As CISO of oneITz, Ward Spangenberg uses his natural curiosity and creativity for good. “I’ve always loved puzzles, and I really don’t look good in orange, so hacking for good made a lot more sense,” he quips.
From Mischief to Mission, Curiosity to Cybersecurity
With a desire to help people, Ward wanted to be a doctor, not a computer person. Hacking was a hobby: war-dialing the local bank, cracking copy protection to share games, and briefly “owning” the school network, which, to everyone’s relief, he never turned into a money-making scheme. “It was clever mischief, not a career plan,” he remarks.
His antics revealed both the flaws in systems and the potential to turn that skill toward building and protecting. Curiosity and fun evolved into meaningful impact. “Vulnerabilities aren’t just puzzles; they can threaten jobs, privacy, and trust. I turned that teenage ‘try it and see if it explodes’ energy into building guardrails that keep systems from actually exploding. Hacking became a method – test, learn, fix – and eventually a vocation, because the impact mattered more than the thrill,” he explains.
That mix of intellectual challenge and real-world consequence is what keeps Ward in the field. Today, his wins protect customers and colleagues, tying back to his desire to help people, “strangely wholesome for a career that began with dial tones and pirated floppy disks.”
A pivotal moment that shaped him was when threat intelligence revealed that Anonymous, the hacker conglomerate, was planning to target the company’s online properties over a holiday weekend. In a week, Ward pulled together a complete response: cross-team coordination, vendor management, patching gaps, tightening controls, the works.
“When the attack window finally opened, I remember literally shaking as the traffic started pouring in. But instead of chaos, everything held. We’d covered the bases so thoroughly that Anonymous couldn’t knock us over. They were left wondering what had happened, and we were left with a hard-earned sense of confidence,” Ward recalls.
That experience set the tone for Ward’s philosophy as a CISO: technology matters, but success comes from coordination, trust, and preparation. “A crisis isn’t won in the moment. It’s won in the days and weeks beforehand, when you bring people together and build the resilience to stand firm when the pressure hits,” he observes.
Pushing Limits to Build Stronger Systems
Ward’s role at oneITz is less like a classic CISO and more like “executive in residence who drinks coffee by the gallon and stress-tests systems and assumptions to build resilience.” His mornings usually start with a scan of security news and random scribbled overnight notes. His day splits into four buckets: advising customer leadership on risk and product strategy, reviewing programs and vendor deliverables, creating customer-facing content and policy artifacts, and actually building things.
“Yes, I still write code and spin up lab environments. One hour, I am in a conversation about risk tolerance and revenue enablement, the next I am neck-deep in a Terraform script or drafting a playbook,” Ward remarks. “I also spend a surprising amount of time translating; turning technical controls into business language for executives; executive priorities into concrete tasks for engineers.
With “insatiable curiosity” around new toys, he’s also an “avid user and occasional abuser” of AI, constantly poking at models to see what kind of trouble they might get them into and how they can be weaponized for productivity instead of chaos. “That keeps us honest and a little bit dangerous, in a good way,” he observes.
Ward’s day is equal parts strategy, hands-on building, content creation, and controlled experiments. “It’s messy, stimulating, and deeply effective. I don’t just tell teams what ‘good’ looks like; I show them, document it, and sometimes ship it myself,” he affirms.
“You have power over your mind, not outside events. Realize this, and you will find strength.” – Marcus Aurelius.
Finding Rhythm in Chaos and Curiosity
As someone who has a hard time sitting still, Ward believes that the world is in balance as long as he’s having fun, even if it looks chaotic from the outside. For him, cybersecurity is just one part of a very full orbit. “When I’m not advising or building, I’m coaching rugby, training for Hyroxs, tinkering with autonomous drones, or taking classes to keep learning. To me, it’s all the same rhythm: stay curious, keep moving, and invest energy in things that matter,” he shares.
Ward believes in a philosophy of balance through integration – staying energized by doing a lot of different things, each of which feeds the others. “Coaching sharpens my leadership. Training keeps me resilient. Building drones keeps me curious. Learning keeps me humble. That mix is what keeps me sane. Balance is not about dividing time evenly. It is about filling your life with things that make you better and help you enjoy the ride. If I can end the day tired, but happy and a little bit smarter, then that’s balance,” he elaborates.
“Think of your energy as if it’s expensive, as if it’s a luxury item. Not everyone can afford it.” – Taylor Swift.
Turning Learning into Lasting Cyber Impact
One of the things that Ward is most proud of is running an AI security lunch-and-learn that sparked a real cultural shift, turning curiosity into cyber awareness. He built simulation environments and hands-on hacking exercises so people could actually see attack paths and practice defenses, not just nod along to slides. He walked the team through real-world misuse scenarios and gave them sandboxed environments to experiment safely. The result was practical skills and less mystique around AI.
“Security isn’t about fear – it’s about enabling smarter use,” Ward explains. The team now confidently applies safe practices, advises clients, and frames security as an enabler rather than a barrier. This mix of teaching, tooling, and practice turned a single session into lasting momentum. Consultants left wanting more labs, sharper playbooks, and deeper dives. They could deliver better-informed designs and clearer approaches to clients navigating AI adoption.
“The win was simple,” Ward says. “We elevated confidence and curiosity across the team, which translates into stronger, safer solutions for the organizations we serve.” His efforts to make security approachable, visible, and practical include interactive sessions, real-world stories, and spotting weaknesses before they become problems. He insists that culture doesn’t grow out of compliance training or policy binders, but people seeing security as helpful, not restrictive.
Ward advocates for collaboration, ensuring consultants, engineers, and business leads are in the same conversations, “because security only works when people understand how their piece connects to the whole.” Cross-team trust allows them to bring the same model to clients. “Instead of parachuting in with rules, we show them how to build security into the way they already work. The result is not just awareness, but ownership,” he explains.
The Crucible That Shaped Leadership
Ward’s biggest career challenge was having his integrity questioned when he spoke up about practices that crossed a line, and he was told that security professionals don’t share what they saw. “The message was clear: if you call out problems, you put your career at risk. It was crushing. I lost my role, my reputation was questioned, and I was told I would never be a CISO again,” he admits.
A Boy Scout at heart, Ward believed in his actions. This experience made it clear to him that integrity is the bedrock of cybersecurity, and without it, you have nothing. He endured the personal and professional cost because protecting people and data meant more than comfort or titles. Rebuilding was not easy – he had to start over, prove himself, and earn back trust through action.
“In the end, it gave me a deeper sense of resilience and a clearer philosophy: a security leader’s first duty is to people and principles, even when it comes at personal cost. Today, I see that chapter not as the end, but as the crucible that reshaped me. It made me tougher, more empathetic, and more determined to model the kind of leadership that puts people and ethics first,” Ward reflects.
“Success is the ability to go from one failure to another with no loss of enthusiasm.” – Winston Churchill.
From Emerging Threats to Actionable Guidance
Noting that yesterday’s playbooks don’t apply in a consulting role, Ward invests time researching and testing emerging threats, especially AI, where the landscape is moving fastest. With equal parts curiosity and discipline, he pushes boundaries to tinker with models, see how they can break, how they can be abused, and translates those insights into guidance clients can use to build practical defenses.
At oneITz, Ward is taking these insights and turning them into sessions, labs, and playbooks that consultants can apply directly with clients. “The goal is to move quickly from theory to practice, so what I discover on Monday can shape the advice we give on Friday,” he notes.
Ward insists that when the stakes are high, the first rule is to strip out noise. “More data and dashboards don’t always help; they just slow you down. I focus on what matters: the risk, likelihood, impact, and real options,” he explains. “From there, clarity and communication are key. I make the call in plain terms and bring the right people along. Complexity is the enemy in a crisis – the simpler the framework, the faster and more confidently you act.”
At oneITz, Ward’s top priority is to turn research into practice, whether it’s graph security, AI sandbox, or something else entirely. He aims to stay ahead of the curve and package his insights into simulations, playbooks, and frameworks that consultants can use with clients right away. “We stay ahead of emerging technology by testing it in the real world, pushing limits, and showing customers how to build stronger, smarter, and more resilient systems,” he adds.
Ward’s other priority is cultural – a desire for oneITz to be known as the place where curiosity and integrity are the default settings; where consultants are encouraged to tinker, to question, and to bring new ideas to the table. “Security should feel like a source of confidence for our clients, not a roadblock, and that starts with how we work internally,” he remarks.
“The impediment to action advances action. What stands in the way becomes the way.” – Marcus Aurelius.
From Rugby Fields to Security Labs
Ward insists that CISOs have a responsibility to make security “less like a gated fortress and more like an open field where people can actually play.” Instead of making security as impossibly complex or hopelessly gatekept, the next generation needs real stories, real tools, and labs that they can break without fear of consequences. “Nobody learns from a 47-slide deck with speaker notes. They learn from wrestling with the problem and figuring it out themselves,” he declares.
Mentorship is central to Ward’s leadership style. He credits his growth to those who invested time in him and believes in paying it forward. “For me, it is less about formal programs and more about showing up, sharing experiences, and creating opportunities for others to step up,” he reflects. “At the end of the day, security leaders have to build more leaders. That is the only way the field grows stronger and more resilient.”
Coaching rugby at a technical college gives Ward the perfect overlap and test bed to teach resilience, anticipation, and trust – the exact qualities required in a SOC or an incident response team. At oneITz, he carries that philosophy into consulting, creating material that people can actually play with: labs, demos, code, and exercises they can use again later.
“The idea is to leave them with confidence, not just bullet points. If the next generation sees security as something they can touch, break, and improve, we’ll have done our job,” he affirms. “That might look like coaching rugby players who are also security students, reviewing resumes and running practice interviews, or giving my team something better than a slide deck: demos, code, and exercises they can actually use. Mentorship is about helping people see what they can do, giving them space to try it, and backing them up when it gets hard.”
Foundations Over Titles, Integrity Over All
Ward offers these sage words of advice to aspiring CISOs: Don’t chase the title. Build the foundation. Start with the technical side, but don’t stop there. Educate yourself constantly. Learn to communicate. Learn to write. Learn to speak. The job is not only about firewalls and frameworks, but translating risks into a language that executives, engineers, and customers all understand.
Never back down from challenges, and when they get the better of you, learn from them. That resilience will serve you as much as any certification. Relationships matter as much as controls. The best CISOs build trust across the table and use it to drive real change. Above all, hold on to your integrity. Technology will shift, threats will evolve, but your ability to make hard calls and stand by them is what defines you as a leader.
Conclusion
Ward Spangenberg aims to leave a legacy beyond slide decks and checklists – building real tools, labs, and mindsets that elevate how organizations approach security. He’s a leader who makes security tangible – something people can touch, play with, and ultimately trust.
