In the world of cybersecurity, there are three core pillars that every organization should be focusing on: people, process, and technology. These three work in tandem to ensure that your organization isn’t the next target of a data breach, ransomware attack, or—heaven forbid—an IT disaster caused by an employee clicking on a suspicious email attachment with the title “HOT DATES THIS WEEKEND!!!”

But let’s take a step back for a moment and consider something equally perplexing: why, in a world so full of logical solutions, does pizza come round, gets packed in a square box, and is always eaten in triangles? It’s a mystery that rivals the enigma of cybersecurity itself—complex, counterintuitive, and full of things that don’t quite add up until you take a deeper look.

The Cybersecurity Triangle:A Perfect Analogy
First, let’s unpack the “people, process, and technology” bit, because it’s a good analogy to the pizza conundrum.

• People are like the dough of a pizza. Without people, there’s no cybersecurity strategy. It’s just a crusty, unbaked idea. You need the right people—your cybersecurity specialists, risk managers, and even those unassuming office admins who set up your password policies. They provide the foundation, the “stretchiness,” if you will, of your security culture. Without proper training and awareness, people are like dough left out in the open—easily compromised and vulnerable to the environment (aka phishing emails, password sharing, or that one guy who still uses “12345” for his login).
• Process is the sauce. It’s the layer that brings everything together. A great pizza can have the finest dough, but without a good sauce, it’s just dry bread. Similarly, in cybersecurity, processes ensure that security isn’t just a reactive afterthought but a constant, baked-in routine. Think of your incident response plan, regular vulnerability assessments, and patch management processes. The sauce makes everything more cohesive and flavorful.
• Technology is the cheese (obviously). Technology binds the process together, providing that extra layer of protection—like the gooey, melty layer of cheese that ensures the pizza doesn’t fall apart. Firewalls, encryption, multi-factor authentication—these are your mozzarella, parmesan, and cheddar working overtime to keep your sensitive data safe and sound, no matter what toppings (read: threats) try to sneak in.

Why Pizza Is Round and Cybersecurity Should Be Proactive
Here’s where the pizza metaphor gets interesting: Why is pizza round? Maybe it’s because it’s supposed to be universally approachable—everyone loves pizza. But here’s the kicker: it’s packed in a square box. Why? Because square boxes are efficient to manufacture, store, and stack. You don’t want to waste space. The pizza inside, however, is trying to “break out” of that square by being round. It’s a paradox.

In cybersecurity, technology is the box. It's square, structured, designed for efficiency. But the threat landscape? It’s round. It’s unpredictable, constantly evolving, and moving in different directions, just like a pizza that’s too big to fit into its neat, little square box. If you’re not proactive about risk—if you only rely on the structure of your technology to protect you—you’re going to end up like that pizza: squished in a box with vulnerabilities that are trying to escape in all directions.

Triangles: A Symbol of Security Decisions
Now, here’s the best part of this analogy—why do we always eat pizza as triangles? It's not because the pizza is begging to be dissected into perfect slices of bite-sized portions (though, I’ll admit, pizza does get extra satisfying when you have the perfect triangular piece in hand). It’s because triangles represent proactive decision-making.

Let’s break it down: when you’re eating pizza in a triangle shape, you’re tackling the problem (the pizza) piece by piece. You can’t just take a whole slice in one bite (unless you’re an absolute savage), but you can make sure each bite is thoughtful, deliberate, and, most importantly, proactive.

That’s exactly how cybersecurity should be. You can’t just install some shiny new software or slap on a firewall and call it a day. You need to break the problem down into smaller, manageable slices. Identify the risks, create processes for handling them, and ensure your people know exactly what to do when things go wrong. You need to be deliberate with every bite. One proactive decision at a time.

So, when it comes to cybersecurity, don’t be like the person who orders pizza, stares at the box, and wonders why it’s round but packed in a square box. Don’t just react to the threats and hope for the best. Instead, be proactive—grab your triangular slice and take a bite out of risk management, one carefully considered decision at a time.

Because in the world of cybersecurity, just like with pizza, you can either be the guy who eats the pizza with reckless abandon and ends up with toppings all over his shirt, or you can be the guy who eats it in a way that shows you’re in control. You’re not just sitting there hoping the pizza (or your organization’s cybersecurity) stays intact. You’re taking charge. You’re the one who’s ahead of the game. You’re the one who gets the last slice—er, I mean, stays secure.

Conclusion: Risk Is Like Pizza—It’s Better When You’re Proactive
In the end, pizza is a lot like cybersecurity. It’s all about balance. You need the right mix of people, process, and technology to ensure things don’t get too messy. And just like pizza, risk management is best when you break it down into smaller, actionable steps. Whether you're avoiding that one guy who always brings "cheesy" security advice to the table or making sure your processes are smooth, always be one step ahead of the game.

So next time you’re enjoying a pizza slice (and wondering why it's round, packed in a square box, and eaten in triangles), think about cybersecurity. Because if you’re proactive about managing risk, you’ll never be the one stuck with a half-eaten pizza—or worse, an unsecured network.
And remember: the only thing more satisfying than a perfectly triangular slice of pizza is knowing your organization’s cybersecurity is safe, sound, and proactive. -- Bet I know what your having this week :)

​There are countless unsolved murders, lives devastated by human trafficking, and cybercriminals operating in the shadows. We’re calling on our network of professionals—whether you’re a seasoned law enforcement officer, cyber operator, or simply someone passionate about justice—to join us in making a difference.

Together, we can tackle these challenges head-on with advanced cyber operations, collaborative problem-solving, and a shared commitment to stopping the bad guys. Your support, whether as an individual, corporation, or philanthropic partner, can help us bring closure to families, protect the vulnerable, and dismantle criminal networks.

Let’s make an impact together—because justice shouldn’t wait

Introduction

Meet Tom Brennan, Managing Partner at Proactive Risk, where expertise and experience converge to safeguard critical national infrastructure (CNI) organizations. As a co-author of multiple cybersecurity titles, Brennan possesses unmatched knowledge, enabling him to effectively secure CNI organizations against emerging threats.
We recently sat down with Brennan to explore Proactive Risk's bespoke approach, leveraging a small, seasoned team to deliver tailored solutions. Learn about the challenges they're addressing in the CNI space and how their consultative expertise is driving meaningful impact.
​
1. What does Proactive Risk do? What is your role?As Managing Partner at Proactive Risk, I lead a team of experts dedicated to helping governments and critical national infrastructure organizations navigate complex risk landscapes. Our boutique consultancy specializes in risk management, security assessments, and compliance solutions, delivering tailored technical advisory services to support our clients' most pressing needs.
‍
2. What solutions/services does Proactive Risk offer? We offer a range of solutions and services, but my expertise lies in advisory, assessment, and operations. Our advisory and assessment services involve evaluating organizations against established frameworks and providing guidance on best practices, regulatory compliance, and government controls.
What sets us apart is our hands-on experience. We don't just provide checklists. We offer expert consulting rooted in real-world experience. With 20 years of experience in the field, including hands-on keyboard time, I bring a depth of knowledge to high-level consulting. My focus is on strategic guidance, spanning multiple areas, rather than just checking boxes or offering generic advice.
‍
3. Do you specialize in any specific areas (industries, services, frameworks, etc.)? We specialize in serving the CNI industry, with expertise aligned to the CISA's Cross-Sector Cybersecurity Performance Goals and Center for Internet Security (CIS) controls. While we guide organizations through compliance journeys, we emphasize that compliance is merely the foundation — true security demands a more nuanced and comprehensive approach.
‍
4. What differentiates Proactive Risk from others in the space? How do you stand out?   
For the full interview click here

Scenario 1: Ransomware Attack on Critical Legal Systems
Background: The law firm is targeted by a sophisticated ransomware attack that locks down critical legal systems, including case management software, document repositories, and billing systems. The attackers demand a ransom in cryptocurrency, threatening to release sensitive client information unless the payment is made. The firm is also experiencing significant downtime, which is affecting its ability to deliver legal services to both business and individual clients.
Objectives:

• Assess the firm’s ability to respond to a ransomware attack.
• Evaluate the firm's cybersecurity measures and data protection strategies.
• Ensure the legal, financial, and public relations teams work together to mitigate risk and minimize client impact.
• Test the communication protocols between IT, legal, finance, and public relations during a crisis.

Exercise Flow:

1. Initial Incident (Day 1, Morning):
   • IT receives alerts of unusual activity on the network: slow system performance, users unable to access key systems, and error messages related to locked files.
   • A ransom note is discovered on a shared server that demands payment for the decryption key and threatens the release of confidential client data.
   • IT confirms the presence of ransomware on a significant number of workstations, servers, and the legal document management system.
2. Escalation (Day 1, Afternoon):
   • The CEO is notified and an executive meeting is called. The General Counsel (GC) must assess the legal implications of both paying the ransom and the potential data breach.
   • The CIO and IT team are tasked with isolating infected systems, determining the scope of the attack, and identifying if client data has been compromised.
   • The CMO must prepare a communication strategy in case the breach becomes public or clients inquire about the attack.
3. Tactical Response (Day 2):
   • The firm must decide whether to negotiate with the attackers, pay the ransom, or explore alternative recovery options.
   • Legal teams begin working with external cybersecurity experts and law enforcement, ensuring compliance with regulations such as GDPR or HIPAA (if applicable).
   • The finance team, led by the CFO, assesses the financial impact and prepares for any potential claims for lost revenue and client compensation.
   • PR and marketing teams are briefed to handle potential media inquiries and client notifications. The firm’s reputation is at risk.
4. Recovery (Day 3 and beyond):
   • IT begins the process of restoring data from backups. The team evaluates the effectiveness of its backup strategy and decides how long to continue using backups.
   • Communications continue with clients, informing them of the attack and how it is being addressed.
   • The firm must plan for any ongoing service disruptions and the potential loss of clients due to the attack.

Key Discussion Points:

• How would the firm handle internal and external communication? What key messages should be communicated to clients and employees?
• What steps should be taken immediately to contain the incident and limit further damage?
• How should the law firm approach the legal implications of the attack (including potential fines, lawsuits, or loss of client trust)?
• What steps should be taken post-attack to prevent future incidents (e.g., incident response plan revisions, cybersecurity training, insurance considerations)?

Scenario 2: Data Breach and Client Confidentiality Violation
Background: A third-party vendor that the law firm uses for document storage and management is breached in a cyber attack, exposing confidential client information, including legal briefs, personal identification data, and financial records. The vendor’s data center has been compromised, and a hacker has accessed sensitive files and emails. The breach affects both business clients and individuals, with some clients being high-profile individuals, corporations, and governmental entities.
Objectives:

• Test the firm’s ability to respond to a third-party data breach and assess the impact on client confidentiality.
• Evaluate the firm’s process for notifying clients and regulatory bodies about the breach.
• Ensure collaboration between legal, IT, PR, and executive teams to mitigate reputational damage.
• Assess how the firm’s contractual agreements with third-party vendors manage data security and breach notifications.

Exercise Flow:

1. Initial Discovery (Day 1, Morning):
   • IT and security teams are alerted by the vendor that a data breach has occurred. They are informed that some client data has been exfiltrated, including sensitive legal files.
   • The General Counsel (GC) assesses whether the breach involves personally identifiable information (PII) or attorney-client privileged information, which could expose the firm to significant legal risks.
   • The CIO must assess the scope of the breach—whether the attack is isolated to the vendor, or if other systems within the firm are at risk.
2. Response Coordination (Day 1, Afternoon):
   • The CEO is briefed on the situation and needs to decide whether the firm will notify affected clients immediately or wait for more information.
   • The General Counsel (GC) begins drafting breach notification letters, considering any regulatory requirements (GDPR, CCPA, etc.).
   • The CMO and PR teams are put on standby to create a public statement and plan for handling media inquiries, especially with high-profile clients affected by the breach.
   • The CFO works with the finance team to estimate potential financial consequences, including lawsuits, regulatory fines, and loss of business.
3. Impact Analysis (Day 2):
   • The legal team begins conducting an impact assessment, identifying which clients’ data was affected and which regulations require notification.
   • The firm must decide whether to offer credit monitoring or other services to impacted clients and whether any legal action should be taken against the vendor.
   • PR and marketing teams work on crafting transparent communications for affected clients, media outlets, and the firm’s employees.
   • A meeting is held with the vendor to understand the root cause of the breach and assess their response plan, including whether the vendor is taking steps to mitigate the breach and prevent further data exposure.
4. Ongoing Response (Day 3 and beyond):
   • IT and legal teams continue working with the vendor to ensure that the breach is fully contained and that no further client data is at risk.
   • The firm reviews its contracts with the vendor and any clauses regarding data security and breach notification. The firm must evaluate whether the vendor has met their contractual obligations.
   • The firm considers long-term solutions to mitigate future risks, including enhancing third-party risk management, implementing stronger data protection measures, and revising the firm’s own security protocols.
   • Client communications continue, keeping clients informed of ongoing investigation efforts and steps being taken to prevent future incidents.

Key Discussion Points:

• What is the first step the law firm should take once the breach is identified, and how should it manage the relationship with the third-party vendor?
• How can the law firm protect its reputation during and after the breach, especially with high-profile clients involved?
• What actions should be taken to ensure compliance with data protection laws and regulatory requirements for breach notification?
• What improvements can be made to vendor risk management and the firm’s internal data security protocols to prevent future breaches?

Both scenarios involve cross-functional collaboration between legal, financial, IT, and communications teams, with an emphasis on managing client relationships, maintaining regulatory compliance, and minimizing reputational damage

These exercises will test the firm’s ability to respond to complex, high-stakes incidents involving sensitive client data.