How about these:

- CISOs aren’t actually officers of the company and are typically 2-3 levels below the actual officers

- CISOs only exist to have someone to deflect blame onto after the inevitable breach

- If a company actually cared about security they wouldn’t put it in a silo