for leaders making high-level decisions and looking for meaning in the doing.

5. No motivational filler, no buzzwords, no posturing. No vendor marketing dressed as thought leadership, no generic news regurgitation.

Who This Is For

This publication is for practitioners tired of pretending the system works.

For those who seek lucidity and rebellion to build a better system.

For the reader looking for meaning in the work, who wants something more substantial than another LinkedIn carousel.

This is especially true for:

• Cybersecurity, GRC, and IT risk leaders

• Privacy professionals

• AI governance leaders

• Vendor risk managers

• Auditors and assessors

• Lawyers, policymakers, and consultants in tech regulation

• Finance, history, or political economy readers applying their lens to cyber, privacy, and AI

Who I Am

I am a Cyber Risk Engineer with six years of operational experience inside the privacy, risk, and compliance function of a large enterprise environment.

I hold the CIPM, CIPT, SecAI+, Security+, and ITIL v4 Foundation certifications.

I focus on IT-business alignment, value delivery, and risk management as a service.

The job is to enable the business, not just check boxes.

Why I Am Doing This

The content economy in this field is dominated by vendor marketing dressed as thought leadership and influencer summaries dressed as analysis. The middle layer, the one that argues seriously against the consensus from inside the work, is thin.

I am writing the publication I wanted to read and could not find.

I read philosophy because the questions do not go away, and economics because the answers refuse to stay still.

This newsletter is the writing the day job teaches but does not print: the patterns, contradictions, and historical parallels you notice when you spend years working inside systems built to resist coherence.

What To Expect Next

Articles will run across AI governance, vendor risk, privacy compliance, cybersecurity program design, and the historical and economic parallels that make the current debates legible.

The publication will adapt as I learn what reads, what lands, and what readers push back on. The substance will not.

Subscribe if that sounds like work you can recognize.

This is not a regulatory translation problem. It is a category error. The US framework treats personal data as a transactional asset whose movement triggers disclosure obligations. GDPR treats personal data as an extension of the individual whose dignity is constitutionally protected. The vendor produces one answer. Two doctrines hear two different things.

In 2019 I spent a semester at Aalto University in Helsinki. The Finns on the metro do not make small talk like Texans do; the first stranger I sat next to for six stops of silence I read as rude until I realized he was being polite. Nobody had legislated the silence. The privacy norm predated GDPR.

There are not three privacy regimes. There are three privacy philosophies, and one of them was always going to break the others on contact. What follows traces those three philosophies backward through their forks and forward through the four collisions where the fork is doing visible work right now.

The Vocabulary Trap

The standard story, taught in every IAPP exam study guide and reinforced by every comparative-privacy chart, is that the US, UK, and EU all care about privacy and have arrived at different regulatory implementations. The fragmented US sectoral patchwork is just America’s slower march toward what the EU has codified. The UK is a coordinated middle path. Everyone is converging, so the broad recommendation is to build to the highest standard: GDPR-style 30-day DSARs, opt-in defaults, and privacy-by-default.

What we actually see is the inverse: dark patterns, opt-out defaults, and interrogation sign-up flows that demand unnecessary PII to register for a product. No US law requires the questions to have a basis, so they do not.

The convergence story persists because two forces protect it. Compliance industry incentives favor an interoperable framework: if the laws are “mostly the same,” the consultancy can sell one playbook. Comparative charts tabulate mechanisms (notice, consent, DSARs) and collapse the philosophical layer underneath them.

False adequacy is not a theoretical problem.

Treating the three regimes as variations on a shared theme produces two failures.

First, vendor risk treats “GDPR-equivalent” as a checkbox and produces false adequacy. The vendor is not equivalent. The vendor is operating in a different jurisdiction with different background assumptions about what counts as a legitimate interest, what counts as a purpose limit, and what a regulator will tolerate. The questionnaire returns green for legal compliance. The underlying risk profile is not comparable.

Second, US companies wear the GDPR mask in public and the state-minimum face at home. The marketing posture claims the highest standard. The implementation segments by jurisdiction: GDPR controls for EU customers because opt-in defaults, marketing restrictions, and limits on selling personal data cost real money to honor; state-minimum controls for US customers because the lower bar lets the same company collect, market, and sell with fewer constraints. The highest-standard posture is theater for the vendor questionnaire. The cheaper standard is what the company actually runs.

The three regimes are not three implementations of one value. They are three inheritances that share a vocabulary and disagree on almost everything that vocabulary refers to.

Three Flags, One Vocabulary

Surveying the three regimes in 2026 produces three regulatory tables that look like translations of each other and three sentiment cultures that are not.

The legal text converges.

• EU. GDPR (2018), the Charter of Fundamental Rights as constitutional anchor, twenty-seven member-state implementations layered with national statutes. Citizen recording in public is presumptively regulated absent mitigation. The EU AI Act extends the codification reflex to AI.

• UK. UK GDPR, the Data Protection Act 2018, the Data Use and Access Act 2025, and residual common-law breach of confidence. The substantive bar tracks the EU with quiet post-Brexit drift. Recording neighbors or strangers triggers UK GDPR.

• US. No federal omnibus. Sectoral federal laws (HIPAA, GLBA, COPPA, FCRA, FERPA), plus a state patchwork that grew from CCPA (2018) to more than a dozen state laws by 2025. The First Amendment protects citizen recording almost absolutely.

The public does not.

Trust in government to protect personal data. Pew Research (October 2023) shows 71% of Americans worried about government use of their personal data, up from 64% in 2019. The OECD Trust Survey (2023) puts the OECD average at 52% who think public agencies will use their data only for legitimate purposes. The US is not in the OECD dataset, which is itself a finding.

Trust in private companies to protect personal data. YouGov’s Global Trust Tracker (March 2023) finds the US and UK are the most distrustful tech markets surveyed: 25% of Americans and 25% of Britons trust tech companies, with 63% and 61% expressing active distrust. The continental sample sits higher: Spain at 44% trust, Germany at 35%.

Comfort with public-space facial recognition, broken out by who is operating it.

The interesting bars. Americans accept private-sector facial recognition substantially more than state facial recognition: 53% versus 37%, a 16-point gap. The British show a smaller gap: 50% versus 42%. Germans accept neither at high rates and rate them roughly equivalently.

The American inheritance treats the state as the threat the framework was built to constrain and the private market as a place where consumer choice does the regulatory work. The catch is that the private cameras Americans accept are sold to the police they distrust; Flock, Clearview, and the data-broker pipeline turn the constitutional public/private distinction into a procurement diagram. The price of the data on one side and the companies' appetite for regulatory blowback on the other are the only barriers to government access. The constitutional architecture is doing none of the work. The German inheritance treats data-processing-at-scale as the threat regardless of who is doing it.

Three flags, named. EU: dignity. US: liberty against government. UK: confidence and restraint, with imported continental dignity rights layered on top. The substrate diverges precisely where the legal text claims to converge.

Where the Inheritances Come From

The Supreme Court reads original intent because the Constitution is a document with ancestors. Privacy doctrine has the same problem and almost none of the same discipline. The profession argues about the most recent regulation as if regulation were a starting point. It is a downstream artifact. As Goethe put it: “He who cannot draw on three thousand years is living from hand to mouth.”

The shared Roman inheritance. Roman law protected three personal interests through the actio iniuriarum: corpus (body), fama (reputation), dignitas (dignity). The domus was a legally protected space. The classical maxim “every person’s home is their safest refuge” predates Coke’s “every man’s home is his castle” by 1,400 years.

The methodological fork (1300 to 1775). The legal traditions split in method long before they split in privacy doctrine. From 1300 onward, the continent followed the ius commune: revived Roman law from Bologna, taught at universities, issued by sovereigns as written codes. England followed the common law: case-by-case judicial reasoning, statutes layered on top rather than replacing it. The continent wrote laws down. The English fought it out in court.

The English path produced specific case-law anchors. Coke’s Semayne’s Case (1604) made the home a refuge: “the house of every one is to him as his castle and fortress.” Constitutional settlements (Petition of Right 1628, Habeas Corpus Act 1679, Bill of Rights 1689) layered protection of body and papers on top. Entick v Carrington (1765) voided the general warrant under which messengers had broken into John Entick’s home and seized his papers. The case became the direct ancestor of the US Fourth Amendment.

State surveillance ran in parallel on both sides of the Channel. The French Cabinet Noir and England’s Secret Office both opened, copied, and resealed mail. The English distinction was not the absence of surveillance. It was judge-made doctrine constraining physical search of the home and a parliamentary mechanism that could occasionally expose the surveillance: Parliament discovered the Secret Office in 1742, and the 1844 Mazzini scandal led to its abolition.

SIDEBAR: Pitt the Elder, 1763

In a speech against the Cider Bill, William Pitt the Elder told Parliament: “The poorest man may in his cottage bid defiance to all the forces of the Crown. It may be frail, its roof may shake, the wind may blow through it, the storm may enter, the rain may enter, but the King of England cannot enter; all his force dares not cross the threshold of the ruined tenement.”

The American break (1791). The American Fourth Amendment constitutionalized the Wilkes-Entick doctrine after a colonial generation had personally watched it ignored: customs officers used Writs of Assistance (general warrants without particularity) throughout the 1760s and 1770s, and the colonists were excluded from the Wilkes and Entick fixes because they had no parliamentary representation. James Otis argued against the Writs in Boston in 1761; John Adams later wrote that “then and there the child Independence was born.” The American innovation was structural: making the protection bind Congress as well as the executive.

On the continent, the French Declaration of the Rights of Man (1789) treats liberty and property as natural rights with privacy implied; the Napoleonic Code (1804) follows the codification reflex. The UK continued as before, uninterrupted by the revolutions.

The substantive divergence (1830 to 1945). Mass-circulation press, photography, and telegraphy create privacy threats that no 18th-century framework anticipated. In the UK, Prince Albert v Strange (1849) establishes breach of confidence as a privacy doctrine: “privacy is the right invaded.” In the US, Warren and Brandeis publish “The Right to Privacy” in the 1890 Harvard Law Review, framing privacy as “the right to be let alone,” grounded in tort and intellectual property. In Germany, two photographers bribe a servant in 1898 and photograph Bismarck’s corpse hours after his death; their convictions produce Section 22 of the German Copyright Act (1907), establishing image rights as personality rights.

The 20th century stress-tests each tradition. Olmstead v United States (1928) holds that warrantless wiretapping does not violate the Fourth Amendment because there was no physical trespass. The Weimar Constitution (1919) elevates correspondence privacy to constitutional status in Article 117. The Reichstag Fire Decree suspended it within weeks of Hitler’s chancellorship in February 1933. The 1939 census uses IBM Hollerith punch cards to identify Jews by grandparent lineage. Every concentration camp operates a Hollerith department; every Jew becomes IBM number 8. The continental dignity tradition is destroyed at industrial scale by the very technologies the right of personality was designed to constrain.

Postwar reconstruction (1945 to today). The continental tradition rebuilds privacy as a constitutional dignity right through constitutions because the destruction is still recent. The Data Protection Directive (1995) and GDPR (2018) codify the doctrine into binding regulatory law with extraterritorial effect.

The American tradition generalizes slowly. Griswold v Connecticut (1965) finds privacy in the penumbras of the Bill of Rights, 174 years late. Katz v United States (1967) finally reverses Olmstead; Brandeis is vindicated 39 years late. Sectoral federal statutes accumulate. The PATRIOT Act Section 215 (2001) authorizes bulk metadata collection that runs for over a decade without constitutional pushback. The CCPA (2018) opens a state-level patchwork that does not replace the federal sectoral architecture.

The UK stacks. The Human Rights Act (1998) imports ECHR Article 8 into domestic law. Campbell v MGN Ltd (2004) creates a free-standing privacy tort. The Investigatory Powers Act (2016) codifies bulk-interception authority. The UK Data Use and Access Act (2025) accelerates divergence from EU GDPR.

By 2026, the three inheritances operate at full doctrinal distinction. US: property and tort, sectoral, fragmented, First Amendment as ceiling. Continental: dignity, constitutional, regulatory, extraterritorial. UK: confidence, optionality-rich, diverging from both EU and US in different directions on different questions.

Three Modern Collisions

Each modern controversy where US, UK, and EU privacy professionals talk past each other is a place where the historical fork is doing visible work. The three below cannot be reconciled by drafting better contracts.

Collision 1: The right to be forgotten meets the First Amendment. The Court of Justice of the European Union (CJEU) decided in 2014 (Google Spain) that search engines are data controllers and must delist some results on request. The reasoning runs through the dignity tradition: a person’s continuing self-presentation is part of personality, and outdated information that no longer reflects who they are can be ordered removed. The American framework rejects the doctrine flatly. Forcing a search engine to delist truthful information is compelled speech, and the First Amendment was settled 158 years before the modern dignity tradition was constitutionalized in postwar Germany. The line of free-press doctrine makes the structural incompatibility a matter of architecture, not interpretation.

Collision 2: Untargeted public-space surveillance and the Fourth Amendment that was not built for it. Flock Safety operates a national Automated License Plate Recognition (ALPR) network across US cities. As of 2026, US courts have largely held the cameras constitutional. Police can query historical plate-and-location data without a warrant. The Fourth Amendment was built around physical search and seizure; passive ambient surveillance falls into its blind spot. Carpenter v United States (2018) carved a narrow exception for cell-site location data, but the third-party doctrine still controls everything else. Under GDPR and UK GDPR, the same network is presumptively unlawful: pairing a plate with time and location creates a movement record of an identifiable individual, and Article 6 lawful-basis analysis, Article 35 DPIA, proportionality, and purpose limitation all kick in. Under the EU AI Act, mass-deployed ALPR for law enforcement falls into Annex III high-risk AI; combine ALPR with real-time facial recognition (which Flock has piloted), and the system enters Article 5(1)(h) prohibited territory.

Collision 3: Filming in public, American liberty meets European right to respect. The American framework is the First Amendment plus state-level privacy torts. Filming the police is constitutionally protected. Filming strangers in public is generally lawful. The American inheritance treats recording as a positive liberty. The European framework treats recording as a presumptive intrusion on personality. Continuous dashcam recording was held to violate German data protection law in 2018. Sharing footage requires blurring faces and plates. France treats unauthorized photography of identifiable individuals as a civil wrong. The American can record everything in public; the German cannot share what they recorded without redacting it. Both regimes are internally coherent. They speak different languages because they descend from different inheritances.

Understanding why the collisions are baked in is not the same as deciding which tradition is right. Each inheritance produces a real benefit, a real cost, and a real bill that someone has to pay. Compliance teams have spent two decades pretending the choice is neutral. The bill says otherwise.

Strengths, Weaknesses, Who Pays

EU: Dignity-rich, Business-friction. Residents have substantive, enforceable rights against both state and private actors. The constitutional anchor is durable. GDPR fines are real money. Regulatory drag on innovation is real, particularly for small and medium-sized enterprises. Businesses pay the compliance cost; residents collect the dignity dividend.

US: Liberty-rich, Surveillance-permissive. First Amendment protects speech, recording, and information flows in ways no European regime matches. Innovation pace and capital formation benefit. Passive surveillance of citizens by private actors and government is legally hard to constrain. The sectoral patchwork creates whack-a-mole compliance and gaps in coverage. Citizens pay the surveillance cost; businesses collect the speed dividend.

UK: Middle child, Compromising. A regime that can negotiate adequacy with both EU and US, with a common-law tradition that absorbs new doctrines incrementally. Multi-doctrinal foundation: breach of confidence plus imported ECHR Article 8 plus UK GDPR plus DUAA 2025 is four philosophies stacked. Businesses pay the uncertainty cost; residents get a workable but inelegant compromise.

An Absurd Privacy World

Privacy is not one shared standard. It is three inheritances with separate histories. The next time you debate privacy across borders, ask whether you are arguing about facts or about philosophical commitments your counterpart does not share. The job of a good privacy program is not to pretend that the inheritances are the same. It is to handle the absurdity of working across them with the discipline the work actually deserves.

References

• Genia Kostka, Léa Steinacker, and Miriam Meckel, “Between security and convenience: Facial recognition technology in the eyes of citizens in China, Germany, the United Kingdom, and the United States,” Public Understanding of Science 30, no. 6 (2021)

• OECD, “Survey on Drivers of Trust in Public Institutions, 2024 Results” (2023 fieldwork)

• Pew Research Center, “How Americans View Data Privacy” (October 2023)

• YouGov, “2022 vs 2023: Do global consumers trust tech companies with their personal data?” (March 2023)

My father was at BEA Systems when the dot-com layoffs came in 2002. He didn’t see it coming. He happened to land in a similar role elsewhere, same function, roughly the same level, thinking of it as a placeholder until something better opened up. It turned out to have room to grow, and he grew into it. He made it through.

That path was not available to everyone who needed it.

The dot-com bubble’s popping shrank tech employment by 17.8% between 2000 and 2004 (Federal Reserve Bank of St. Louis, 2017). The Great Recession cost the broader economy 9 million jobs and produced what labor economists call scarring: the persistent wage and career suppression experienced by workers who are displaced during a contraction, or who walk into a frozen labor market trying to start one (BLS, 2012). A graduating cohort that enters a hiring freeze doesn’t just delay its career. In many cases, it ends one.

The cybersecurity field, younger and numerically smaller in 2001 than it is today, absorbed the blast radius alongside the rest of IT. Then it recovered, not because companies invested in people but because demand eventually forced their hand.

The workers who survived the contractions were the ones who upskilled laterally: pivoting into adjacent roles, accumulating certifications while waiting for the market to open, holding on long enough to be needed again. The companies that benefited from the recovery were the same ones that had frozen hiring during the contraction. They did nothing. The market came to them, and they called the result a recovery.

That is not a success story. That is a description of how institutions avoid accountability while collecting the upside.

The pattern, stretched across decades, maps cleanly onto the business cycle.

Figure 1. The jobs gap across four recessions (1981, 1990, 2001, 2007–09). Adapted from Hershbein & Kearney (2017), The Hamilton Project, Brookings Institution.

Expansion produces demand for talent. Contraction produces a freeze. The freeze produces skills hoarding: organizations retain senior talent at the expense of developing junior talent, which looks like prudence until the senior cohort starts aging out. Crisis follows. The industry calls it a shortage. The shortage was the predictable outcome of a decision made a decade earlier.

We are in that pattern right now.

SIDEBAR: What “Scarring” Actually Means

Labor market scarring refers to the long-term wage and career penalties experienced by workers displaced mid-career by a contraction, or who enter the workforce during a recession. Research following Great Recession entrants found measurable earnings deficits persisting a decade after the event (Kahn, 2010). In cybersecurity, scarring compounds through a second mechanism: certification gatekeeping. A worker locked out during a hiring freeze often lacks both the income to pursue continuing education and the employer-sponsored access to practice environments. The cost of exclusion doesn’t stay flat. It grows.

The Pyramid Doesn’t Lie

13% of the cybersecurity workforce is 55 or older (ISC2, 2025). 48% falls in the 35-to-49 band: the people who built their careers in the 2000s and 2010s, when the field was still forming its identity and anyone willing to learn something was worth taking a chance on. Under-30 now only represents 8% of the profession.

The question is not whether there is a shortage today. The question is where the engineers come from in five to ten years, when the 55-plus cohort retires, and the field needs to replace not just their headcount but their institutional knowledge, their hard-won pattern recognition for when an incident is actually an incident, the organizational context that no certification teaches.

The vanguard built cybersecurity into what it is. They wrote the playbooks, ran the programs, and survived the contractions. They are not going to work forever. At some point, they get to retire. The question is whether anyone will be ready to take their seats.

The industry’s documented response to this structural reality falls into three categories:

Upskilling existing staff.

Acquiring existing talent from somewhere else.

Substituting with technology to offset the gap.

All three categories are about equal to each other in average adoption, 19 to 25% (ISC2, 2025). The field is splitting its attention roughly evenly between strategies with fundamentally different consequences, with no apparent awareness of the distinction.

The upskilling number deserves more scrutiny than it usually gets, because it is the only category that actually adds net new capability to the profession for technical and nontechnical alike. That includes the nontechnical skills that hiring managers prioritize: problem-solving, communication, and strategic thinking. Even there, no individual strategy breaks 28%. One in four organizations allows time for professional development. One in four promotes vendor training content. One in four allocates budget for internal programs. The best-performing approach to actually building the workforce the field says it needs reaches a quarter of organizations and stops. What are the other three quarters doing?

Pipelines are collectively necessary but individually irrational, so most organizations didn’t build them.

Existing talent acquisition is worth naming precisely for what it does: it moves existing talent between organizations without creating any. You poach someone from a competitor. Your gap closes. Their gap opens. The pool does not grow. At the aggregate level, acquisition is the tragedy of the commons dressed up as a hiring strategy, the commons being the educational pipeline that the profession stopped funding.

The substitution strategy carries its own contradiction. More than a quarter of hiring managers (27%) now require AI and machine learning competencies, capabilities that did not exist in any cybersecurity curriculum five years ago. The technology meant to substitute for missing humans requires a category of humans that the existing workforce was never trained to produce. You cannot acquire what no one is making, and you cannot substitute your way out of training people, because the substitution itself requires people you have not trained.

SIDEBAR: The Sell-the-Houses-To-Whom Problem

Ben Shapiro suggested that homeowners facing rising sea levels could simply sell their houses. The houses are underwater. The value is zero. There is nothing left to sell.

The cybersecurity pipeline faces its own flood. Certification gatekeeping and perfection-filtering have risen to the point that the entry-level position has lost its function. A candidate cannot be built into a cybersecurity career because the gates have closed. The firm that trains is the firm that gets poached. Most organizations stopped trying. When the 55-plus cohort retires, acquisition reaches its logical terminus: no one left to acquire.

Roughly one in eight organizations report they cannot find candidates with the skills they need (ISC2, 2025). After years of filtering for the perfect candidate and leaving the buildable-but-imperfect one to find a different career, the field has manufactured its own shortage through iterative rejection of its own future workforce.

Then there is the detail that closes the argument: 34% of organizations currently have promotion freezes (ISC2, 2025). Not only are they not hiring juniors. They are blocking the people already in the pipeline from moving up. Senior engineers who should be progressing to managers are stalled. Mid-levels who should be absorbing senior responsibilities cannot. Juniors who would learn from both aren’t being hired. The chain is frozen at every link, simultaneously, across a third of all organizations.

This is not a market failure. It is an institutional choice, replicated at scale, compounding annually.

The Recoveries That Worked Were Not Passive

Every general-purpose technology transition, from steam to electricity to computing, has produced a J-curve: short-term displacement, long-term net job creation. AI in cybersecurity sits on that same curve. The roles automated away in the next decade will be outnumbered by the roles created as threat surfaces expand, security programs scale, and organizations discover that AI tools still require human beings who understand the organizational terrain those tools are operating in. The curve is real. The landing point is not guaranteed.

The relevant nuance here comes from Dr. Jeffrey Ding, author of Technology and the Rise of Great Powers, whose analysis reframes how general-purpose technologies actually generate economic value. The value is not realized at the frontier, where the technology is invented or first demonstrated. It is realized through diffusion: the slow, unglamorous process of applying mature technology across existing industries at scale. The Watt steam engine was patented in 1769. British industrial productivity didn’t meaningfully accelerate until the 1830s, when manufacturers figured out how to apply it to textile mills, iron forges, and rail transport. The breakthrough wasn’t the invention. It was the adoption, decades later, by people doing boring operational work.

AI in cybersecurity is in the diffusion phase, not the breakthrough phase. The productivity gains will come not from the next frontier model, but from the organizations that figure out how to apply current capabilities consistently across their SOC operations, incident response workflows, and vendor risk programs. That diffusion requires human beings who understand both the technology and the context it’s operating in. Those people do not emerge from a hiring freeze and a recruiter search.

History offers instructive examples of industries that faced this problem and actually solved it.

The medieval guild system was, stripped of its romanticization, a machine for mandatory skills transfer (Epstein, 1998). A master craftsman took on an apprentice for seven years, not because it was convenient, but because the guild required it and because a master’s standing depended on producing qualified journeymen. The Hanseatic League trained merchant factors systematically, deploying them to trading kontors across Northern Europe with a level of institutional investment that would embarrass most corporate learning and development budgets (Dollinger, 1970). The pipeline was not optional. The knowledge transfer was structural. It worked because continuity of craft was treated as a collective obligation, not a single company’s discretionary expense.

The US railroad expansion of the mid-19th century encountered a cleaner version of the same problem: steam locomotive technology advanced faster than the supply of engineers qualified to operate it. The industry’s response was not to wait for the market to self-correct. The Brotherhood of Locomotive Engineers, formalized in 1863, built a structured progression from fireman to engineer: from coal-shoveler to operator, from manual labor to skilled judgment. The progression moved existing workers into the roles the industry needed (BLET). They built the supply because the alternative was a rail network operated by people who didn’t know what they were doing.

The Smith-Hughes Act of 1917 represents the federal government reaching the same conclusion on a national scale. A documented shortage of skilled industrial workers, produced by a manufacturing boom that outpaced the existing labor pool, prompted legislation funding vocational education programs. The fight over its design was itself instructive: industrialists wanted employer-controlled pipelines; the AFL under Samuel Gompers demanded publicly funded training that couldn’t be weaponized to suppress wages. Government and industry acknowledged, however reluctantly, that skilled machinists could not be conjured from a job posting. Someone had to build them.

The recoveries that failed look different. They look like the dot-com cohort and the recession cohort: a generation partially excluded, partially scarred, partially absorbed into adjacent fields. The talent that couldn’t break back in after a freeze didn’t disappear. It just stopped working in this field. The field absorbed the loss quietly, called it a shortage, and posted another job requisition requiring five years of experience for an entry-level role.

We are currently choosing which recovery we want.

What You Actually Owe This Field

The vanguard built this field. They survived the contractions, absorbed the recessions, and turned cybersecurity from a collection of paranoid network administrators into a profession with institutional standing. They earned the right to retire.

The question is not whether they leave. They will. The question is whether, on the way out, they extend the ladder or pull the rungs up behind them.

There are three concrete ways you can contribute to the solution:

1. Mentorship. You got in. Someone, somewhere, gave you a direction, a reference, or an honest conversation about what the field actually looked like from inside it. You do not need a formal program. You just need to be reachable. Answer the LinkedIn message. Take the informational call.

2. Internships. If you have hiring authority, create one internship pathway for a senior-year bachelor’s student or a career-pivoter with an existing technical background. One person who gets to say, “I got my start here.”

3. Showing up. Find your local university’s cybersecurity program or student chapter. Give a talk. Answer questions. You do not need a polished presentation. You need your experience and your willingness to describe what the work actually looks like. That conversation is worth more than another certification course, and it costs an evening.

References

References

• Brotherhood of Locomotive Engineers and Trainmen. (n.d.). *Our history*. https://blet.org/history/

• Ding, J. (2024). *Technology and the rise of great powers: How diffusion shapes economic competition*. Princeton University Press.

• Federal Reserve Bank of St. Louis. (2017, August 15). Tech employment returns to dot-com heights. *On the Economy Blog*. https://www.stlouisfed.org/on-the-economy/2017/august/tech-employment-returns-heights

• Hershbein, B., & Kearney, M. S. (2017, August 4). *The closing of the jobs gap: A decade of recession and recovery*. The Hamilton Project, Brookings Institution. https://www.brookings.edu/articles/the-closing-of-the-jobs-gap-a-decade-of-recession-and-recovery/

• ISC2. (2025). *2025 ISC2 cybersecurity workforce study*. https://www.isc2.org/Insights/2025/12/2025-ISC2-Cybersecurity-Workforce-Study

• Kahn, L. B. (2010). The long-term labor market consequences of graduating from college in a bad economy. *Labour Economics*, *17*(2), 303–316. https://doi.org/10.1016/j.labeco.2009.09.002

• U.S. Bureau of Labor Statistics. (2012). *The recession of 2007–2009* (BLS Spotlight on Statistics). U.S. Department of Labor. https://www.bls.gov/spotlight/2012/recession/