What do you think about CISOs getting fired following a breach or major security incident?

It comes back to the culture and expectations of your CISO.  If CISO reporting show big green check marks and other wonderful attributes, and after the incident it was found that the CISO was negligent then replacement is in order.  In most cases the organization should understand risk, and if all agreed to risk then all are accountable.  You don’t fire a F1 driver because of a single crash- but if the F1 driver is crashing more often then finishing then you need to reconsider who is in the seat.

Security is always a concern. To fire a CISO following a major breach in security may or may not be justified. A thorough investigation needs to take place. There are many reasons for a breach and some are ultimately undependable. If every prudent measure was in place and working then you have to look at the situation differently.

Firing the CISOs for a breach almost works in opposition to your security posture because it makes it harder to focus on the things that matter more. The more time you spend on keeping everyone out and making sure that everything is as under control as possible from the outside in, the less time you spend thinking about detection, response, potential lateral movement, what could be taken, how you can block xFill, etc. There's a balancing act that needs to be brought back into it on a constant basis.