Drew Blandford-Williams Cybersecurity Professional, Boise, ID (2026)

04/29/2026

The Business of Protecting the Business
The most complex systems in the world rarely rest. They operate continuously—monitored, defended, and constantly adapting to new threats. Modern cities glow through the night, sustained by complex systems that demand constant vigilance.

One of the quiet truths of the digital economy is that cybersecurity is no longer just a technical concern; it’s a leadership issue.
For companies building and scaling technology, innovation moves fast. New platforms launch quickly, teams expand rapidly, and products evolve almost continuously.

But as organizations grow, so does their exposure to risk.

And over the past three decades working in cybersecurity and governance, I have found that one lesson has become increasingly clear:
Cybersecurity is ultimately about protecting the business itself.
It’s No Longer “If”—It’s “When”

For years, organizations debated whether a security breach might happen.

Today that debate is largely over.

In modern digital environments—where cloud infrastructure, AI models, APIs, and globally distributed systems are interconnected—it is no longer a matter of if an incident will occur.
The real question is: How prepared is the organization to identify it, contain it, and recover from it?

Companies that answer that question well treat cybersecurity not simply as a technical function, but as part of their governance and risk management strategy.

Security as a Business Discipline
The most resilient organizations understand that cybersecurity cannot live solely inside the IT department. It must be integrated into the way the company thinks about risk, growth, and operational resilience.

This is where governance becomes essential.
Strong governance ensures that cybersecurity strategy aligns with business priorities—whether protecting customer data, safeguarding intellectual property, or ensuring the reliability of platforms that thousands (or millions) of users depend on every day.

Frameworks such as the NIST Risk Management Framework and similar governance models provide a structured way to align security operations with business objectives.

At their core, these models emphasize a lifecycle approach to cyber defense.

One practical structure includes six foundational functions:
· Governance
· Identification
· Protection
· Detection
· Response
· Recovery

Together, these functions form the backbone of a mature cybersecurity posture.

Governance: Where Security Begins
Every effective cybersecurity program begins with governance.
Governance establishes accountability, defines roles and responsibilities, and ensures that security initiatives align with legal, regulatory, and operational expectations.

For technology companies—especially those operating in regulated environments or managing sensitive data—governance often intersects with frameworks such as:
· HIPAA
· PCI
· FedRAMP
· GDPR
· … And emerging AI governance requirements

But beyond compliance, governance ensures something even more important: alignment between security strategy and business strategy.

Identification: Understanding the Digital Landscape
Before an organization can protect its systems, it must first understand them.
—> What assets are most critical?
—> Where does sensitive data reside?
—> What systems support revenue generation or customer trust?

Asset visibility and risk identification form the starting point for every mature security program. Without that visibility, organizations often spend resources defending systems that are less critical while overlooking vulnerabilities that matter most.

Protection: Building the Defensive Layers
Protection involves implementing safeguards designed to limit the potential impact of an attack. These safeguards may include technical controls, identity management systems, secure architecture design, and security awareness training.

Technology plays a role—but culture plays a larger one. Because ultimately, cybersecurity is practiced by people.

Detection: Seeing the Problem Early
One of the defining characteristics of modern cyber defense is the importance of time.

The faster an organization detects suspicious activity, the greater the likelihood it can contain the event before significant damage occurs. Continuous monitoring, anomaly detection, and strong visibility into network behavior are essential components of a mature security program.

Detection is where many organizations either gain an advantage—or fall dangerously behind.

Response and Recovery
Even the most advanced organizations cannot prevent every incident, which is why response and recovery planning are critical components of cyber resilience.

Effective response capabilities allow organizations to contain incidents quickly. Recovery strategies restore operations, protect customers, and ensure that lessons learned from each incident strengthen the organization's defenses going forward.
In mature programs, every incident becomes a learning opportunity.

Cybersecurity in the Age of AI
Today’s technology companies are entering a new era shaped by artificial intelligence, automation, and globally interconnected platforms.

Innovation is accelerating. But so are the risks.

AI systems introduce entirely new governance challenges:
· How is training data protected?
· How are models monitored for manipulation?
· Who is accountable when automated decisions affect customers or markets?

These are not purely technical questions. They are governance and risk management questions—the kind that increasingly sit at the intersection of cybersecurity, leadership, and corporate responsibility.

Protecting the Business
At the end of the day, cybersecurity is not really about protecting technology.

It is about protecting trust. Trust from customers. Trust from investors. Trust from partners and markets.

Tech communities thrive because of innovation, entrepreneurship, and the willingness to build bold new ideas.

But sustainable innovation requires resilience. And resilience begins with leaders who understand that protecting the business is just as important as growing it.

As we approach America’s 250th anniversary, one leadership principle remains timeless: Strong institutions endure not because risk disappears, but because leaders learn how to manage it wisely.

04/14/2026

Leadership in an Age of Constant Disruption
One of the quiet truths of leadership—whether at sea, in government service, or in the technology industry—is that stability is usually temporary.
Systems evolve.
Threats evolve.
Markets shift.

And leaders who fail to adapt eventually discover that the environment has moved on without them.

More than two thousand years ago, the Greek philosopher Heraclitus observed that “the only constant in life is change.” In today’s digital economy, that observation has become less philosophical and far more operational.

In technology communities like Utah’s “Silicon Slopes” region, for example —where companies are scaling quickly, capital moves fast, and innovation cycles shorten every year—the pressure to adapt is constant.

Nowhere is that more evident than in the world of cybersecurity and critical infrastructure.
.. When Change Becomes a Security Issue
In the early days of the digital age, most organizations treated security as primarily a technical challenge.
Install the right tools…
Deploy the right firewalls…
Hire a few specialists…

But over time it became clear that technology alone cannot secure an organization.

Security is ultimately a leadership and governance challenge.
It requires aligning people, processes, and technology around a shared understanding of risk. Tools help. Leadership determines outcomes. And that alignment requires something many organizations struggle with effective change management.
.. Why Change Is Hard
Dr. John Kotter of Harvard Business School spent much of his career studying how organizations implement large-scale change.

His work revealed something many leaders intuitively recognize:
Even when change is necessary, organizations resist it.
Part of the resistance is cultural.
Part of it is psychological.

Behavioral economists often point to two forces at work:
• Status quo bias
— our natural preference to keep things the same.
• Loss aversion
— our tendency to fear losses more than we value potential gains.
Together, these instincts quietly stack the odds against transformation.

In cybersecurity, for example, that resistance can become dangerous. Because adversaries do not wait for organizational consensus.
.. Change and Operational Risk
In the cybersecurity world, the pace of change is relentless. New vulnerabilities emerge daily. Threat actors evolve their tactics constantly.

Entire categories of risk—particularly those surrounding artificial intelligence governance, model integrity, and data trust—are now emerging almost overnight.

For startups and rapidly scaling technology companies—many of which form the backbone of small development incubators and community technology ecosystems—the challenge is even greater.
Security, governance, and risk management must mature at the same time the company itself is growing.

Organizations that fail to adapt quickly enough often discover that their defenses were designed for yesterday’s problems. Which is why effective security leadership increasingly relies on adaptive change management.

Not change for its own sake—but disciplined adaptation
.. Building Momentum for Change
Kotter’s research identified several principles that help organizations successfully navigate transformation. When applied to cybersecurity and governance programs, those principles become powerful tools for strengthening resilience.

Every meaningful transformation requires someone willing to carry responsibility for driving change. They are often recognized as “Champions” of the effort.

In cybersecurity environments, this often means leaders who can bridge the gap between technical teams, executive leadership, and operational realities. The role is not simply technical expertise. It requires genuine leadership.
.. Establishing Operational Urgency
Organizations rarely change until they recognize the consequences of standing still. Sometimes that urgency arrives in the form of a breach or ransomware attack.

Other times it comes from leadership recognizing emerging risks before they become crises.

Either way, the objective is the same: Create a shared awareness that adaptation is necessary
..Creating Coalitions of Support
Comprehensive Risk Management efforts succeed when they move beyond the IT department.

Risk management requires collaboration across the enterprise:
• Engineering
• Legal
• Finance
• Operations
• Executive Leadership

The stronger the coalition, the stronger the organization’s ability to adapt.
.. Creating a Clear Vision
Technical change without strategic clarity often results in fragmented operational and risk management initiatives.

Effective leaders articulate a clear vision:
- What risks matter most?
- What assets must be protected?
- What level of resilience is required?

Within governance and risk management programs, that vision becomes the foundation for aligning controls, policies, and operational practices.
.. Small Wins Matter
One of the most underestimated aspects of change management is the importance of visible progress. Large transformations rarely occur overnight.

But small wins—improved asset visibility, stronger incident response processes, better governance frameworks—create momentum. They demonstrate progress.

And momentum, once established, can reshape organizational culture.

Anchoring Change into Culture

Ultimately, the goal of any risk management effort is not simply implementing tools or policies. It also requires creating a culture in which risk awareness becomes part of everyday decision-making.
When governance, security, and operational discipline become embedded in how an organization operates, change becomes less disruptive. These core tenets become part of the system itself.

Leadership in the Age of Risk

Over the past three decades, cybersecurity has evolved from a niche technical discipline within the field of “Information Management” into one of the defining leadership challenges of the digital economy.

Today, governance, risk management, and cybersecurity strategy are inseparable from how organizations build trust, protect innovation, and manage uncertainty. That reality will only accelerate as emerging technologies—particularly artificial intelligence—reshape the global technology landscape.

Technology sectors—like Silicon Slopes—have become known for speed, innovation, and entrepreneurial optimism. Those qualities are powerful engines for growth.

But sustaining that growth requires disciplined leadership, strong governance, and a clear understanding of risk.

The Leadership Equation
In the end, the equation is familiar.

• Strong leadership.
• Clear governance.
• Disciplined risk management.
• And a willingness to adapt when the environment changes.

Organizations that master those principles rarely stand still. They evolve.

And in an era defined by rapid innovation, that ability to adapt may be the most important competitive advantage of all.

Drew Blandford-Williams
U.S. Navy veteran | Cybersecurity Curmudgeon | Global Gypsy

04/07/2026

Leadership Beyond the Immediate Decision

Innovation rarely fails because people are careless.

It fails because organizations are afraid of iteration.

The environments that move fastest have something else in common.

I’ve spent time around Formula One tracks in several countries, and one thing becomes obvious very quickly. Today’s leaders—particularly those building companies and technologies in communities like Silicon Slopes—operate in environments where speed is often celebrated.

Move fast.
Build quickly.
Launch early.

There is real value in that mindset. Innovation often requires momentum, experimentation, and the willingness to act before every variable is perfectly understood.

But the discipline of leadership sometimes requires the opposite instinct.

The most effective leaders know when to slow down long enough to ask a deeper question: What problem are we actually solving—and what happens after we solve it?

Because every decision produces consequences beyond its immediate outcome—especially in environments where software, data, and increasingly artificial intelligence systems are making or influencing decisions at scale.

In military planning, this concept is often referred to as the second-order effect—the ripple of consequences that follow an action long after the initial decision has been executed.

The first-order result may be visible immediately.

The second-order effect emerges later—often in ways no one initially expected.

A Family Decision in 1915

In my own life, one of the most powerful examples of second-order effects began long before I was born.

In 1915, my grandparents left a small farming town in the boot-heel of Missouri—Hornersville—and moved north to Flint, Michigan to work for a young and rapidly growing company called Buick.

At the time, the American automobile industry was still in its infancy. Few people could have imagined how profoundly the automobile would reshape American culture, industry, and mobility in the century that followed.

But that single decision created a legacy within my family.

For the next four generations, the “Johnson boys” on my mother’s side of the family would each spend more than forty years working within the General Motors ecosystem. What began as an opportunity in a young manufacturing company became a family heritage built around engineering, machines, and the love of the automobile.

And somewhere along the way, that fascination became part of my own story.

The Long Road to Racing

Cars fascinated me from an early age.

Over time that fascination evolved into something more than appreciation—it became a lifelong passion for the engineering, performance, and culture surrounding high-performance machines. For more than thirty years I’ve had the opportunity to race Porsches and photograph motorsport events around the world.

Through a combination of military service, global travel, and photography, I eventually found myself standing behind the lens at some of the world’s most iconic racing venues:

Sepang International Circuit in Malaysia

Albert Park in Melbourne

Silverstone in the UK

Bahrain International Circuit in Sakhir

Laguna Seca in California

From that vantage point, I watched some of the greatest drivers in the sport—Sebastian Vettel, Lewis Hamilton, Max Verstappen, and the great Michael Schumacher—push the limits of engineering and human performance.

But Formula One is not simply about speed.

It’s about strategy.

A Moment at Turn One

One moment in Malaysia illustrated that perfectly.

During the 2013 Formula One race at Sepang, I was positioned near Turn One with a group of photographers as the field charged into the opening corner. Within seconds, Fernando Alonso clipped the rear of Sebastian Vettel’s Red Bull.

Alonso lost control almost instantly. His Ferrari veered off the track and into the gravel—directly toward the group of photographers.

Most of the photographers did the sensible thing: They ran.

But in that split second, I did what photographers sometimes do when instinct takes over.

I stayed—and kept shooting.

The Ferrari slid toward us, gravel and debris spraying into the air. I captured several frames of the moment—the chaos of the opening lap frozen in time.

Meanwhile, the race continued.

Despite the early collision, Vettel regained control and went on to win that day. From a racing perspective, it was just one moment in a race that would last nearly two hours.

But it illustrated a deeper truth: What happens in the first few seconds rarely determines the final outcome.

The real story unfolds over the next fifty laps.

Thinking Beyond the Immediate Move

Formula One teams understand something that applies equally well to leadership.

Speed alone does not determine success. What matters is how each decision shapes the events that follow.

In racing, engineers and strategists constantly ask:

How will this tire choice affect performance later?

What happens if conditions change mid-race?

Will an early move create advantage—or unintended constraint?

Every one of those decisions involves understanding second-order effects. The same principle applies to leadership—particularly in technology-driven organizations.

Today, decisions are no longer limited to product features or release timelines. They increasingly include:

how data is used

how algorithms behave

how AI systems make or influence decisions

how those decisions scale across users, markets, and infrastructure

Organizations often focus intensely on immediate results:

Launching the next product.

Closing the next investment round.

Shipping the next version of software.

Those actions address the first-order objective.

But great leaders ask a series of deeper questions:

What will this decision create next?

Will it open opportunity?

Will it introduce risk?

Will it scale safely?

Will it behave as intended under pressure—or in the hands of unexpected users?

In today’s environment, technology doesn’t just execute decisions—it amplifies them.

The Long Horizon

Looking back across my own life—from naval service to cybersecurity leadership to motorsport photography—I can see how many opportunities were shaped by decisions made long before I ever arrived.

A family move in 1915.

A fascination with machines.

A career that blended military service, technology, and global experience.

Each step produced consequences that extended far beyond the original moment.

Leadership works the same way.

The most important decisions are rarely defined by their immediate impact. Their significance lies in the ripple effects they create over time.

As organizations increasingly integrate artificial intelligence into their operations, that reality becomes even more pronounced.

The speed of ex*****on increases.

The scale of impact expands.

And the consequences—both intended and unintended—arrive faster.

Which makes the discipline of leadership even more important.

As we move toward America’s 250th year, the lesson remains clear: The future is rarely shaped by a single moment of action.

It is shaped by the consequences of decisions made long before we fully understand where they will lead.

Thanks for reading!

03/24/2026

In the mid-1990s, long before cybersecurity became the global industry it is today, most organizations still viewed computer security as a narrow technical concern. Firewalls were emerging. Antivirus software was evolving. Back before the beginning of the 21st Century, Risk Management focused on "checking boxes" to meet baseline IT security compliance requirements, such as ISO 17799 (which evolved into ISO 27002), PCI, HIPAA, and related NIST standards—all which provided fundamental information security guidelines. But the larger question of how to understand and manage digital risk had still not been clearly defined.

“Waaay back in the 1900’s,” (as us old techno-fogies might often be heard saying to today’s “Gen-Whatever’s”), I was leading a technical solutions DevOps and QA team for a young security company called AXENT Technologies, which operated out of Rockville, Maryland, with development teams in Provo, Utah. Each quarter, executive leadership would travel between the offices for what we called “Lab Reviews,” where teams demonstrated what they were building and where the company might go next.

One winter afternoon during one of those reviews in Utah, I presented an internal briefing titled “Headlines, Deadlines, and Market Share.” The message was simple: the emerging security market wasn’t going to be defined by products alone—it would be defined by how organizations understood and managed risk, which may evolve into threats, some of which were only beginning to take shape, but have since fed into such attack trends as Denials of Service, Polymorphic Viruses, and the dreaded Ransomware.

Not long after that meeting, the Vice President of Development walked into my office.
He told me our team’s presentation had made a strong impression on leadership. Then he said something that would change the trajectory of my career: “We’d like you to build a team around this idea—and take the lead on product management for Intruder Alert.”

Intruder Alert, the IT industry’s first and world leader in host-based intrusion detection systems, was one of two projects our development teams were building at the time. The other was Enterprise Security Manager (ESM), which was also first of its kind to become a world leader—a Security Information and Event Management System (SIEM). ESM was a scalable application designed to monitor and correlate events across multiple operating systems—NetWare, Unix, and Windows NT. Together, those two tools would eventually become early examples of technologies that laid the groundwork for the hundreds if not thousands of iterations in technology solutions that target the growing problems associated with managing cybersecurity issues.

But the most important development was not the technology itself. It was the realization that our engineers were fascinated by something most organizations were still trying to ignore. They wanted to know how systems failed. They wanted to understand how intrusions occurred, how vulnerabilities were exploited, and how seemingly small anomalies could reveal deeper patterns of risk. Their curiosity led my being allowed to organize into a small group within the company that focused specifically on studying attack and computer hacking behavior. We called it the Information Security SWAT Team, and found ourselves garnering attention from national news media, financial institutions, health care organizations, and various federal agencies.

And almost overnight, the idea caught the attention of the technology press. What began as a small internal experiment became a visible effort to study the mechanics of digital attacks before most companies even recognized that such threats existed.

Looking back, it was one of the earliest moments when I realized that leadership in emerging industries often begins with a deceptively simple discipline: defining the problem clearly enough that others can begin to solve it.

The Birth of an Industry
Those early years of cybersecurity were marked by a significant sense of exploration. Researchers, engineers, and security practitioners were trying to answer questions that had never been formally asked before:
• What constitutes a digital intrusion?
• How should vulnerabilities be identified and cataloged?
• What signals indicate malicious activity inside a network?

During that same period, a small gathering of incredibly bright IT professionals (who had originally planned on attending Burning Man) began gathering in Las Vegas, evolving into what would become DEF CON in 1993, organized by Jeff Moss—known in the hacker community as “The Dark Tangent.” Four summers later, the Black Hat Briefings emerged as a more formal venue for sharing security research.
I had the opportunity to attend some of those early gatherings and organized some of the early commercial funding support for Jeff’s efforts as this event began to grow. What started as a few dozen curious participants eventually became a global community of tens of thousands of researchers, practitioners, and technologists exploring the boundaries of digital security.

Around the same time, I was invited to a MITRE working group, led by my friend Dr. David Mann, along with a handful of other Information Security representatives. The group, composed of vendors and researchers, aimed to discuss how the industry might create a shared language for identifying and cataloging vulnerabilities. From those conversations emerged the Common Vulnerabilities and Exposures (CVE) framework, which allowed security professionals across organizations and technologies to refer to the same vulnerability using a common identifier.

For the first time, the IT industry had a way to define the problem consistently.

Solving for X
In my first post in this series, I mentioned the priority of “Solving for X.” In mathematics, every equation begins with a simple step: solve for X. Before any solution can be calculated, the unknown variable must be defined. Leadership operates under the same principle.
In the early days of cybersecurity, the most important breakthroughs did not come from tools or technologies alone.

They came from the discipline of asking fundamental questions:
• What exactly are we defending?
• What constitutes a vulnerability?
• How do we recognize an attack in progress?

Only after those questions were answered could meaningful solutions begin to emerge. Today’s cybersecurity ecosystem—with its security operations centers, vulnerability databases, global conferences, and sophisticated detection systems—rests on the foundation of those early attempts to define the problem clearly.

Leadership and the Discipline of Definition
The lesson extends far beyond cybersecurity. Whether leading a technology company, managing national infrastructure, or building new systems in a rapidly evolving economy, the most effective leaders begin by clarifying the problem they are trying to solve. Without that discipline, organizations risk investing enormous resources in elegant solutions to the wrong challenge.

But when the problem itself is understood—when X is clearly defined—teams can align their efforts and build solutions that actually address the underlying need.

Looking Toward the Horizon
As we approach the 250th anniversary of the American republic, it is worth remembering that the same discipline applies not only to organizations and industries, but to nations themselves. The founders of the United States spent years debating the fundamental question of governance: how to design a system that could preserve liberty while maintaining order. Only after defining that challenge did they attempt to build the constitutional framework that followed.

Leadership, whether in a young nation or a young industry, begins with the same principle.
Before solving the equation, we must first understand what X represents.

03/21/2026

Crappy CRAPPY course!
Not coming back for sure!

03/20/2026

One more day...

03/17/2026

Part I of VII
As America approaches its 250th anniversary this summer, and as I have been actively chasing my own “next chapter,” I thought I would write a short series called “Lessons from the Horizon,” which focus on reflections on leadership for business executives, directors and managers, drawn from personal experiences in military service, global travel, and cybersecurity governance (and it’s a great opportunity to share some of my photography!).

Many of the leadership lessons I’ve learned came from unexpected moments. One of them began in the open door of a helicopter in the middle of the Indian Ocean…

Part 1: Solving for X...

America’s quarter-millennium milestone represents more than a national birthday. It marks the endurance of an idea—that a constitutional republic grounded in liberty, free exchange, and responsible leadership can shape not only a nation, but the broader course of human history.

Moreover, “Leadership” lessons often appear in unexpected places. For me, one of those places was the open side door of a Navy helicopter in the middle of the Indian Ocean.

A Moment Over the Water
Long before the “Hunt for Red October” showed Alec Baldwin simulating a wire drop from a helicopter to a submarine, on one morning during a nine-month deployment, one of my fellow photographers and I found ourselves hanging out of the open side door of a Sikorsky UH-3H rescue helicopter assigned to Navy Squadron HC-1, as it hovered over a small frigate (USS Brooke) underway below us, as we sailed in the Indian Ocean, deeper into the Arabian Sea.

The early morning sun was low on the eastern horizon as the ship rolled gently beneath us in the swells. Rotor wash tore across the deck as sailors prepared for our arrival. My photographer, and I were preparing to step down onto the moving ship so we could meet with the commanding officer for an operational interview. Not bad work for a couple of guys just leaving our teenage years!
Moments like that tend to “inspire” one to focus on the moment, the current situation, and the resources that might be needed if something doesn’t go as planned. In the military, we often referred to that as either “Assess, Adapt, Deploy.”

In naval aviation operations—particularly during the rare occasions of transferring crews between ships at sea—the margin for error is measured in seconds and inches. Every participant in the operation must understand exactly what the objective is and how the maneuver will unfold.

The pilot must maintain position, and the deck crew must coordinate signals, even when the water, the wind, and the operations may not agree.

Meanwhile, what might be 20 miles away, flight operations back on the carrier monitor every step.

There is no room for ambiguity.

Before that helicopter ever lifted off the carrier deck, everyone involved understood the mission: safely transfer two personnel from one moving vessel to another in open water.

Everyone knew the plan.

Everyone knew their role.

In leadership terms, the value of that clarity cannot be overstated.

Solving for “X”
In mathematics and engineering, problems are often described as “solving for X.”

Before any solution can be calculated, “X” must first be clearly defined.

The equation depends on it.

Yet in leadership environments—whether military operations, cybersecurity governance, or the fast-moving world of technology startups—teams frequently rush past that step. Organizations jump straight into building solutions before they have fully agreed on the problem they are trying to solve.

And when that happens, even brilliant ex*****on can produce disappointing results, often because the team may be solving the wrong equation.

The Discipline of Definition
During my time working in flight operations aboard the USS Midway, Coral Sea, Nimitz, Constellation and George H W Bush, I saw repeatedly how critical it was for leaders to define the mission clearly before action began.

Whether launching aircraft, coordinating fleet movements, or conducting transfers between ships at sea, success depended on a simple principle: everyone involved understood exactly what the objective was.

Everyone knew what “X” represented, and that same principle applies far beyond the flight deck.

In the cybersecurity world, organizations often invest enormous resources in technical defenses without first answering four foundational questions:

1. What exactly are we protecting?
2. Does the objective impact personal safety, community risk, or business operations?
3. Are our efforts improving the security of protected information?
4. How are our customers, or clients, or partners—or anyone else we influence—
affected by what we are doing?

Each objective leads to a different strategy.

Without clearly defining the problem, teams can spend years building sophisticated solutions that only partially address the real challenge—or worse, miss it entirely. That’s why, for example, “Assessments” are so vital—not for the sake of “Compliance” per se’, but more so for the sake of managing “Risk.”

Leadership in an Age of Speed
Today’s leaders—especially those building companies and technologies in communities—operate in environments where speed is often celebrated.

We hear it in the Board rooms, in the Management meetings, in DevOps team sprints, in Q/A, in Marketing: Move fast. Build quickly. Launch early.

There is value in that mindset.

And as someone who has raced on F1 tracks, landed on carriers, putt the golf ball too quickly, and maybe been asked more than once to “slow it down” on I-15, I find it mildly ironic that I am saying this at all, but the discipline of leadership sometimes requires the opposite instinct: slowing down long enough to ask the most fundamental of questions: What problem are we actually trying to solve? Clarity at the beginning saves enormous effort later.

The Equation Behind Every Mission
Over the years, one lesson has become increasingly clear to me: The quality of any solution is limited by the clarity with which the original problem is defined.

If the objective is vague, the plan will be fragile. If the objective is misunderstood, even excellent ex*****on can produce unintended outcomes.

But when leaders take the time to define X—to identify the true challenge and align their teams around it—the chances of success increase dramatically, while risk is reduced as well.

That principle holds whether you are launching aircraft in the middle of an ocean, while moving at 30 knots, in the night, in the rain, or designing a cybersecurity architecture, or complying with or preparing for a SOC2 audit, or building a company in a rapidly evolving marketplace.

Leadership, like mathematics, still begins with the same discipline: First, solve for X

And as we move toward celebrating this great nation’s 250th year, the lessons of leadership remain timeless: clarity of mission, commitment to principle, and the courage to act when the moment arrives.

Thanks for reading this!
(… Next in the series: The Night Before the Mission)

Drew Blandford-Williams Cybersecurity Professional

04/29/2026

04/14/2026

04/07/2026

03/24/2026

03/21/2026

03/20/2026

03/17/2026

Address

Telephone

Website

Alerts

Contact The Business

Shortcuts

Share

Category