KBKAST Episode 358 Deep Dive: Lisa Black | How Leaders Survive Major System Failures
Date: March 11, 2026
Host: KBI.Media
Guest: Lisa Black, Director Public Sector at AON Nexus
Episode Overview
In this engaging episode, Lisa Black, a veteran leader of public sector operations and crisis management, uncovers what really happens when major organizational systems fail—particularly in the face of cyberattacks. Going beyond technical discussions, Black and the host dissect the human, organizational, and psychological factors influencing leadership under fire. Lisa delivers candid, experience-based advice for leaders navigating chaos, advocating for building muscle memory, cross-training, decisive communications, and breaking organizational silos. Controversial moments, media criticism, and the evolution of risk in the cyber landscape are all on the table.
Key Discussion Points & Insights
1. Misunderstanding Risk in Crisis (01:09–03:29)
-
Leadership Is Tested More Than Technology:
- Leaders, particularly CEOs with limited technical knowledge, often focus on the technology—but the real challenge is the rapid erosion of internal trust and decision-making integrity.
- Quote [01:49]:
“What’s actually more at risk is more personal. It's your ability to lead coherently under that pressure... most leaders underestimate how fast trust in your own organization erodes internally.” — Lisa Black
-
Attackers Exploit Confusion, Not Just Code:
- The psychological and organizational confusion is as dangerous, if not more, than the technical breach itself.
2. Embedding Risk Awareness – Making Crisis Practice the Fabric (03:29–05:45)
- Expect Disruption—Make Readiness a Culture:
- “It’s a matter of when, not if…” — readiness must be regular, organic, and pervasive.
- Realistic Drills:
- Avoid predictable, once-a-year tabletop exercises. Instead:
- Drill with no warning.
- Regular after-action reviews with real-world consequences highlighted (“introduce consequences instead of applause”).
- Recognize the legal, regulatory, and reputational stakes as teaching moments.
- Avoid predictable, once-a-year tabletop exercises. Instead:
3. Resilient Teams and Stress Testing Leadership (05:45–08:58)
-
Learning from Real Crisis Roles:
- Cross-disciplinary input refines outcomes.
- Quote [05:45]:
“If your cyber training is comfortable, it’s definitely lying to you.” — Lisa Black
-
Train for Discomfort:
- Force discomfort and prioritize decisions under pressure—mirrors real crisis situations where all facts are not available.
4. Cross-Training and Borrowed Resilience (09:46–10:49)
- Cross-Exposure Yields Better Judgment:
- Example: NYC mayor swapped senior leaders between departments to broaden perspectives and improve judgment under stress.
5. Rejecting “Checkbox” Crisis Exercises (10:49–12:58)
- Unpredictable, Holistic Training:
- Incorporate multiple, simultaneous crisis injects (e.g., a cyber attack during a power outage) to train for complex, layered reality.
- Focus on continuous improvement through a crisis management lens, not just HR.
6. The First 60 Minutes—Decisions that Shape Months (12:58–19:57)
-
Critical First Steps:
- Verify the incident: Is it real or a drill?
- Establish clear command structure.
- Set the right initial tone—calm, authoritative, and communicative.
- Assign clear roles and reporting lines (US’s NIMS structure as a model).
- Prioritize services (life and safety are paramount in public sector).
- Quote [13:32]:
“That first hour... shapes the next several months. It’s that tone that is set from the start that sets either the calm or the crisis.” — Lisa Black
-
Continuous Reassessment:
- Priorities must be reviewed and reordered as new realities emerge (e.g., financial controller’s urgent needs).
-
Cadence and Clarity in Communications:
- Set a clear, regular briefing schedule for internal and external stakeholders to fight panic and the rumor mill.
- Designate a single authoritative spokesperson.
7. Managing Criticism, Media, and Public Scrutiny (21:52–24:13)
- Monday Morning Quarterbacks Will Always Exist:
- “Everybody becomes a technical expert via Google search... The rumor mill is going to happen regardless.” — Lisa Black [22:49]
- Vendors, Politicians, Competitors:
- Multiple parties will try to exploit the crisis; tight, authoritative communications can mitigate their influence.
8. Communication—Walking the Legal and Empathetic Tightrope (25:33–32:44)
-
Trust is Fragile, Especially Internally:
- Organizations must support staff at all levels, acknowledge fear and exhaustion, and remember their own victim status.
- Quote [25:33]:
“Let’s not forget that they are actually the victim of a crime… That’s really hard for most people to understand.” — Lisa Black
-
Cadence Over Information Richness:
- Even if there’s “no update,” leaders should say so to maintain engagement and trust.
- Silence leads to panic; proactivity is key.
-
Legal Tensions:
- Lawyers often resist releasing details, but sometimes leadership must override them for transparency’s sake.
- Transparency must be balanced against security — don’t create a blueprint for attackers by over-disclosing technical details.
-
Media Education and Misinformation:
- Legacy media lacks specialized knowledge, which can lead to sensationalistic reporting and regulatory/banking repercussions.
- Quote [33:52]:
“There are real consequences to disinformation, right? ... Once this hit the media for us, I got a call from several of our creditors, and they want to put us on credit watch...” — Lisa Black
9. Overreliance on Technology—Returning to Basics (36:27–41:30)
-
Analog Skills Matter:
- When all systems go down, fallback to paper, phone trees, and other manual processes is crucial.
- Quote [37:08]:
“It’s not really about the data we lost, but more about the loss of ability to function. How do we still do our jobs without that technical spine?” — Lisa Black
-
Muscle Memory and Generational Gaps:
- Not only is there less memory for phone numbers and routes, but young staff may never have used legacy systems like fax or paper files.
- Organizations must proactively train for no-tech disruptions and resilience.
10. Workforce Renewal and Cognitive Resilience (41:30–43:14)
-
Building Prepared Minds:
- Resilience and judgment can be developed through leadership and organizational structure, not generational traits.
- Quote [41:30]:
“You train your employees. If you set those values from day one, that is incumbent upon the organization to do that.” — Lisa Black
-
No-Tech Disruption Exercises:
- Design exercises where all tech is lost — and see how teams respond.
11. Collaboration and the Year Ahead (43:14–45:37)
- Public-Private Partnerships:
- Silos between government and the private sector must be broken down.
- Real-time information sharing and diverse, collaborative decision-making are needed to elevate defense.
- Quote [43:32]:
“We have to do more with public private partnerships because that's what keeps everything going… the best consortiums I've ever been [in] have been collaborative.” — Lisa Black
12. Final Thoughts (45:37–46:26)
- Service and Advocacy:
- Lisa remains committed to helping government leaders and organizations ask better questions and build sound strategies for crisis readiness.
- Quote [45:42]:
“Helping government leaders across our nation and beyond to become more aware of the things that they can be asking and potentially less technical, even helping them make the right judgments and develop the right solutions, is something that I'm always really excited to do.” — Lisa Black
Notable Quotes
-
On Trust During Crisis:
“Most leaders underestimate how fast trust in your own organization erodes internally.” — Lisa Black [01:49] -
On Training for Crisis:
“If your cyber training is comfortable, it’s definitely lying to you.” — Lisa Black [05:45] -
On Communication:
“Silence creates panic… Even if there’s no update, that should still be an update.” — Paraphrase, Lisa Black [29:02] -
On Overreliance on Tech:
“How do we still do our jobs without that technical spine…? We had to return to 1990.” — Lisa Black [37:08] -
On Collaboration:
“The best consortiums I've ever been [in] have been collaborative… Having people in the room with diverse opinions… is always helpful.” — Lisa Black [43:32]
Memorable Moments & Timestamps
- [03:57] Drills: “Call everyone in on a random Tuesday and not let them prepare for it.”
- [05:45] Training discomfort: “If your cyber training is comfortable, it’s definitely lying to you.”
- [11:04] Crisis injects: “We wound up having a weather emergency… lost power, serving one and a half million people.”
- [13:32] First 60 minutes: “That first hour… shapes the next several months.”
- [22:49] Criticism: “Everybody becomes a technical expert via Google search.”
- [25:33] On being a victim: “Let’s not forget that they are actually the victim of a crime…”
- [29:02] Cadence of comms: “Even if there’s no update, that should still be an update.”
- [32:44] Media misinterpretation: “If someone creates a crazy headline… then this company or government is trying to correct those facts, which is actually detracting from the incident itself.”
- [37:08] Loss of tech: “We had the 911 operators on the phones or on the radios… over reliance on GPS or mapping, you know, a digital map…”
- [43:32] On collaboration: “We have to do more with public private partnerships… if we work together…”
Listener Takeaways
- Crisis leadership is a discipline, not a checklist item.
- Cross-training, surprise drills, and muscle memory are essential.
- Communication cadence is as important as substance during incidents.
- Expect perpetual public and media scrutiny—prepare accordingly.
- Overreliance on technology is a modern Achilles’ heel—prepare analog backups and train for them.
- Proactive, collaborative relationships between public and private sectors are the way forward.
“At the end of the day there are people that are working so hard or you know, in such genuine ways in most cases to restore services and really restore public's trust.”
— Lisa Black [25:33]
For more insights and leading-edge cybersecurity thought leadership, visit KBI Media.