Recent history has seen large changes in client expectations, executive views of investment required, and how security programs have matured. This is driven in part by increased client awareness and by evolving attacker methods. Zero trust methods are coming into play in how organizations are responding to some risks, as are “behavioral biometrics” that set a baseline for better authentication. Managing security, including in DevSecOps, means also managing friction, which can actually help speed up some processes. Going forward, organizations need to consider innovative approaches—such as password-less access—and managing legacy environments. What are the big rocks that need to be rolled over to make real progress? Progressing from a BISO role to a CISO to a CSO has introduced evolving challenges in protecting what exists, but also enabling the future in a safe way.We discuss how the worlds are converging and what it means for an organization.