






















Welcome to the first Cloud CISO Perspectives for April 2026. Today, Thiébaut Meyer and Lia Wertheimer from Google Cloud’s Office of the CISO share Thiébaut’s conversation with Matt Rowe, chief security officer, Lloyds Banking Group, on how security leaders can simultaneously pursue technical and cultural resilience.
As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the Google Cloud blog. If you’re reading this on the website and you’d like to receive the email version, you can subscribe here.
By Thiébaut Meyer, Director, and Lia Wertheimer, Program Manager, Office of the CISO

In cybersecurity, we have long operated under a dangerous assumption: that the "always-on" nature of the role is a badge of honor. We treat the CISO as a biological shock absorber, expected to sustain high-performance output amidst a state of permanent volatility. But as the pace of change continues to accelerate, we are reaching a tipping point where this reliance on individual effort is no longer a sustainable strategy — it is a structural fragility.

To address the constant reactivity mode and the compounding demands placed on security leaders and their teams, we must move beyond a focus on personal grit and toward a dual mandate of resilience. This requires an honest look at where our technical structures and our human cultures intersect.
True resilience is more than a single initiative. It’s the intersection of two distinct disciplines:
When these two resilience strategies align, we move from a state of "chaos coordination to a sustainable operating model.
We sat down with Matt Rowe, chief security officer, Lloyds Banking Group, to explore how to pursue this alignment at a recent CISO Community event in Madrid. While our technical discussions at the event focused on shifting down the stack to manage sprawl, Matt offered a masterclass in the human side of the equation. We compared notes on how to scale these performance insights into a functional department that can endure the long game.
The following transcript has been lightly edited.
Thiébaut Meyer: We often talk about the CISO’s endurance as a personal burden to carry, but you’ve argued that we need to bake that resilience into the very fabric of the security function. In my view, high performance and resilience are inseparable — can you talk about how you see that relationship playing out in a high-stakes environment?

Matt Rowe: I couldn't agree more, Thiébaut. I see them as two sides of the same coin. This is a tough gig: The stakes are high and the pace is relentless.
There’s a Haitian proverb: "Behind the mountains, more mountains." In cybersecurity, that’s our daily reality. Resilience at the team level is about creating the conditions where people can keep climbing those mountains without losing their intrinsic motivation.
Thiébaut Meyer: I’ve observed a tug-of-war in our industry. We treat the CISO as a biological asset that must be ‘fueled’ for 24/7 performance, yet the mission often demands an unsustainable fusion of the leader’s identity with the role itself. How do you think we move toward a model where the organization, not the individual, is the shock absorber?
Matt Rowe: I think we need to have three things in balance: the needs of the individual, the needs of the team, and the needs of the company. While wellness is the engine, the team dialogue should be about how we get from good outcomes to great outcomes. We can’t just focus on the individual in a vacuum, we have to show how their unique strengths ladder up to the team's success.
Thiébaut Meyer: Like many CISOs, I’ve spent my fair share of time on that continuous treadmill where you feel there isn't a second to breathe. I’ve personally found that if we don't force a pause, the team will eventually break. How are you building that into your own operating model?
Matt Rowe: You have to artificially create moments of pause and recovery. Because the mountains are endless, the leader must set the cadence. We have to get people inspired to have great impact and create conditions where people are striving to do even better.
When there is more to do than time allows, the answer is disciplined prioritization. It’s an opportunity to get really good at saying "not now," so the team can focus on what actually moves the needle.
Thiébaut Meyer: I’m a firm believer that psychological safety isn't something you can just delegate. You have to model it yourself, especially when things go wrong. How do you approach modeling psychological safety at a large organization?
Matt Rowe: For me, it starts with transparency. People need to see me being challenged and observe how I react. It’s about making it obvious that being brave — speaking up, or questioning a process — is what we value. We have to create proof points where people who operate with psychological safety are seen as the role models.
Thiébaut Meyer: We’ve both seen the risks of security teams becoming silos or even fortresses against the rest of the organization. How do you ensure a resilient team remains a business enabler?
Matt Rowe: You have to embed the team’s objectives directly into business priorities. If the company’s mission is to provide lending to small businesses, our mission is to enable them to get those products to market faster and safely.
When the team sees themselves as stewards of the business mission, it changes the mindset from one of security versus the business to one of shared resilience.
Building a resilient organization is a continuous journey. As we navigate the mountains ahead, protecting our teams starts with protecting the people behind the roles.
While it’s a full house at Google Cloud Next in Las Vegas, you can still be part of the action by registering for a complimentary digital ticket to access select sessions.
Here are the latest updates, products, services, and resources from our security teams so far this month:
Please visit the Google Cloud blog for more security stories published this month.
Please visit the Google Cloud blog for more threat intelligence stories published this month.
To have our Cloud CISO Perspectives post delivered twice a month to your inbox, sign up for our newsletter. We’ll be back in a few weeks with more security-related updates from Google Cloud.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。