Real-World Incident Response and Governance Under Pressure
Cybersecurity leader Kayla Williams shares firsthand lessons from responding to a privilege escalation incident that began as a small anomaly but revealed critical gaps in data lineage understanding and cross-team coordination. The discussion emphasizes how predefined incident response plans, tabletop exercises, and purple teaming created the muscle memory needed for effective response, while also exposing challenges like executive reluctance to escalate and incomplete visibility into how crown jewel data was distributed across the environment. Williams highlights the friction between security and engineering teams during incidents and the importance of establishing clear decision authority and trust before crises occur.
Data Classification and Lineage as Resilience Foundations
The incident revealed that the organization's crown jewel data was far more distributed than originally understood, impacting both resilience and recovery capabilities. Williams describes implementing granular data classification categories that went beyond traditional restricted/confidential labels to include geographic and regulatory context, such as client-data-government versus client-data-EU, enabling better compliance management and spillage detection. This approach, implemented before the rise of modern Data Security Posture Management (DSPM) tools, required manual effort but proved essential for understanding contractual obligations and regulatory requirements across different jurisdictions.
Ownership and Risk-Based Measurement for Resilience Programs
Williams argues that ownership is the single most important governance decision for resilience programs, requiring a clearly accountable executive before funding or roadmaps can be effective. She advocates for measuring resilience through Key Risk Indicators (KRIs) rather than traditional KPIs, focusing on how close threats came to causing impact rather than simply counting blocked attacks. The measurement approach begins with the administrative work of understanding business processes, data flows, third-party dependencies, and what constitutes crown jewels for each business unit, then uses purple team exercises to test technical controls and identify gaps that indicate vulnerability to lateral movement.
AI Governance Integration and Future Priorities
Looking ahead to 2026, Williams urges governance teams to stop making excuses about AI being too complex or outside their domain and instead integrate AI controls into existing risk management frameworks. She emphasizes that governance teams should become enablers rather than blockers by building AI control libraries and understanding the space proactively, reducing friction with engineering teams. The message is clear: organizations already manage numerous known unknowns in their environments, and AI should be treated as another risk domain to be governed systematically rather than avoided or delegated entirely to technical teams.
