CYBERSECURITY, RISK & GOVERNANCE —
Most organizations don't have a cybersecurity problem.
They have a decision problem wearing a cybersecurity mask.
A keynote and advisory offering for leadership teams who need to govern risk at the speed risk is actually moving.
THE PROBLEM —
Until their feet were held to the fire, most organizations didn't invest.
And whoever was at the head of that department paid the price for a decision that was never theirs to make.
01 —
The head of cybersecurity gets dismissed. The governance gap that caused the breach stays.
Jack has sat across the table in those rooms. Organizations that suffered significant cybersecurity failures were not staffed by people who didn't care. They were staffed by people who were underfunded, ignored, or operating without the decision authority to fix what they could already see. Finding the individual after the fact solves nothing. Closing the governance gap does.
02 —
Boards are approving cybersecurity strategies they cannot evaluate.
A board that cannot ask a second or third question about a cybersecurity update is not governing. It is nodding. The gap is not a board intelligence problem. It is a framework problem — the absence of a structured way to know what questions to ask and what answers should sound like.
03 —
AI has created a new class of risk that most governance frameworks were not built to handle.
Algorithmic systems are making decisions — about risk scoring, clinical care, credit, and hiring — without a human review step. That is not a technology update. It is a fiduciary exposure. Most organizations discovered it the hard way.
The teams that execute strategy well are not the ones with the best plan.
They are the ones who built a shared architecture for how decisions get made inside it.
THE TALKS —
Jack builds each talk around a specific audience problem.
The frameworks are proprietary.
The language is plain.
The takeaways are designed to survive the drive home.
01
Clear Confidence
Target Audience: Leadership teams that keep getting surprised by disruptions that were predictable
Most executives know what they need to decide. They cannot pull the trigger cleanly. This keynote is not about courage. It is about structure. When leaders are clear on the goal, clear on the role, and clear on what information is actually available — not perfect information, available information — confident decisions become predictable, not lucky.
Three questions every leader should ask before every critical decision.
02
The Decision Switch™
Target Audience: Organizations where decision velocity is the competitive bottleneck.
A cognitive governance framework for making faster, better decisions under pressure. Built from thousands of executive interviews and hundreds of organizational assessments, this talk names the specific factors that slow decisions down — cognitive bias, role ambiguity, misaligned authority — and gives every person in the room a repeatable process for moving through them.
A framework they can teach their team on Monday.
03
Spot the Ripple™
Target Audience: Leadership Teams, Associations, Corporate All-Hands
Every major market shift, regulatory event, and operational failure Jack has encountered had early warning signals that preceded it. The question was never whether they were visible. It was whether anyone was assigned to act on them. This keynote teaches leaders to read the ripple before it becomes a wave.
A named process for watching signals before they become crises.
04
The Invisible Hand of AI
Target Audience: Boards, audit committees, risk and governance audiences
Most boards think AI governance is an IT problem. It is not. Algorithmic systems are already influencing risk assessments, financial models, and hiring decisions — without a human decision-maker in the loop. This keynote teaches boards how to spot those invisible decision points before they become liability events.
Five diagnostic questions every audit committee should be asking — and what credible answers sound like.
WHY JACK —
He has been the person in that room delivering the report nobody wanted to hear.
Jack holds the CISSP, CGEIT, and CISA. He built and led cybersecurity transformation programs at organizations ranging from regional health systems to $4B enterprises. He was not consulting from the outside. He was accountable for the outcome.
The pattern he observed consistently: organizations did not fail because the threat was unknown. They failed because the decision to act was deferred, underfunded, or assigned to someone without the authority to execute. He built The Decision Switch™ in direct response to that pattern.
"
For a long time, you have asked me if I could help you resolve the issues we identified in your information security program. Would you be interested in me coming on as a consultant and helping you in addressing those issues?
The CISO's answer was immediate.
— YES, AND WITHIN 24 HOURS THEY HAD AN AGREEMENT.
THE AUDIENCE OR CLIENT LEAVES WITH —
Governance that closes the gap before the regulator finds it.
01
A governance framework for cybersecurity that the board can actually use.
Every lab includes a live decision exercise using The Decision Switch framework. Teams apply it to a real, unresolved challenge — not a hypothetical. They leave having used the process once, which means they can use it again without facilitation.
02
Five questions every audit committee should be asking.
Role ambiguity is the hidden tax on strategy execution. Using a mapped decision authority structure — built in the lab, not prescribed in advance — teams leave knowing exactly which decisions belong to whom and which ones require collaboration before anyone moves.
03
A named watcher for the ripples that matter.
Using the Spot the Ripple™ framework, organizations identify the specific signals — in AI systems, in vendor relationships, in access controls — that require a named person with a named responsibility. Not a committee. A person.
04
A crisis decision protocol they can test before they need it.
Most organizations discover their incident response process has governance gaps during the incident. This session surfaces those gaps in a controlled environment — before the regulator does.
HOW IT'S DELIVERED —
Keynote.
Workshop.
Advisory.
Every format includes a pre-event call to align the talk to the audience — not the agenda template from the last conference.
— 🕒
45–75 min
Keynote
Best suited for: Conferences, risk summits, association events, and leadership forums where the audience includes CISOs, CROs, audit committee chairs, and the boards that govern them.
What it delivers: The core cybersecurity and AI governance framework to a large audience in a single session. Attendees leave with a shared vocabulary for board-level oversight, the five diagnostic questions every audit committee should be asking, and a reframe on where the real risk lives — inside the decision architecture, not just the technology stack.
— ☀️
Half to full day
Executive Workshop
Best suited for: Leadership teams and boards navigating active regulatory pressure, a recent breach or near-miss, an AI implementation with undefined governance, or a cybersecurity program that keeps getting approved without being resourced.
What it delivers: A working session — not a briefing — where Jack facilitates a live governance gap assessment against the organization's actual risk landscape. Produces a decision authority structure for cybersecurity and AI risk, with a named watcher assigned to each signal that currently has no one watching it.
— 🗓️
30 - 90 days
Virtual Keynote
Best suited for: Organizations building or rebuilding a risk governance framework, responding to a regulatory finding, or standing up an AI governance program that needs a decision architecture — not another technology audit.
What it delivers: Project-based engagement scoped to a specific deliverable. Jack brings the CISSP, CGEIT, and CISA credential set alongside 25 years of Big 4 governance advisory experience. The output is defined before the engagement begins and delivered on a fixed timeline. No retainer. No open-ended scope.
THE NEXT STEP —
If your board packet has a cybersecurity program that's never challenges — that is the problem.
Reach out and expect a response within 24 hours. Jack engages with organizations navigating regulatory exposure, post-incident governance gaps, and AI risk programs that need a decision architecture — not another technology audit.
Sign up for The Clear Confidence ReportTM
No spam.
Just useful ideas you can put to work.
Jack P. Flaherty
The Decision Architect
jack@jackpflaherty.com
+1 (213) 537-3507
© 2026 Jack P. Flaherty. All rights reserved. "The Decision Architect" and "The Decision Switch" are trademarks.
Sign up for The Clear Confidence ReportTM
No spam.
Just useful ideas you can put to work.
Jack P. Flaherty
The Decision Architect
jack@jackpflaherty.com
+1 (213) 537-3507
© 2026 Jack P. Flaherty.
All rights reserved. "The Decision Architect"
and "The Decision Switch" are trademarks.