Cyberbit’s Caleb Barlow on Crisis Management Skills That Drive Security Forward

The Story This time

In today’s security landscape, decisive leadership often matters more than technical expertise. Caleb Barlow, CEO of Cyberbit, brings a seemingly unconventional but surprisingly common perspective to security incident response, drawing from his background as an EMT and firefighter, where he learned to make consequential decisions with limited data. 

His conversation with Ben on this episode of Human Element reveals why the underwhelming decision-making by executive teams during a breach often causes more damage than the threat actor — a stark reality Caleb witnessed firsthand when a CISO asked for PowerPoint slides for next Thursday’s meeting during an active breach. 

From building commercial cyber ranges that create muscle memory through repetition to explaining why 80-90% of CISOs share backgrounds in military, law enforcement, or emergency response, Barlow illuminates how security professionals must develop crisis decision-making skills through experiential learning rather than relying solely on theoretical knowledge.

Stories We’re Telling Today

• How making decisions with limited data, accepting consequences, and being willing to pivot as new information emerges creates more effective security outcomes than traditional corporate decision processes.
• How pattern recognition and muscle memory developed through repeated security simulations enable leaders to identify attacker behaviors that classroom training cannot teach.
• Why 90% of breaches result from basic security hygiene failures rather than advanced persistent threats, illustrated by how even training malware gets flagged as APTs by modern EDR solutions.
• The critical practice of daily standups where 20% of time is deliberately “unproductive” conversation, creating connections that prevent surprise resignations and conflict escalation.
• How security leaders must ruthlessly filter information sources to combat both the technical barrage and political noise that threaten focus on critical security functions.
• Applying Colonel John Boyd’s air combat decision framework (Observe, Orient, Decide, Act) to cybersecurity, recognizing that non-decisions default control to adversaries.
• Why filtering candidates based on specific tool experience creates artificial bottlenecks when fundamental skills and mission orientation matter more.
• Why the hardest career step is becoming a coach rather than the smartest person in the room, requiring communication and leadership skills rarely taught to technical professionals.

Too busy; didn’t listen:

• Caleb Barlow argues executive indecision during breaches often causes more damage than the attackers themselves, forcing security leaders to make decisions with limited data.
• His background as an EMT and firefighter shaped his crisis-management approach, where experiential learning through cyber ranges builds the pattern recognition skills that classroom training cannot provide.
• Daily team scrums with deliberate time for non-work conversation prevent communication gaps and surprise resignations in remote work environments.
• Most “sophisticated nation-state attacker” claims mask basic security failures — 90% of breaches stem from negligence in implementing fundamental controls.
• Technical professionals should invest in communication and “soft skills” earlier in their careers, as these become critical for leadership positions and cannot be developed overnight

Skip to the Highlight of the Episode

35:29-35:54 “We’ve got some tough competition, we’ve got a great product, but man, there’s going to be some tough days. There’s going to be some tough quarters. So you better be all in for the mission or there’s going to be a Tuesday where you’re like, ‘Oh, this is just too hard.’ And if you’re not, if you’re not really after that success factor, know what it is, and want to work together as a team, then it’s not the right place for you.”