Ransomware isn’t just malware anymore – it’s an industry.
There are org charts. SLAs. Affiliate programs. Help desks that sometimes treat “customers” better than we treat our users.

As a fractional CTO and early employee at Evernote and Spirit Airlines, I’ve spent years building legitimate high-growth tech companies – and years helping teams dig out from security incidents, phishing campaigns, and “how did that get clicked?” moments. What I’ve learned is uncomfortable: ransomware groups run themselves like frighteningly efficient startups.

In this session, we’ll flip the script and look at ransomware like a business case. We’ll break down how modern ransomware-as-a-service operations recruit, market, sell, support, and reinvest – and then steal their best patterns for defense.

You’ll leave with a practical, human-first playbook you can use back at the office: how to prioritize controls, how to design security training people actually remember, and how to run lightweight tabletop exercises so “we’ve been breached” isn’t the first time your team practices the response.

No scare tactics. Just a clear view of the industry you’re actually up against – and concrete steps to make your environment a much less attractive target.