Nett Lynch, CISO at Kraft Kennedy, shared insights from her distinguished career and her work as a GTIA Cybersecurity Leadership Award recipient. Her journey—spanning hands-on systems administration and MSP ownership to executive advisory and her current CISO role—provides a unique vantage point on the evolution of the industry. Her core message focused on bridging the communication gap between technical teams and the C-suite by reframing security as a business enabler rather than a financial bottleneck.
Central to her strategy is the “Assume Breach” mindset. For executives skeptical of security investments, she recommends using penetration testing and objective assessments to provide a reality check of the organization’s actual exposure. Her work with GTIA has produced a robust toolkit for the channel, including:
- The Ten-Exercise Guide: A structured approach to incident readiness.
- Vendor Management Focus: Aligning third-party risk with industry Trustmarks.
- Live Tabletop Simulations: Immersive exercises conducted at major events like ChannelCon to stress-test decision-making under pressure.
For MSPs, she advocates for business-focused exercises that do more than test backups—they clarify escalation paths, set stakeholder expectations, and define the specific moment to engage cyber insurance providers. By focusing on tangible business outcomes and leveraging outsourced expertise where internal gaps exist, MSPs can build a resilient culture that survives the inevitable breach.
