Risk management gauge over a laptop, representing the need for a clear business-wide security plan.

When Security Got Personal 

in
Rick Lindberg

The Night Operations Stopped 

The first time I saw a business lose access overnight, it wasn’t a random glitch. After a deliberate attack, I was brought in from outside the company to stabilize the situation and restore operations. The room went quiet in a way I still remember. Not panic. Not yelling. Just people realizing, all at once, that the day’s work might not happen at all. 

More importantly, this wasn’t a tech team staring at dashboards. It was a real company trying to run. Phones ringing. Customers waiting. Payroll still due. Work still stacked up. 

At first it didn’t look dramatic. One login failed. Then another. The team tried the usual things, on different computers, using different networks, with reboots, and nothing changed.  

Then you could feel the shift when it became clear this wasn’t one person’s issue. It wasn’t one machine. It wasn’t one system. The business was down. 

That’s when security stops being a topic and becomes personal. 

The Decisions That Follow

The next hours were a blur of calls and decisions. Some were technical, some weren’t, and all of them carried weight. 

  • Do we shut down more systems or keep people working? 
  • Do we call a vendor or do we call law enforcement? 
  • Do we tell customers now or wait until we know more? 
  • How long can we operate like this? 

Underneath all of it was the part most founders don’t want to admit. This can happen to anyone. 

Not because you’re reckless. Because the world is noisy, attackers are persistent, and small gaps stack up over time. Most people picture one big mistake. One click. One moment. In real life, it’s usually a chain. 

How Small Gaps Stack Up 

Most often, the chain usually looks boring in hindsight.

  • A password that never got changed  
  • A user with more access than they need  
  • A device that didn’t get patched  
  • A backup that exists, but hasn’t been tested  
  • An alert that fired, but nobody owned it  

None of those feel catastrophic on their own. Together, they create a path. 

That experience is why I don’t talk about security as something you “buy.” I talk about it as operating discipline. The basics matter, but what matters more is whether someone owns them and they stay maintained. 

When that company lost access, the technical work mattered. We needed to isolate systems, trace what happened, and rebuild what could be trusted. 

But what hit hardest was the business work that had to happen at the same time. That’s the part owners feel in their gut, because it’s your name on the line. 

  • Keeping the team informed so rumors don’t run wild  
  • Making the call on what operations can continue and what has to stop  
  • Deciding what to tell customers and when  
  • Coordinating vendors, insurers, and outside help  
  • Protecting leadership time so decisions stay clear 

Why Discipline Beats Panic

Security incidents are exhausting because they don’t just take systems. They pull your attention, kill momentum, and erode trust. 

Even after you recover, there’s residue. People get cautious. They hesitate. They double-check everything. Someone worries they were the one who clicked the wrong thing. 

That’s why it matters how you handle security inside the company. Fear doesn’t help. Ownership does. Blame doesn’t help. Clear controls and clear roles do.

This is also why we’re intentional about calm. Not performative calm. Real calm that comes from procedures, documentation, and practiced response. Calm is what keeps decisions from getting sloppy at the exact moment you can’t afford sloppy decisions. 

The Gut-Check

Here’s the gut-check I care about. 

If it happened tonight, would your team wake up to a plan… or to improvisation? 

Founders don’t need fear. We need a plan we can trust. Discipline is that plan, and it’s built in the quiet weeks, not the hard ones.