What the All Souls Fellowship actually is
Oxford’s All Souls Fellowship is often called the “impossible exam.” Each year, a small group of top graduates faces four three-hour written papers—two specialist and two general—marked anonymously. Shortlisted candidates then defend their scripts in a 25-minute viva, a live oral examination where Fellows challenge their reasoning and press on weak points.
The questions are open-ended and uncoachable, ranging from “Should anonymous posting online be forbidden?” to “Do elections ever solve problems?” The exam doesn’t test recall. It tests judgment: framing, evidence, counterarguments, and the ability to repair under live challenge.
Why this model matters for security leaders
As a CSO or CISO, you sit in a unique bind. You face the C-suite and board with a constant stream of threats and uncertainties, but you rarely have complete answers. Meanwhile, AI and vendors can generate polished reports at scale. What they can’t deliver is real-time judgment under pressure.
The All Souls model offers a blueprint:
Breadth under uncertainty. Security leaders must scope, prioritize, and commit with incomplete data.
Depth without notes. You must demonstrate mastery in your domain—cyber incidents, insider threats, and physical protection—without relying on jargon.
Defense under scrutiny. Boards test not just your recommendations, but how you respond when your assumptions are attacked.
How CSOs and CISOs can apply the All Souls method
1) Frame every board item as an “exam question”
Avoid the 40-slide threat deck. Lead with one sharp prompt that forces a decision.
Cyber example: “Is our bigger risk over the next 12 months a single catastrophic ransomware event, or a steady rise in medium-severity breaches?”
Physical example: “Should we invest first in hardening data center perimeters, or in improving travel security protocols for executives?”
Give a one-sentence position, name two tradeoffs you accept, and ask the board for its strongest objection.
2) Balance specialism with generalism
Boards don’t live in the weeds. But they won’t trust you without domain depth. Deliver both.
Specialist rigor (your lens): “Our external attack surface has grown by 28%. Median dwell time on intrusions has dropped to 15 days. Access badge cloning attempts rose 40% in the past quarter.”
Generalist translation (their lens): “These trends directly affect brand trust, regulatory posture, and insurance pricing. If left unchecked, we expose shareholder value and employee safety.”
Always connect technical indicators to money, reputation, or trust.
3) Build a “viva” culture
The viva is adversarial but constructive. Invite the same spirit.
Say: “Here’s the plan—where do you see weaknesses?”
If the CFO pushes for cost savings, don’t get defensive. If a director questions a metric, tighten your definition. If the COO raises concerns about operational disruption, adapt the recommendation accordingly. Demonstrate your ability to repair in real-time. That gives the board confidence you’ll hold up under real-world crisis conditions.
4) Highlight judgment under ambiguity
All Souls thrives on unanswerable questions. Security leadership does too.
Cyber: “We don’t know if nation-state sanctions will escalate to target this vendor. Here are three scenarios and the triggers that shift us between them.”
Physical: “We can’t predict labor unrest exactly. Here are early-warning signals we track, and the pre-set escalation plan if thresholds are crossed.”
Boards don’t expect omniscience. They expect you to show how you’ll act without perfect information.
5) Treat counterarguments as assets
Anticipate objections from each function, state them fairly, then answer.
CFO: “This project adds $4M to opex.” → True. However, breach litigation in our sector averages $15 million per case. This is a volatility hedge.
CTO: “The patch cycle slows product release.” → Yes, but delaying patching extends attack exposure by 60 days. Customers notice outages more than delays.
COO: “Physical upgrades disrupt warehouse flow.” → Correct. However, downtime costs $ 200,000 per day. We’ve scheduled phased retrofits to minimize disruption.
You reduce friction by addressing objections upfront, rather than waiting to be cornered by them.
6) Practice “defense and repair” before the meeting
Don’t debut your reasoning cold. Rehearse like an All Souls candidate.
Draft a one-page pre-read.
Have a peer act as examiner for 20 minutes. They must tie every question to your own memo.
Force yourself to tighten one definition, replace one weak metric, and name one clearer tradeoff.
If you can repair under pressure in rehearsal, you’ll hold steady when directors probe.
Skeptic’s corner
“This favors charisma, not rigor.” Use a rubric, tie questions to your memo, and score repairs. Charisma without substance fails.
“This feels theatrical.” Anchor every question to the text you already provided. Record every change in an addendum. You measure decision quality, not performance.
“Breadth hides weak depth.” Insist on at least three hard specialist facts (dwell time, cost per breach, guard response rate) before general framing.
“AI can still script answers.” True for prepared remarks. Not true when questions tie directly to your own definitions, numbers, and plans.
All Souls–Style Prompts for CSOs & CISOs.
A curated set of the “impossible exam” questions transformed into CSO/CISO-relevant prompts that can be used to sharpen board and executive discussions. The goal is the same as All Souls: push leaders into defending a stance under ambiguity, trade-offs, and pressure.
Strategy & Global Risk
Original: What should the West learn from China?
Reframed: What should our enterprise learn from China’s integrated model of surveillance, cyber defense, and industrial security—and what should we avoid?
Original: Could the EU learn anything from the Roman Empire?
Reframed: Can modern enterprises learn resilience lessons from long-lived empires: centralized strength vs. distributed risk?
Original: What can we learn from Las Vegas?
Reframed: What can corporate security learn from casinos’ layered surveillance, deception detection, and resilience against insider threats?
Threat Environment & Technology
Original: Does Google know us better than we do?
Reframed: Do our external data brokers and adversaries know more about our employees than our own insider-threat program does?
Original: Are boycotts futile?
Reframed: Are security vendor blacklists and bans practical, or do they drive adversaries and suppliers underground?
Original: Why are conspiracy theories so enduring?
Reframed: Why do misinformation campaigns targeting employees endure despite training, and what cultural levers reduce susceptibility?
Original: Should we bring back woolly mammoths from the dead?
Reframed: Should enterprises “resurrect” legacy IT systems for continuity, or does doing so create unmanageable vulnerability debt?
Governance & Ethics
Original: Is dislike of politicians a sensible default position?
Reframed: Is distrust of security leadership healthy for accountability, or corrosive to resilience culture?
Original: When is charity wrong?
Reframed: When is transparency wrong—does oversharing vulnerabilities with the board or public create more risk than trust?
Original: Are consumers in search of bargains complicit in modern slavery?
Reframed: Are enterprises complicit in supply chain abuses when we choose cheaper but insecure vendors?
Original: Do we value our security too highly?
Reframed: At what point does security spending outpace ROI and erode shareholder value?
Crisis & Response
Original: Why hug a hoodie?
Reframed: Why should enterprises embrace “hoodie culture” (ethical hackers, red teams) instead of distrusting them?
Original: Why not uncivil disobedience?
Reframed: Should insider whistleblowing or employee walk-outs on ethical grounds be treated as a security risk, cultural signal, or both?
Original: What is the point of voting?
Reframed: What is the point of tabletop exercises if decision-makers always default to the CEO or General Counsel authority?
Original: Is ignorance bliss?
Reframed: Is it safer for boards to remain at a high-level view of cyber risk, or should they confront technical detail—even if overwhelming?
Culture & Human Factors
Original: Why teach poetry to children?
Reframed: Why teach security awareness to executives when AI can now detect many attacks automatically?
Original: What is a gift?
Reframed: What is trust in a security culture—is it a given, or must it consistently be earned and renewed?
Original: Are emotions irrational?
Reframed: Are fear and outrage irrational in security culture, or are they necessary drivers of vigilance?
Original: Compare a contemporary political leader to a character in mythology.
Reframed: Compare a recent breach response leader to a mythological archetype—hero, trickster, or martyr. What does that reveal about crisis leadership?
How to Use These in Practice
Pick one or two reframed questions for each board or exec session—no more.
Use them to sharpen discussions around specific decisions (e.g., investment, vendor choice, incident response posture).
Don’t aim for definitive answers. Aim to reveal judgment under stress—how leaders weigh uncertainty, tradeoffs, and principles.
Closing
As a CSO or CISO, your credibility comes from how you think under pressure, not how polished your slides are. The All Souls exam demonstrates a robust approach to evaluating judgment: open-ended questions, domain-specific rigor, precise translation, and live defense.
Bring that format into your boardroom. Do it once this quarter. If decisions come faster and trust runs higher, keep it. If not, tighten your prompts and the rubric until they do.