Mission Control: C-Level Leadership for Cyber Resilience

In the 1960s, space exploration was a deadly endeavor. Technical failures, limited computing power, and the unforgiving vacuum of space created an environment where the smallest error could result in catastrophic mission failure and the loss of human lives. Add to that the Cold War space race and you had all of the elements for a not “if” but “when” catastrophe scenario.

When Failure Is Not an Option

“Failure is not an option.”

With those five words, NASA Flight Director Gene Kranz (played by Ed Harris in the classic 1995 movie) galvanized his Mission Control team during the Apollo 13 crisis. Faced with a damaged spacecraft 200,000 miles from Earth, dwindling oxygen, limited power, and near-freezing cabin temperatures, Kranz’s team had to accomplish the seemingly impossible: bring three astronauts home safely using systems and procedures that had never been tried or even simulated.

The situation demanded immediate decisions about power management, trajectory corrections, and life support systems. Without Kranz’s methodical leadership (his white vest a symbol of the calm, can-do leadership his team revered) the Apollo 13 crisis would likely have ended in tragedy. His ability to coordinate specialized teams, allocate scarce resources, and maintain unwavering focus on the mission’s success transformed potential disaster into what NASA later called their “finest hour.”

Now imagine this same crisis without Kranz at the helm. No one coordinating the specialized teams. No one making the difficult calls about which systems to shut down. No one ensuring that every engineer worked toward a unified goal with a clear timeline. Without that leadership, the mission would have almost certainly ended differently, with devastating consequences.

Today, organizations face their own version of Apollo 13: sophisticated cyber attacks that threaten critical systems, sensitive data, and business continuity. The question isn’t whether your organization will experience a security incident; it’s how effectively you’ll respond when that inevitable crisis occurs.

The Cost of Operating without Mission Control Leadership

Recent statistics paint a sobering picture of what happens when organizations lack effective cybersecurity leadership. Without strategic guidance, companies struggle to build true cyber resilience—the ability to prepare for, respond to, and recover from security incidents while maintaining business continuity.

• Data breaches cost an average of $5.97 million per incident in 2024
• Recovery times for ransomware attacks average 22 days of operational disruption
• 79% of attacks now use “living off the land” techniques that bypass traditional security
• Voice phishing (vishing) attacks targeting personnel increased 442% in the past year alone

Like spacecraft without Mission Control, many organizations discover their cybersecurity weaknesses only after systems have been compromised. By then, the damage is done: sensitive data is exposed, operations are disrupted for weeks, and C-level executives face difficult conversations with regulators, customers, and shareholders.

Kranz’s Mission Control: A Model for Cybersecurity Resilience

When Gene Kranz directed NASA missions from Mercury through Apollo, his success depended on four critical leadership capabilities. These same capabilities define effective cybersecurity leadership for organizations today:

1. The Flight Plan: Mapping Your Security Trajectory

Before any mission launched, Kranz insisted on meticulous flight planning that accounted for nominal operations and countless contingencies. His team created detailed procedure manuals mapping every aspect of the mission, anticipating problems before they occurred, and establishing decision points for critical actions.

Similarly, a skilled virtual Chief Information Security Officer (vCISO) first creates a comprehensive security roadmap for your organization. This detailed mapping reveals critical assets, data flows, and vulnerabilities specific to your industry and operations. The vCISO helps chart a clear course through the complex regulatory and threat landscape tailored to your business objectives.

This detailed planning forms the foundation of true cyber resilience, enabling your organization to withstand and recover from security incidents while maintaining critical business functions. Without this level of preparation, even the best security tools will miss critical vulnerabilities in your operations, leaving you exposed to unnecessary risk.

2. The Flight Director: Industry-Specific Knowledge

Kranz combined deep technical knowledge with strategic vision. He understood the complex interplay between spacecraft systems, orbital mechanics, and human factors. This comprehensive knowledge allowed quick, decisive action when moments mattered most.

Effective C-level leadership in cybersecurity requires this same comprehensive knowledge. A vCISO understands industry-specific regulations, business workflows, and technical environments, allowing quick action when faced with sophisticated attacks targeting your specific operations.

Organizations across all sectors face unique threats and compliance requirements. Security leadership with industry-specific expertise understands these unique risks and how to mitigate them effectively, bringing the same level of decisiveness that Kranz demonstrated during Apollo 13.

3. The Go/No-Go: Responding to Emerging Threats

During critical mission phases, Kranz would conduct “go/no-go” polls across all flight control positions. When Apollo 13’s oxygen tank exploded, he rapidly assembled his team, assessed the situation, and coordinated a response that transformed potential disaster into NASA’s “finest hour.”

The modern cybersecurity landscape requires the same decisive leadership. Attackers constantly change their techniques, moving beyond traditional malware to complex social engineering campaigns and supply chain compromises—all designed to test your organization’s cyber resilience.

An effective vCISO serves as your cybersecurity flight director during crisis scenarios, coordinating response efforts across your organization when incidents occur. When the warning lights start flashing, this leadership ensures all teams work together with a clear mission: contain the threat, protect critical assets, and restore operations as quickly as possible.

4. The Flight Controller: Strategic Resource Allocation

Kranz understood that in space, resources are finite and must be managed with precision. During Apollo 13, his team had to extend life support systems designed for two days into a four-day return journey. This required innovative thinking about power management, carbon dioxide filtration, and water conservation.

This strategic approach is essential in cybersecurity, where competing priorities and limited budgets require focused investment. A skilled vCISO helps you allocate security resources where they deliver maximum protection for your most valuable assets, strengthening your overall cyber resilience posture.

Every organization has systems and data that carry different levels of risk. Without strategic leadership, organizations often implement security measures haphazardly, leaving critical vulnerabilities in their most sensitive systems while overprotecting less valuable assets.

The vCISO Solution: C-Level Cybersecurity Leadership for White Vest-Resilience

Most organizations recognize the need for strategic security leadership but struggle with the cost. Full-time Chief Information Security Officers (CISOs) earn annual compensation ranging between $200K-$500K with upper-tier talent earning $1M—prohibitive for many organizations facing budget constraints.

This is where the vCISO model delivers exceptional value for building cyber resilience. Like NASA’s Mission Control, which provided critical expertise to multiple space missions without being permanently assigned to any single spacecraft, a vCISO delivers executive-level cybersecurity leadership on a fractional basis. This approach provides the strategic direction and decision-making capabilities of C-level leadership without the full-time cost commitment.

What Deep Experience Looks Like: The Richey May Difference

At Richey May, we dig deep so you can go beyond conventional security approaches. Our vCISO service brings Kranz’s Mission Control leadership model to organizations of all sizes:

We Map Your Security Flight Plan: Our vCISOs begin by digging deep into your organization’s cybersecurity terrain, documenting critical assets and industry-specific vulnerabilities others might miss. This comprehensive assessment allows you to implement truly effective controls.

We Bring Industry-Specific Experience: Unlike general cybersecurity providers, our vCISOs understand both technical security and the unique operational workflows of your industry. This deep knowledge helps protect your specific business processes, addressing your unique challenges.

We Coordinate Effective Incident Response: Our vCISOs bring proven approaches to crisis management, ensuring your team can respond effectively when security incidents occur. Like Kranz during Apollo 13, we help transform potential disasters into successful recovery operations, allowing your organization to go beyond mere survival to maintaining critical operations even during active incidents.

We Optimize Your Security Resources: For a fraction of the cost of a full-time CISO, our vCISO service establishes the strategic security framework right for your organization’s size, business model, and risk profile. This allows you to go beyond what you thought possible within your cybersecurity budget.

Charting the Direct Course: The Competitive Advantage of Mission Control

Just as a space mission without Mission Control leadership would invite disaster, operating in today’s threat-filled cyberspace without skilled cybersecurity leadership makes a security incident virtually inevitable. Without strategic guidance, organizations lack the visibility, preparedness, and coordinated response capabilities needed to navigate an increasingly hostile digital environment.

In today’s competitive landscape, you can’t afford these security missteps. Richey May’s vCISO service helps you chart the most direct and secure route to your business goals, maintaining cyber resilience while your competitors struggle with expensive recovery efforts and lost opportunities.

By engaging a vCISO service, organizations can establish true cyber resilience through:

• Security strategies aligned with your specific business processes
• Governance frameworks that ensure regulatory compliance
  Incident response plans that minimize operational disruption
• Secure workflows for handling sensitive data
• Board and executive support for critical security investments

Prepare Now for AI-Era Cybersecurity Challenges

Join cybersecurity experts from both Richey May and Arctic Wolf on June 26 for our webinar: “Reaching Cyber Resilience: The Importance of Training and Testing.”

Unlock the secret to true cyber resilience because having a plan isn’t enough if you haven’t put it to the test. Most organizations believe they’re prepared for cyber incidents, but without hands-on training and real-world exercises, critical gaps remain undetected until it’s too late.

During this essential session, you’ll learn:

• How to establish your organization’s cybersecurity “Mission Control”
• Proven frameworks for critical decision-making during security incidents
• Strategies for building a security culture that works when it matters most
• Actionable insights on employee training from a guest expert at Arctic Wolf

Don’t wait until your organization faces its own Apollo 13 moment to discover gaps in your security leadership. Just as Gene Kranz declared during that crisis, when it comes to protecting your critical assets and ensuring business continuity, “failure is not an option.”

REGISTER FOR THE WEBINAR →