In this gripping interview, James Azar sits down with Zach Lewis, CIO and CISO at the University of Health Sciences and Pharmacy in St. Louis and author of Locked Up: Cybersecurity Threat Mitigation Lessons from a Real-World LockBit Ransomware Response. Together, they unpack the lived chaos of a ransomware attack not as theory, but as a raw, human, boots-on-the-ground experience.
Buy Here: https://amzn.to/4rxvVYT
Azar calls Lewis’s book “a lived crisis narrative, not a sanitized playbook,” walking readers through the confusion, escalation, leadership pressure, and recovery that define real-world incidents. The two discuss the psychological weight of cyber defense, the stigma surrounding ransomware victims, and the hard truths about recovery that extend far beyond system restoration.
Lewis shares how his team’s assumptions crumbled under the pressure of the attack — from losing access to the very password manager needed to recover backups, to managing legal negotiations and executive expectations with incomplete information. His honesty about the emotional toll of incident response and the shame many practitioners feel in admitting a breach sets this conversation apart.
“We have to be right 100% of the time,” Lewis says, “and one false step can lead to something like this.”
Azar and Lewis explore the human element of cyber warfare — how shame, burnout, and fear still prevent leaders from talking openly about breaches, and why that culture needs to change. Lewis argues that these scars should be worn proudly, not hidden:
“When veterans talk about the battles they fought, it’s experience. We should be proud of the battles we’ve survived in cyber, too.”
From negotiating with threat actors to balancing transparency with uncertainty in boardrooms, this episode dives deep into what really happens when theory meets reality. Both leaders emphasize the importance of relationships, data governance, and identity management as core survival tools in today’s threat landscape.
As Lewis puts it bluntly, “The fact that it happened — that’s the lesson that still sticks. It was avoidable, and that’s hard to live with. But if I had to learn it, this was the way.”
Key Takeaways
Ransomware is inevitable — shame shouldn’t be. Transparency and shared experience are vital for industry growth.
Emotions matter. The human toll burnout, fear, and self-blame deserves as much attention as the technical aftermath.
Preparation isn’t perfection. Even the best tabletop exercise misses something. Incident response must evolve dynamically.
Data governance and IAM are the next battlegrounds. Knowing your data and who touches it defines resilience.
Leadership and relationships trump controls. A CISO’s ability to communicate under fire often determines recovery success.
James Azar’s Take
This episode reminded me why I love talking to practitioners like Zach people who don’t just theorize security but live it. His honesty about the chaos, the human emotion, and the recovery process is what our industry needs more of. We don’t learn resilience by reading sanitized playbooks we learn it by surviving the mess together.
