Steve Foster

Steve Foster has spent twenty-five years in Fortune 500 cybersecurity programs. The seven companies he has worked inside span healthcare, finance, manufacturing, retail, and federal contracting — sectors with materially different relationships to IT, to regulation, and to what they will spend on security. Additional engagements at federal contractors and at state and local governments rounded out a career-long vantage on what changes when the work moves between registers and what stays the same.

He currently leads security program work inside a Fortune 500 captive finance arm of an industrial manufacturer.

The seat the book is written from is one structural step out from the CISO chair. It is the seat that sees the security program from the program-management vantage rather than the executive vantage — the seat that watches what produces the working-version CISO and what selects against it, what produces the incident response and what produces the cascade that preceded it, what produces the architecture decision and what produces the displacement of the architect whose work didn't fit the system. From this vantage, the field's literature on cybersecurity leadership reads as written about the CISO seat rather than about the layer the security work actually flows through.

The Seat Behind the CISO is what that vantage produced when written down. The book documents patterns across seven F500 engagements: how the PMO sets the program's ceiling, how M&A drives the program's actual scope, how IAM holds the identity backbone, how a CISO seat is selected for or against, how an incident moves under recognition-primed decision-making, how the architect role is structurally under-resourced, how the contractor-FTE workforce shapes function-level sustainability, how registers shift when the work moves beyond F500-core, and how an AI cascade lands inside an organization already shaped by conditions before the model arrives.

The book is a pattern library written from inside the practitioner seat. It is not a how-to guide for the CISO career path. The chapter on the CISO seat is among the book's strongest, but the book reads the seat from the program-management vantage — what produces it and what selects against it — rather than as a credential-and-promotion playbook for aspiring CISOs.

The book holds organizational and individual identities generalized; engagements appear as a Fortune 500 hospital chain, a Fortune 500 captive finance arm of an industrial manufacturer, and similar framings. The technical and operational specifics are kept as they actually were: Splunk, CyberArk, Venafi, Mandiant, CrowdStrike, SAML, NIST CSF, NIST RMF, HIPAA, CIRCIA, the EU AI Act. The book's value to the practitioner reader depends on the operational specifics being recognizable; the privacy protection depends on the organizational identities being generalized. The two requirements served different anonymization decisions, and the book has tried to be deliberate about which is which.