CISO Fantasy Phish Bowl 2025: Week 1. Game on!

I love cybersecurity. And I love fantasy football.

Turns out I’m not alone.

The NFL season kicked off last weekend. And for many of us, so did the road to the cybersecurity Super Bowl: Cyber Awareness Month 2025. From now through October, cybersecurity professionals take on the challenge of building champions, changing behavior, and influencing culture. October is our time to shine. (I'm very proud of this free toolkit we put together for ambitious security awareness leaders looking to pull off an engaging cyber awareness month campaign: download it now!)

What a great time to combine football and cyber.

Since 2021, I’ve been commissioner of the CISO Fantasy Phish Bowl League. It’s a blast. The league creates some excellent opportunities for thought leadership content from the best in the business—matched only by our Sunday trash talk (that em dash was mine, by the way. No prompts. No AI. Just pure keyboard breakdancing in a world of AI-generated running man).

Our league is made up of some of the top leaders in cybersecurity. This year’s roster includes Gary Hayslip Dr. Dustin Sachs DCS, CISSP, CCISO , Jerich Beason, Christina Shannon, Dina Mathers , Naomi Buckwalter , Dutch Schwartz , Dan Lohrmann , Ryan Boulais, Antonio Paolo Mecci, CISSP Stephanie Franklin-Thomas PhD, MBA, BA, CISA, NACD.DC . Past legends have included George Finney Katie Arrington

But there’s one notable absence: Shawn Bowen.

This year’s CISO Fantasy Phish Bowl is dedicated to Shawn’s memory. He was a truly unique cybersecurity leader, athlete, thinker, joker, and friend. Shawn was also one of the founding members of the Phish Bowl league back in 2021. We’ll miss him.

To honor his enduring memory, the 2025 trophy has been renamed The Shawn Bowen Memorial Phish Bowl Cup. Yes, this year's winner will get an actual, engraved Fish Bowl trophy.

Shawn left a mark everywhere he went—on the athletic fields, in the military, at the enterprises he secured, and yes, even in this crazy fantasy football league.

Everyone in the league names their team and shares their favorite NFL team, favorite player, and which athlete or coach they think would make the perfect CISO (with an explanation why). Shawn’s answers were just so… Shawn:

• Team Name: Brawndo Thirst Quencher (#idiocracy)
• Favorite Team: The other team.
• Favorite Player: Uncle Rico (if you need a hashtag for this, go watch Napoleon Dynamite immediately—and thank me later).
• The ideal CISO: Terry Tate, Office Linebacker. Ensuring compliance, one office tackle at a time.

I wish I knew him better. It turns out he really loved this crazy little Phish Bowl league. After I posted my condolences on LinkedIn, the one and only Dustin Sachs reached out and said he needed to be part of Phish Bowl 2025. Turns out he and Shawn had frequent VERY IMPORTANT MONDAY MORNING MEETINGS to discuss fantasy strategy.

Dustin is in. And he’s coming in hot, with a Week 1 victory over legend and founding league manager Gary Hayslip—plus some trash talk and thought leadership that would make Shawn proud.

I’m updating the Phish Bowl league page this year with weekly content. It’s sponsored by Hoxhunt, and our conversations naturally circle back to the human side of cybersecurity: leadership, communication, training, and cyber psychology.

If you want to follow the Road to the Shawn Bowen Memorial Phish Bowl 2025, bookmark the page. It’s under construction now but will be updated this week.

Draft Day Lessons: Risk vs. Reward (Week 1)

Headline moment: Naomi (“Two-Factor Authenti-Bacon”) blew up everyone's draft strategy (especially Jerich Beason's; the one year he doesn't take Josh Allen in the first round, this happens) by taking Josh Allen and Lamar Jackson in Rounds 2–3 after opening with Saquon Barkley. One manager called it “diabolical.” It was also… strategic.

In chess terms, Naomi removed two Queens from the board, then hoarded one. In fantasy terms, she created positional scarcity and trade leverage on Day 1, enabling her to build an asset's value to trade it for what was 60 seconds previously a higher-valued asset at RB or WRThe road to the CISO Fantasy Phish Bowl is long and winding. And full of cyber insights. Follow it here!. In cyber terms, it’s like cornering a critical control (identity, keys, or crown-jewel telemetry) so adversaries—and rivals—must deal with you on your terms.

What the move teaches CISOs about risk management

1. Scarcity is a strategy, not an accident. Most managers diversified: WRs (Chase, Jefferson, Nabers) and bell-cow RBs (CMC, Bijan). Naomi zagged, monopolizing elite dual-threat QBs—the one position that can swing a weekly outcome by 15–20 points. Cyber parallel: Owning scarce capabilities (high-fidelity detection, identity assurance, IR automation) changes boardroom bargaining power and attacker economics.
2. Optionality beats prediction. By Week 3–4, trade markets heat up. Naomi can flip Allen or Lamar for a premium WR/RB when someone gets desperate. Cyber parallel: Build optionality into your stack—APIs, automation hooks, and cross-training—so you can reallocate controls when the threat picture shifts.
3. Know your risk tolerance—and signal it. This was high-variance roster construction (boom at QB, patience at WR/RB). That tells the league—and your board—how you plan to win. Cyber parallel (George Finney’s ethos): don’t just chase the “sexy picks.” A championship program balances stars with the afterthoughts that win seasons: patching, backups, and drills. As Christina Shannon likes to remind us: you don’t notice the long snapper (backups) until you need one.

Draft board snapshots that matter

• Early WR run (Chase, Lamb, Jefferson, Nabers, Puka, Amon-Ra) pushed premium QBs into Naomi’s trap range.
• QB avalanche in Round 3 (Mahomes, Hurts, Stroud, Burrow) validated the scarcity play—prices rise after supply drops.
• Balanced builds (e.g., Chrissy’s Tigers with CMC → Davante → Breece → Hockenson) traded top-end QB upside for week-to-week floor—another valid risk profile.

Monday Morning CISO Playbook

• Create scarcity: Secure the few things attackers can’t easily replicate—identity integrity, high-quality telemetry, resilient backups.
• Buy optionality: Favor tools and processes that let you adapt to the changing environment (adaptive training, automated response, modular controls, cross-skill the bench).
• Balance variance: If you swing big in one domain (new AI detection), anchor with reliability picks (patch SLAs, IR tabletop cadence, restore tests).

Bottom line: Was Naomi’s move risky or brilliant? Yes. That’s the point: championship leaders don’t avoid risk; they price it, concentrate it where it pays, and hedge it everywhere else.

‍