Cybersecurity breaks down when it’s imposed instead of coached.
In this episode, Chris Foulon—founder of CPF Coaching LLC and an experienced vCISO—explains why most security programs fail and what leaders can do differently. With a background spanning healthcare, education, and nonprofit work, Chris brings a human-centered approach to security that prioritizes resilience over rigid control.
Chris shares how his early exposure to computers in the Caribbean and later experiences during the Napster era shaped his belief that behavior—not technology—is the root cause of most breaches. From ransomware preparedness to supply-chain risk, he emphasizes that organizations don’t fail because they lack tools, but because they try to change everything at once.
You’ll hear why annual one-hour security trainings don’t work, how incremental process improvement enables faster response to vulnerabilities, and why testing backups matters more than simply having them. Chris also explains the importance of data classification as a foundational policy and breaks down common misconceptions around passwords, MFA, and convenience versus security.
The conversation covers real-world scenarios—from SolarWinds-style vendor risk to disaster recovery planning in hurricane zones—showing how small oversights can escalate into major incidents.
If you’re a technology leader trying to balance speed, safety, and business outcomes, this episode offers a practical, grounded perspective on building security that actually holds up under pressure
