Heidi Wachs of Stroz Friedberg: Managing Through Cyber Attacks
Heidi Wachs, Managing Director and head of the Washington DC office at Stroz Friedberg, an Aon company, joined Jamie Flinchbaugh on People Solve Problems to discuss managing cybersecurity incidents and problem-solving in crisis situations.
Heidi shared that despite it being 2024 and cybersecurity being constantly in the headlines, many companies are still caught off guard when incidents occur. She explained that cybersecurity incidents create multiple layers of interconnected problems that must be solved simultaneously under intense pressure. The first priority is understanding what’s happening and stopping the immediate threat, whether it’s a foreign nation-state infiltration or a ransomware attack that has encrypted files.
A crucial aspect Heidi emphasized is the importance of clear communication and leadership during an incident. She noted that most response situations involve at least three parties: the affected company, outside counsel, and forensic investigators. Her role often includes translating between technical teams, legal teams, and business stakeholders who may be the most surprised by the situation.
When it comes to managing the emotional aspects of a crisis, Heidi shared a practical tip: find the person in the organization who gets things done – the one with multiple spreadsheets tracking tasks and responsibilities. This person becomes essential in coordinating the response effort, regardless of their official position in the company.
Drawing from her 15+ years of experience, Heidi described how pattern recognition has become a crucial tool in her problem-solving approach. Within the first 30 seconds of a call, she can often identify familiar patterns that help bring the right expertise to the investigation and guide the client’s response.
Heidi highlighted an important challenge many organizations face: the gap between their incident response playbooks and reality. While companies may conduct regular tabletop exercises and feel well-prepared, actual incidents rarely follow the script. She emphasized the need for flexibility and adaptability in response plans, comparing it to how a soccer game never plays out exactly as practiced in drills.
A particularly insightful observation Heidi made was about the often-overlooked middle ground between prevention and response. She noted that many companies have tools to detect early warning signs of cyber incidents but either miss them due to information overload or lack proper monitoring. This can transform what could have been a manageable situation into a full-blown crisis.
The conversation highlighted how successful incident response requires a balance of structured processes and intuitive decision-making, supported by strong team collaboration and clear communication. Heidi credited her success to working with brilliant technical teammates who can clearly explain complex situations, allowing her to bridge the communication gap between technical experts and business leaders.
For those interested in learning more about cybersecurity incident response and preparation, you can find Heidi Wachs at https://www.aon.com/cyber-solutions or connect with her on LinkedIn.