Abhimanyu
अभिमन्यु
The One Who Entered the Unbreakable Formation and Made It Breakable
The Artwork — Abhimanyu stands at the entrance to the Chakravyuha — the Cyber Security Framework spiralling outward around him, the CISO Threat Intelligence Assessment active on the central panel. Seven great generals surround him. He entered knowing he could not exit. He held them for a full day. The great CISO builds the defence that costs the attacker more than it costs the defender.
Abhimanyu learned to break into the Chakravyuha — the spiralling, impenetrable military formation — while still in his mother's womb, listening to his father Arjuna explain it. He was never taught how to exit. He entered the unbreakable formation alone, on the thirteenth day of the war, against the greatest warriors in history — and he held it for a full day, from the inside, against seven simultaneous attackers, until he was overwhelmed. He was sixteen years old. The great Chief Information Security Officer is Abhimanyu: the one who knows every layer of the formation from the inside, who enters the threat landscape every day, and who holds it — alone, if necessary — against forces that are invariably larger, better-resourced, and more numerous.
The Chakravyuha was Drona's masterstroke: a seven-layered spiral military formation that rotated as it fought, making it impossible to penetrate from the outside and impossible to navigate from the inside without knowing the exit. Only three people on the Pandava side knew how to break in — Arjuna, Krishna, and young Abhimanyu. On the thirteenth day, Arjuna and Krishna were drawn to another front by a strategic deception. The Pandavas faced the Chakravyuha without anyone who could enter it — except Abhimanyu, who knew only how to enter, not how to exit.
Abhimanyu entered the Chakravyuha alone. He was supposed to be followed by the Pandava commanders who would hold open the passage behind him. Jayadratha, using a boon from Shiva, blocked every Pandava warrior from following — leaving Abhimanyu alone inside the formation against the greatest warriors of the Kaurava army: Drona, Karna, Ashwatthama, Kripacharya, Shalya, and Duryodhana himself. Six maharathis. Against a sixteen-year-old boy with no exit route. Abhimanyu held them for the entire day. When his bow was broken, he fought with his chariot wheel. When his chariot was destroyed, he fought on foot. He was finally overwhelmed only when all seven attacked simultaneously — a violation of the rules of war that has been condemned in every retelling of the Mahabharata.
The CISO's operating environment is the Chakravyuha. The organisation's attack surface is vast, multi-layered, constantly rotating, and filled with adversaries who know the formation at least as well as the defender does. The CISO enters it every day knowing that the exit — a state of complete, permanent security — does not exist. There is no such thing as a secured enterprise. There is only a CISO who has made the enterprise harder to breach than it is worth breaching, who has built detection capabilities that see the attacker before the attacker reaches the core, and who has built resilience mechanisms that ensure that when the breach happens — because it will happen — the organisation survives it.
Abhimanyu's defining quality was not his strength — many warriors were stronger. It was his refusal to be paralysed by the knowledge that he was inside an unwinnable situation. He had incomplete information (no exit knowledge), inadequate support (no allies inside), and overwhelming opposition (seven simultaneous attackers). He fought anyway — with complete technical brilliance, complete tactical creativity, and complete commitment to the mission of protecting the Pandava position for as long as he could. This is the essential character of the great CISO: not the one who claims they can prevent every breach, but the one who, when the breach begins, holds the line with everything they have, for as long as it takes.
शूरस्य पुत्रः शूरोऽसि सुभद्रायाः सुतस्तथा । पार्थस्य चापि पुत्रोऽसि किं त्वां शोचामि बालकम् ॥
Shuurasya putrah shuro'si subhadraayaah sutas tathaa, paarthasya chaapi putro'si kim tvaam shochaami baalakam.
“You are the son of a hero, and yourself a hero; you are the son of Subhadra, and the son of Arjuna. Why should I grieve for you, young one? You were born to face the unbreakable.”
— Mahabharata, Drona Parva — spoken of Abhimanyu after his fall
The Four Pillars That Define the Great CISO
Knowing the Formation From the Inside
Abhimanyu's advantage over every other Pandava warrior was not greater strength or greater speed — it was that he had learned the Chakravyuha from the inside, in the womb, absorbing Arjuna's explanation from a position of total immersion in the structure he would one day have to navigate. He knew the rotation of each layer, the position of each defender, the logic of the formation's design. This inside knowledge was what allowed him to penetrate it and hold it — because he was not trying to understand the formation while fighting inside it. He had already understood it before he entered.
The great CISO's most valuable quality is attacker-side knowledge: the ability to understand the organisation's vulnerabilities not from the defender's perspective — the asset register, the control framework, the audit findings — but from the attacker's perspective. How does this network look to a threat actor conducting reconnaissance? Which credentials, if compromised, provide the fastest path to the crown jewels? Which supplier relationship is the most exploitable entry point? The CISO who only knows the defence does not know the Chakravyuha. The CISO who thinks like the attacker knows every layer of the formation — and positions the defence accordingly.
Resilience Over Perfection
Abhimanyu did not enter the Chakravyuha expecting to win. He entered expecting to hold — to protect the Pandava position for as long as possible, at whatever cost, against whatever force was deployed against him. His objective was not victory; it was maximum resistance per unit of time. When his bow was destroyed, he picked up his chariot wheel. When his chariot was destroyed, he fought on foot. The resilience of his response — the ability to continue fighting effectively as each weapon was taken from him — was as important as the skill of his initial attack.
The CISO who promises the board that the organisation will never be breached is making a promise that no attacker has ever allowed anyone to keep. The great CISO promises something more valuable and more honest: that when the breach happens, the organisation will detect it faster, contain it more completely, recover from it more quickly, and learn from it more systematically than any comparable organisation. This is cyber resilience: not the prevention of all failure, but the minimisation of the consequence of each failure and the continuous improvement of detection, containment, and recovery capability. Abhimanyu's war was not the war of never being hit. It was the war of continuing to fight after every hit.
The Architecture of Layered Defence
The Chakravyuha's genius was its layers: seven rotating rings, each defended by a different set of warriors, each requiring a different approach to penetrate. Abhimanyu did not try to defeat all seven layers simultaneously. He penetrated them sequentially — using the knowledge of each layer's rotation to find the moment of vulnerability, breaking through at the right instant, and moving to the next layer before the defence could close behind him. His success against the formation was a function of his understanding of its layered architecture.
The great CISO builds defence in depth — the information security equivalent of the Chakravyuha's seven layers. Perimeter security. Identity and access management. Endpoint detection and response. Data loss prevention. Security information and event management. Zero-trust architecture. Each layer is designed to catch what the previous layer misses, and to raise the cost of the attacker's progress so that the breach that penetrates layer one fails at layer three, and the breach that penetrates layer three is detected and contained at layer five. No single control is sufficient. The architecture is the defence.
Operating Alone When Necessary
The most poignant dimension of Abhimanyu's story is his isolation: he entered a formation that required coordinated support, and the support was cut off by Jayadratha. He knew, within minutes of entering, that he was alone. He did not retreat. He did not wait for reinforcement. He continued the mission — adapting his tactics to the reality of operating without backup, holding the formation from inside with whatever he had, for as long as he could. This is the essential character test of the great defender: what do you do when the support you were promised does not arrive?
The CISO frequently operates in a version of Abhimanyu's isolation: the board approves the security budget after the breach, not before; the business units implement the security controls after the audit finding, not after the recommendation; the CEO is focused on growth and regards security investment as friction until the moment it is catastrophically insufficient. The great CISO builds the most effective defence possible within the resources actually available — not the resources theoretically justified — and simultaneously builds the board relationship and the business case that improves resourcing over time. They do not wait for perfect conditions. They defend with what they have, today, and work toward what they need, tomorrow.
How We Search for Your CISO
Gladwin International's Chief Information Security Officer practice is built on one truth that most CISO searches miss: the difference between a great CISO and an adequate one is not their certifications, their framework knowledge, or their technical depth — it is their ability to operate effectively under sustained adversarial pressure while simultaneously maintaining the board relationships, the business partnerships, and the organisational credibility that make security investment possible. Security is the only function where the measure of success is the absence of a visible event — and where the absence of that visible event is routinely interpreted as evidence that the investment is unnecessary. The great CISO thrives in this paradox: they build the case for investment by making the board viscerally understand the consequences of under-investment, without creating panic; they partner with the business by speaking the language of risk and consequence rather than the language of controls and compliance; and they build teams that can operate at Abhimanyu's level of intensity, under Abhimanyu's level of pressure, with Abhimanyu's level of preparedness. When we search for a CISO, we are looking for the one who has already been inside the Chakravyuha — who knows what the attack looks like from the inside, and who held it.
Abhimanyu fell. The Mahabharata does not pretend otherwise. He entered an unwinnable situation, held it for a full day with superhuman skill and absolute commitment, and was finally overwhelmed by a combination of superior numbers and a violation of the rules of engagement. What the Mahabharata makes clear is that his fall was not a failure — it was the most complete possible expression of what it means to defend something. The great CISO understands this. There will be breaches. There will be incidents that exceed the organisation's defensive capacity. There will be days when the Chakravyuha closes. The measure of the CISO is not whether they have prevented every attack — it is whether, on the day of the most serious attack, the organisation can say: we knew they were inside the formation, we slowed them at every layer, we contained the damage, we recovered, and we made the next attack cost more than the last. That is what Abhimanyu did. That is the Chief Information Security Officer Gladwin International will find for you.
Begin Your CISO Search
Every great CISO search starts with a conversation. Speak with our practice lead — confidentially, without obligation.