In a major cyber incident—APT intrusion, insider sabotage, ransomware, or executive-targeted fraud—there’s one thing every CISO realizes fast: technical response is only half the battle. The real challenge is leading people, managing pressure, and making decisions that ripple from the war room to the boardroom.

This talk shares hard-won insights from hundreds of real-world cyber incidents, where I’ve worked alongside some of the best—and unfortunately, some of the worst—leaders in the industry. These events span finance, healthcare, SaaS, critical infrastructure, and more. In each case, it wasn’t just tools or timelines that defined the outcome—it was leadership.

At the core of this talk is the Crisis Command Framework: five high-impact behaviors that successful CISOs and security leaders apply in the heat of crisis:

Stabilize – Set the tone, regulate urgency, and create psychological safety

Prioritize – Cut through noise and sequence actions with clarity

Translate – Bridge technical realities to business, legal, and reputational risks

Own – Make confident decisions amid incomplete data

Restore – Lead post-incident recovery of trust, morale, and momentum

This isn’t theory. These are actionable, field-proven checkpoints you can use today to evaluate your incident readiness, shape team behavior, and elevate how you lead in critical moments. Attendees will receive a Crisis Leadership Cue Card—a tactical tool to anchor decision-making and communication during live incidents.