Exactly my point - if he resigned quietly, the company would hire a "yes man" that exactly fits the profile I described. If he resigned loudly, he probably would be pretty unhireable, at least as another CISO.
In neither case do the customers at any company get the benefit of actual improved security.
In neither case do the customers at any company get the benefit of actual improved security.