Director, Strategy & Architecture, Customer CISO Lee Roebig entered the field of cybersecurity at a young age, navigating a path fraught with challenges and steep learning curves. In this presentation, he revealed how an unlikely source of wisdom – a video game called Dark Souls – became a pivotal influence on his journey.
Drawing this parallel, he compared the punishing yet rewarding nature of Dark Souls to the realities of working in cybersecurity. Both demand perseverance, strategic problem-solving, and the courage to embrace discomfort in the face of failure.
Watch the full presentation below or read on to discover how Lee’s experiences and strategies have shaped his cybersecurity journey.
Challenges and Lessons From Dark Souls
For those unfamiliar, Dark Souls is a video game notorious for its difficulty, with guides or maps notably absent from the game. Its challenge lies in the idea that to succeed, players must “get good.” With complete freedom to explore, players face obstacles that require persistence and strategy to overcome.
Lee shared how Dark Souls has shaped his approach to both cybersecurity and leadership, stating, “Cybersecurity is the Dark Souls of tech-related fields.” He explained that the challenges in both realms are similar – there’s no easy mode, and leaders must be comfortable navigating uncertainty. The key to success lies in having a strategy, learning from failure, and asking for help when needed. Much like in Dark Souls, solutions are often at your fingertips, but overcoming challenges requires patience, resilience, and continuous learning.
Lee also emphasised the importance of managing one’s stamina and health – knowing when to rest at a bonfire – and facing difficult situations head-on. These lessons, he said, make you a better player and leader, turning the hardest moments into the most rewarding experiences.
Cybersecurity is the Dark Souls of tech related fields.
Lee Roebig


Lesson 1: Expect the Unexpected
Be prepared for unexpected questions or situations. For instance, walking into a boardroom and facing questions you weren’t ready for, whether business or technical. You might also experience breaches on your first day or week.

Lesson 2: If It Seems Impossible, You Might Be Doing It Wrong
If your tool isn’t effective, there’s probably a better solution. For example, rethinking network segmentation or web filtering methods to find a more effective approach.

Lesson 3: Look and Read Carefully Before Tackling a Challenge
Take a step back, think critically, and try approaching the problem from a new angle. A good example is security strategy innovation – attending industry events or speaking with vendors can provide fresh insights.

Lesson 4: Your Adversary’s Techniques Will Evolve
Don’t assume what works today will work tomorrow. Successful organisations regularly reassess their 3-5 year strategy and get new perspectives, often from adversarial angles, to stay ahead.

Lesson 5: Don’t Let Your Guard Down Until the Threat is Dealt With
After an incident, always look for related activity. Incident response best practices include containing, eradicating, and recovering the threat. Don’t overlook how other users may have been affected. Lee added that when it comes to risk mitigation, being proactive is key. It’s better to prevent problems before they even occur rather than react once an incident happens.

Lesson 6: Ask for Advice, Remember: You’re Not Alone
Seek advice from peers or industry events. Ask the tough questions – it’s okay to feel awkward, as you’re not alone in facing challenges.

Lesson 1: Expect the Unexpected
Be prepared for unexpected questions or situations. For instance, walking into a boardroom and facing questions you weren’t ready for, whether business or technical. You might also experience breaches on your first day or week.

Lesson 4: Your Adversary’s Techniques Will Evolve
Don’t assume what works today will work tomorrow. Successful organisations regularly reassess their 3-5 year strategy and get new perspectives, often from adversarial angles, to stay ahead.

Lesson 2: If It Seems Impossible, You Might Be Doing It Wrong
If your tool isn’t effective, there’s probably a better solution. For example, rethinking network segmentation or web filtering methods to find a more effective approach.

Lesson 5: Don’t Let Your Guard Down Until the Threat is Dealt With
After an incident, always look for related activity. Incident response best practices include containing, eradicating, and recovering the threat. Don’t overlook how other users may have been affected. Lee added that when it comes to risk mitigation, being proactive is key. It’s better to prevent problems before they even occur rather than react once an incident happens.

Lesson 3: Look and Read Carefully Before Tackling a Challenge
Take a step back, think critically, and try approaching the problem from a new angle. A good example is security strategy innovation – attending industry events or speaking with vendors can provide fresh insights.

Lesson 6: Ask for Advice, Remember: You’re Not Alone
Seek advice from peers or industry events. Ask the tough questions – it’s okay to feel awkward, as you’re not alone in facing challenges.
Dark Souls Lessons Learned
For Cyber Strategy:
- Overloading on heavy defences (in terms of cost and maintenance) can slow you down
- Preventative measures often outperform reactive damage control
- Having too much confidence in one shield can lead to your demise
- Implement controls with a strategy – know your adversary’s tactics
- If your tools aren’t effective, find better alternatives
For Cyber Leaders:
- Don’t judge a situation too early, there’s always a path forward with insights from other industries
- Gather the right information – research and learn from others
- If it seems impossible, you might be doing it wrong
- Avoid overconfidence; expect your defences to be tested
- Cybersecurity training (like Dark Souls stats) is helpful, but experience is what truly sharpens your skills
- Practice, plan ahead, and keep calm under pressure.
- Everyone starts somewhere – don’t hesitate to ask for advice.

For Lee, the biggest takeaway is simple: find comfort in discomfort, because the rewards are worth it.
He concluded with a few extra insights: not all advice is trustworthy, and not every piece of advice should be followed blindly. Instead, it’s important to build your own intuition and know how to “summon” the right people to help you when needed.

Lee Roebig
Director of Strategy & Architecture, Customer CISO, Sekuro
Lee is an experienced Cyber Security professional with 17+ years in the technology Industry. He has previously worked in cyber security leadership and architecture roles inside multiple global organisations prior to joining Sekuro. At Sekuro, Lee helps clients with Cyber security strategy, Zero Trust, Virtual CISO, mentorship, executive advisory and security architecture. He has worked with numerous clients on cyber security strategies across industries such as health, insurance, construction, manufacturing, leisure including multiple ASX listed companies.