In this short conversation with WSJ Pro Cybersecurity  (hosted by Jackie Hunter ), John Childress shares a leadership lens on cyber security: why the real exposure is often human behaviour under pressure , and why cyber outcomes improve when leaders treat culture as a managed risk , not a slogan. Rather than staying in the weeds of tools and training, John focuses on the conditions  that shape everyday decisions — priorities, incentives, decision rules, and accountability — a

“United we stand, divided we fall” is a useful motto for cyber security—because the gap between technical controls  and enterprise risk  is usually where breaches get expensive. The strongest risk reduction I see in organisations isn’t a new tool; it’s a better working relationship between the CISO , the executive team , and the Board . Why the CISO–Board partnership matters When cyber oversight sits close to the Board, losses tend to be lower. No organisation can guarantee 1

Most organisations treat culture as something “soft”—until something hard happens: a failed transformation, a safety incident, a conduct breach, or a cyber event that should have been preventable. My view is simple: culture impacts business results, positively or negatively. There is no neutral culture. It either enables your strategic objectives—or quietly blocks them. And when strategy changes, culture has to change with it. An old culture that’s misaligned with a new strat