Date: July 7, 2026
Time: 9:30 AM EDT | 8:30 AM CDT | 7:00 PM IST
Topic: Cyber Resilience: It’s Not What You Think
Abstract:
While the US and critical infrastructure have been talking about “cyber resilience” for over a decade, more recent efforts focusing on secure by design and the EU’s new Cyber Resilience Act (CRA) have brought the resilience conversation front-and-center—especially when it comes to supporting digital transformation.
The message is clear: cyber resilience isn’t just an IT or security issue. It’s a critical business function, and the guidance – like NIST’s four principles of Anticipate, Withstand, Recover and Adapt – would seem to indicate that we’ve finally moved from deterrence and prevention to something a bit more proactive.
But have we?
Because if you read what they really say and you look at what’s really happening in practice, it’s still all about uptime, continuity, availability and recovery of the infrastructure. Sure, it’s supposed to maintain all that after a breach or incident, but wasn’t that always the requirement all along?
The goal of digital transformation is to enable our organizations to continually adapt and change so new opportunities, new ways of working and new technologies can be adopted. And yet, everything we do in security – at the most fundamental level – is about preventing change or reverting back to a last known good state. The reality of digital transformation means that “last known good” isn’t good enough anymore because that state no longer exists.
If we want to achieve true cyber resilience – the kind the CRA is talking about – then we need stop focusing only on the resilience of the infrastructure. We must instead address where everything cyber fully intersects with how the rest of business gets done. Right now, we don’t. Security is still an afterthought. “Secure by Design” is still often a checklist. And far too often is a catastrophic incident or outage the only thing that shows us what’s really important.
In this talk, you’ll learn things you can start doing today to move towards true cyber resilience in your own organization, including:
Key Takeaways:
- What “proactive” actually needs to mean for security to keep pace with continuous digital transformation
- The Swiss psychologist’s observation that explains why cyber resilience stays a goal rather than a reality
- Where cyber risk really originates (hint: it’s not APTs, vulnerabilities, or the traditional threat landscape)
- How far organizations have actually shifted left, and where resilience decisions are genuinely being made
- What the F-35 program can teach us about the changes security needs to make
Speaker:
Andrew S. Townley, Founder and Chief Executive of Archistry
Bio: Andrew S. Townley is a global strategist, architect, and thought leader in security, risk, and business execution. With a career spanning three decades, he has led multimillion-dollar projects, founded four companies, and guided executives and security leaders through some of their toughest challenges. As Chief Executive of Archistry, he helps organizations turn security from a business obstacle into a competitive advantage. Known for his systems-thinking approach and ability to connect disciplines in unexpected ways, Andrew is a sought-after speaker, author of multiple books—including From Invisible Crisis to Competitive Advantage, and publisher of the Security Sanity™ newsletter. His clients describe him as “part genius, part mad scientist” for his ability to translate ideas into concrete action that drives real results
