Executive Readiness Isn’t a Title. It’s What You Do When the Title Isn’t There.

The room was small on purpose. A serious security incident, still known to only a handful of people, and a set of questions a company does not get to answer twice. I was a Senior Director running global IT — not a VP, not a CIO. I had been pulled in because the enterprise IT response was going to be mine to own.

There was no CIO in the seat. There was, thankfully, an experienced CISO running the security response, and I was grateful every day that he was — this is not the version where I pretend I did it all. My lane was narrower and just as real: everything the business actually ran on, kept standing while the security team chased the thing in the dark. And one call in that lane was unmistakably mine to make — fast, on the record, with the C-suite and Legal and the forensics team in the room: we were going to retire our legacy MFA, and we were going to do it without taking the business down.

I was a Senior Director, and I never pretended otherwise. But the problem in the room could not wait for the org chart to catch up. What that year taught me is that executive readiness is a set of disciplines you run before anyone hands you the authority to run them — and you see them most clearly in the moments the title isn’t there to back you up. I won’t name the company or relitigate the incident; the gap between the title that should be making this call and the person who actually has to is where most real leadership happens, and almost nobody trains you for it.

The moment the title wasn’t there

When a serious incident hits and the enterprise IT response lands on you, your first feeling isn’t clarity. It’s the specific weight of knowing that the decisions keeping the business upright are now yours to make — on a Senior Director’s title, at an altitude the org chart hadn’t formally handed you yet.

The title that would normally own those calls wasn’t in the seat. The CISO owned security; I owned IT; and in the gaps between the two — the decisions that were neither purely security nor business-as-usual — someone had to step in and decide. A decision would sit on the table, and the only question that mattered was whether I would own it or wait for an org chart to catch up.

Stepping in isn’t appointing yourself to a role you don’t hold. Stepping up is not the same as moving up. It’s narrower and harder: taking responsibility for the outcome without taking a title you haven’t earned. You hold the line on getting it done while staying honest about who you are.

The people who overreach in a crisis — who grab authority they don’t have — create a second crisis. The people who under-reach, who hide behind “that’s above my pay grade,” leave the company exposed. Readiness lives in the narrow lane between those two failures.

What IT crisis leadership actually looks like when nobody’s coming

People hear “directed the response” and picture a war room and a whiteboard. The reality is quieter and harder: a hundred small decisions a day, most of them made with information that is incomplete and will stay incomplete for weeks. It isn’t heroics. It’s disciplines — boring, repeatable, learnable disciplines. That’s the good news, because it means you can build them before you need them.

Contain before you comfort — the call that was mine to make

Incident response begins with containment, not reassurance. Every instinct under pressure says get on the bridge and tell everyone it’s under control. Resist it until it’s earned. The decision that was unmistakably mine sat in my lane: our legacy MFA — older multi-factor methods that, in the shape this incident was taking, had quietly become a door instead of a lock. I made the call to retire them, in record time, on the record, in front of the C-suite, Legal, and the forensics team.

Making the call is the easy half. Anyone can demand a system be ripped out. The executive half is architecting how you do it without taking the business down with it — then standing in front of the room and presenting that plan as yours to own. Tens of thousands of people had to keep logging in and doing their jobs while the locks changed underneath them. So I designed the cutover to move fast and stay invisible: sequence it, stage it, hold a fallback, brief it so no one outside the small circle felt the ground move. Containment that takes the business down is just a second incident you caused yourself. Containment that holds while the business keeps running — that is the whole job.

Translate, don’t transmit

I was in the room with the C-suite, with Legal, and with the forensics team, and my job there was to represent the IT response — what we could do, what it would cost, and how fast. Different audiences, different dialects. A serious incident generates a firehose of technical detail, and none of them need the firehose. The executives need risk, exposure, and the next move. Legal needs precise, defensible language. The forensics team needs to know exactly what IT has already touched and what it will touch next.

The hardest skill in that room isn’t technical. It’s making the complicated true thing simple without making it false — and being the person whose answer to “how fast can IT move” the room can take to the bank. Frightened experts over-explain. Composed leaders translate. You are not just coordinating the response; you are managing what the incident does to the people watching you coordinate it.

The best people in the room weren’t reporting to me

I didn’t bring in the security expertise — I was brought into a room that already had it. We had an experienced CISO running the security response and the Mandiant forensics team working alongside him, and I was grateful for both every single day. I want to be precise about that, because the temptation in a war story is to quietly absorb everyone’s contribution into your own. The forensics weren’t mine. The security strategy wasn’t mine. What was mine was the IT response — and the readiness that actually mattered was being an IT leader those experts could work with at speed: someone who knew the exact shape of what he didn’t know, gave them clean access and straight answers, turned their recommendations into executed tasks fast, and never once slowed the room down by pretending to be the specialist. Ego is the most expensive thing you can bring into an incident. The fastest thing you can bring is the discipline to run your own lane well and let better people run theirs.

The credibility is in the grind

I put my team onto more than 2,000 service accounts — find every one of them, find who owned it, close the gaps. Service accounts are the non-human logins nobody thinks about until one of them is the open door. Two thousand of them, each a small decision: rotate, revoke, re-scope, verify — alongside the long list of remediation tasks the forensics team handed us. None of it was glamorous. All of it was the job.

This is where a lot of crisis responses quietly fail. Not in the heroic first hours, but in the patient grind weeks later, when attention has moved on and the temptation to call it “mostly done” is overwhelming. My job as the leader wasn’t to rotate every account myself — it was to make sure the team had the ownership map, the air cover, and the relentlessness to actually finish, after the room had emptied and no one was watching. Trust is rebuilt in the boring part. Finish it.

Executive readiness is built before the title, not granted with it

There’s one more discipline, and it’s the one that turned the MFA decision from a security task into an executive one: keep the lights on while you fight the fire.

Through the entire response, the business kept running. We maintained operational continuity. SLAs held. Compliance held. We changed the locks on tens of thousands of logins and the people using them did their jobs without ever feeling it. That doesn’t happen by accident, and it doesn’t happen if the leader pours every resource into the fire and lets normal operations collapse. A response that saves the system but breaks the business is not a success. Anyone can stop a company to make it safe. The executive move is keeping it running while you make it safe.

Not one of those disciplines is a permission you receive when you get promoted. Every one is a muscle you build before the title shows up — or you don’t build it at all, and the title just hands you a bigger stage.

That’s the reframe. We have the causality backwards. The title doesn’t make you ready; the readiness comes first, demonstrated in exactly the moments when the title isn’t there to back you up. In that response, the IT work didn’t follow a title — there wasn’t a CIO’s to follow. It followed whoever was calm, clear, willing to own the decision and architect the how. The promotion, when it works correctly, is the organization noticing a readiness you already proved. It’s a lagging indicator, not a starting gun.

Which means the most important career question isn’t “how do I get the title?” It’s “am I behaving like the person who already carries it — especially when no one is making me?”

If you’re one rung below the title

This is really for the IT leaders one step below the role they want. The senior directors, the heads of, the strong number twos who keep quietly catching the things that fall.

You are going to get a moment like mine. Maybe not a security crisis — maybe an outage, a failed migration, a vendor collapse, a reorg that leaves a hole right where the decision needs to be made. The chair above you is going to be empty at the exact moment it most needs to be filled.

Build the habits now, while it’s calm. Build the relationships across security, legal, and the executive floor before the crisis, because in the crisis there’s no time to build them and every reason to use them. Get fluent talking to lawyers and security leaders before you’re forced to. Do the unglamorous remediation work carefully, because that’s where your credibility is actually minted — not in the war-room theater.

And when the pause comes and you feel everyone’s attention turn toward you, recognize it for what it is. That silence is not a threat. It’s an invitation. Don’t reach for a title you haven’t earned — and don’t hide behind one you don’t have. Step into the gap, and run the disciplines you built for exactly this.

The people who get the chair are almost never the ones who waited until they had it to start sitting in it.

Readiness is not a title. It is what you do when the title is not there yet.

Common questions

What is executive readiness?
Executive readiness is the set of disciplines you can run before anyone hands you the authority to run them. You see it most clearly when a senior title is absent and a decision still has to be owned. It’s demonstrated, not conferred — which is why the promotion that recognizes it arrives as a lagging indicator, not a starting gun.

How do you lead an IT crisis response without a CIO in seat?
You own the IT lane and stay honest about its edges. In my case there was an experienced CISO running the security response and a forensics team alongside him; my job was the enterprise IT response. That meant the call to retire legacy MFA in record time — and architecting the cutover so the business never went down — representing IT in the room with the C-suite, Legal, and the forensics team, and directing my team through the unglamorous remediation. You own the outcome in your lane, credit the experts in theirs, and keep operational continuity, SLAs, and compliance holding the whole time.

What’s the difference between stepping up and acting as a CIO?
Stepping up means owning the outcome without claiming a title you haven’t earned. I was a Senior Director running global IT, not a CIO, and I never pretended otherwise. Readiness lives in the narrow lane between overreaching for authority you don’t have and hiding behind “that’s above my pay grade.”

What incident-response disciplines matter most one rung below the title?
Contain before you reassure — and own the hard call in your lane. Translate technical reality for executives, legal, and the forensics team without distorting it. Work fast alongside the specialists already in the room instead of protecting your ego. Direct your team to finish the unglamorous remediation long after attention has moved on. And protect continuity so the business keeps running while you fight the fire.