Sign up to save your podcasts
Or
Share S8E2 - When Ransomware Gets Real: Zach Lewis on Surviving a LockBit Attack
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
S8E2 - When Ransomware Gets Real: Zach Lewis on Surviving a LockBit Attack
What happens when a routine IT problem turns into a full-blown ransomware crisis?
In this episode of The Virtual CISO Moment, Greg Schaffer sits down with Zach Lewis, CIO, CISO, and author of Locked Up, to explore the reality of leading through a LockBit ransomware attack—without the benefit of hindsight.
Zach takes listeners inside the moment things went sideways: the rapid shift from disaster recovery to incident response, the pressure of board-level questions with incomplete information, and the difficult calls around communication, transparency, and timing. He shares what plans actually helped, what broke down under stress, and the lessons that only emerge when theory collides with a real adversary.
The conversation also explores why higher education is such a demanding environment for security leaders, how pragmatic controls beat “perfect” security in a crisis, and why storytelling—not frameworks alone—is essential for executive buy-in. Zach closes by reflecting on resilience, balance, and why stepping away from the keyboard is critical to surviving a long career in cybersecurity.
A candid, experience-driven episode for CISOs, vCISOs, and security leaders who want to know what ransomware response really looks like when it’s no longer hypothetical.
View all episodes
By Greg Schaffer
4.9
77 ratings
What happens when a routine IT problem turns into a full-blown ransomware crisis?
In this episode of The Virtual CISO Moment, Greg Schaffer sits down with Zach Lewis, CIO, CISO, and author of Locked Up, to explore the reality of leading through a LockBit ransomware attack—without the benefit of hindsight.
Zach takes listeners inside the moment things went sideways: the rapid shift from disaster recovery to incident response, the pressure of board-level questions with incomplete information, and the difficult calls around communication, transparency, and timing. He shares what plans actually helped, what broke down under stress, and the lessons that only emerge when theory collides with a real adversary.
The conversation also explores why higher education is such a demanding environment for security leaders, how pragmatic controls beat “perfect” security in a crisis, and why storytelling—not frameworks alone—is essential for executive buy-in. Zach closes by reflecting on resilience, balance, and why stepping away from the keyboard is critical to surviving a long career in cybersecurity.
A candid, experience-driven episode for CISOs, vCISOs, and security leaders who want to know what ransomware response really looks like when it’s no longer hypothetical.