No Result
View All Result
No Result
View All Result

Why CEOs Need Cybersecurity at the Strategy Table: Lessons From Framework Security

Why CEOs Need Cybersecurity at the Strategy Table Lessons From Framework Security
Photo: Unsplash.com

CEO Weekly Contributor

CEO Weekly Contributor

By: Sarah Summer

When major cyberattacks make headlines, executives scramble to understand what went wrong. The uncomfortable truth is that many CEOs still view cybersecurity as a technical challenge, rather than a core leadership issue. Jerry Sanchez, Co-Founder and Managing Partner of Framework Security, has spent more than 25 years at the intersection of technology, security, and business growth. His message to CEOs is straightforward: if youā€™re not treating cybersecurity as a priority in the boardroom, you may be lagging behind.

Sanchez was named Chief Information Security Officer of the Year by the Cybersecurity Excellence Awards and recognized among The Consulting Reportā€™s Top 50 Global Cybersecurity Leaders. His career spans roles at Electronic Arts, Charles Schwabā€™s CyberTrader division, and Planview, where he contributed to the development of a SaaS delivery model that helped drive enterprise expansion. In 2018, he co-founded Framework Security, now acknowledged by Clutch, G2, and The Manifest as one of the leading cybersecurity consultancies in the United States.

The track record mattersā€”not only because it adds credibility to his message but because it highlights a significant shift in the risk landscape.

ā€œA breach isnā€™t just a technical event. Itā€™s a trust event,ā€ Sanchez has said. ā€œCustomers donā€™t separate your technology from your reputation. If their data is exposed or your service goes dark, they lose trust in your leadership.ā€

That shiftā€”from a technology problem to a trust problemā€”is where CEOs need to adjust their perspective.

Cybersecurity Is Not an IT Problem

For decades, cybersecurity was primarily handled by IT departments. But, as Sanchez points out, that perspective misses the broader issue. At Planview, where he served as CIO, his role went beyond managing infrastructure. He was focused on creating a SaaS delivery model that would support the companyā€™s growth and meet the security demands of large enterprise clients. Decisions about security were not just about technologyā€”they were about market positioning, sales credibility, and revenue.

Sanchez advocates that CEOs should no longer delegate cybersecurity. Instead, it should be integrated as a strategic layer of business operations. Boards, investors, and regulators increasingly expect executives to be aware of and engaged in their company’s security posture, and the consequences for failing to do so can be severe.

Cloud Fragility Is a Business Risk

Many executives assume that moving to the cloud automatically solves security issues. Sanchez cautions against this assumption, pointing out that outages, misconfigurations, and third-party vulnerabilities remain persistent risks. During his time at SoftServe, where he led cybersecurity consulting for North America, Sanchez advised global enterprises on exactly these kinds of challenges.

The lesson here is: CEOs should not merely ask whether they are using the cloud. They must plan for the possibility of a cloud provider failure, knowing that business continuity, resilience, and risk assessments are essential.

Compliance Is the Floor, Not the Ceiling

Sanchez observes that many CEOs treat compliance as the endpoint. Achieving certifications such as SOC 2 or ISO 27001 is important, but it does not automatically equate to security.

At Framework Security, Sanchez has developed a practice that goes beyond checklists, advocating for the creation of a security culture that becomes embedded in the organizationā€™s workflows. As he explains, passing an audit should not be the final goal. Instead, security should be part of the companyā€™s ongoing operations.

This perspective resonates with CEOs, as it positions compliance as a foundation for building trust with customers and partners, offering a competitive advantage rather than just fulfilling regulatory requirements.

The Executive Bullseye

A growing concern, according to Sanchez, is the personal targeting of executives. From deepfake audio mimicking CEOs to ransomware gangs threatening to leak sensitive board-level information, the attack surface has expanded beyond infrastructure to people.

ā€œAttackersā€™ first step is often to map out the leadership team,ā€ Sanchez has noted from experience. ā€œIf executives think this wonā€™t happen to them, theyā€™re underestimating the level of sophistication weā€™re seeing.ā€

For CEOs, personal awareness and executive training are no longer optional. They are critical components of an organizationā€™s overall defense strategy.

AI as a Double-Edged Sword

Framework Security has invested in AI-powered tools, including the launch of Minerva Insights, which automates pentest report generation. However, Sanchez emphasizes that AI can also be used by attackers. Deepfakes, impersonation scams, and poisoned training data all represent emerging threats.

The takeaway for CEOs is that AI cannot be left to the innovation or IT teams alone. It should be integrated into risk management and governance discussions at the highest levels.

Advice for CEOs

So, what should a CEO actually do? Sanchez offers some practical advice:

  • Bring cybersecurity to the boardroom. It should not be treated as a line item. Ask your CISO or vCISO to present risk scenarios the same way your CFO presents financials.
  • Demand business-language reporting. You donā€™t need to understand all the technical details, but you do need to know how specific risks impact revenue, brand, and compliance.
  • Plan for continuity, not perfection. Breaches and outages will occur. The question is whether you can manage them and maintain customer trust.
  • Invest in executive protection. Educate your leadership team on social engineering tactics, deepfakes, and targeted attacks.
  • Move beyond compliance. Use frameworks as a foundation, then build a security culture that fosters trust with customers and partners.

A Human-Led Approach

At Framework Security, Sanchez and his team prioritize a “human-led approach.” This philosophy emphasizes that cybersecurity is not just about tools and technology but also about applying expertise and judgment to enable business growth while protecting organizational assets.

This framing is particularly important for CEOs. In a world where digital trust is just as critical as product innovation, leaders can no longer afford to view security as a responsibility for someone else in the organization. Sanchezā€™s careerā€”from defending trading servers at Schwab to advising enterprises on cloud resilienceā€”shows just how high the stakes are.

Cybersecurity is no longer a department; itā€™s a leadership issue. And, as Sanchez explains, the companies that will thrive are those whose CEOs recognize this shift and act accordingly.

Find Jerry and the Framework Security Team at https://frameworksecurity.com

Spread the love

Recent News

CEO Weekly Contributor

This article features branded content from a third party. Opinions in this article do not reflect the opinions and beliefs of CEO Weekly.

No Result
View All Result

Ā© 2022 CEO Weekly. All Rights Reserved

A Matrix Global Publication
Advertise With Us

Let’s talk about getting your story featured.

Menu

Let’s talk about getting your story featured.

Advertise With Us

Copyright Ā©2025 Matrix Global, LLC. All Rights Reserved.

CEO Weekly is not responsible for the content of external websites.

By registering for an account or using any part of this website, you acknowledge that you have read, understood, and agree to be bound by our Terms of Use and Privacy Policy, which govern your access to and use of our services, content, and features.

Menu

CEO Weekly is not responsible for the content of external websites.