John Sapp won more budget after a well-executed incident response backed by quantitative risk management
In this must watch episode of the CISO Confidential Podcast series, SAFE CEO Saket Modi learns how John Sapp, CISO at Texas Mutual Insurance Co., pulled his organization through a devious, multi-stage attack initiating at a foreign bank account to ultimately increase the reputation (and the budget) of his team.
Watch on demand the podcast of Saket’s conversation with John Sapp
Why Should You Watch?
Too often, a breach only erodes trust. John flipped the script — showing how transparent communication, measured confidence, and defensible, quantified insights turned a tense boardroom question — “How could you let this happen?” — into “What do you need to ensure it never happens again?”
Key Learnings from this CISO Confidential Podcast
After establishing the basic facts of the incident and activating your incident reponse plan…
Mobilize Allies Fast
How John lined up the foreign bank’s CISO, the Secret Service, the FBI, and his legal team — within hours — to ensure nothing fell through the cracks.
Protect the Response Legally
Why involving your General Counsel and activating incident response retainers early shields your team and buys you credibility when regulators come calling.
Communicate with Confidence
The internal comms playbook: when to inform your CEO, CFO, and board — and exactly what to tell them so they trust you’re in control.
Turn Crisis into Funding
How John used a clear, FAIR-based breakdown of what went wrong and what it would cost to fix — shifting budget conversations from reactive firefighting to proactive investment.
Why Automation + Quantification = Resilience
John shares how continuous, quantitative risk measurement reframed his team from cost center to risk advisor — earning buy-in that sticks.
As John tells the story, he was awakened by a late night call from an employee of his former company reporting suspicious activity on a South American bank account.
21 sleepless hours later, John had unraveled the attack and could report to his stakeholders. Their first reaction: “How could you let this happen?” But by then he could give a detailed account of the incident, both the human failures (social engineering) and the gaps in security processes and technology. They realized that security improvements he had been asking for “were not just cool things that I was going to play with but the means by which I would protect the organization” and approved an increased budget.
Equally important, “it really began the journey of understanding risk management within the organization” to deploy security from a quantitative point of view that business leadership understands.
Also in this podcast, Saket and John discuss:
- How to control the message in a crisis
- Importance of continuous, automated risk monitoring
- Value of FAIR-based, quantitative analysis for effective cyber risk management
SUBSCRIBE TO WEEKLY BLOG NEWSLETTER
SHARE THE PAGE
