Channel Women In Security: Leading The Charge in Cyber Resilience
In episode 2 of the Channel Women in Security podcast, eSentire’s Tia Hopkins dives into the concept of cyber resilience, exploring its significance in today's cybersecurity landscape.
In episode 2 of the Channel Women in Security podcast, eSentire’s Chief Cyber Resilience Officer and Field CTO Tia Hopkins dives into the concept of cyber resilience, exploring its significance in today's cybersecurity landscape.
Hopkins emphasizes the need for organizations to shift their mindset from traditional cybersecurity approaches to a more adaptable and resilient framework.
Host Cass Cooper discusses with Hopkins the importance of understanding where organizations currently stand in their cybersecurity efforts and how to bridge the gap towards a more resilient future.
(transcript below)
How do you define cyber resilience as distinct from traditional cybersecurity?
I like to lean on industry-recognized definitions for thought leadership. NIST’s Special Publication 800-160, Volume 2, Revision 1, from December 2021, defines cyber resilience as the ability to anticipate, withstand, recover from, and adapt to adversity—be it a cyber incident or other challenges. I see it as the next evolution of cybersecurity. While traditional cybersecurity focuses on being proactive—securing assets, protecting, and detecting threats—resilience shifts the mindset to adaptability. It acknowledges that breaches will happen, but focuses on preventing business disruption.
With your experience, how has your view on cyber resilience evolved over time, and why do you think it’s so critical now?
It’s become a central focus for me, and not just because it’s part of my title. Traditional methods of securing and enabling businesses remain important, but they’re no longer enough. In risk management, for example, the first step is identifying risks—but what if you miss some? Instead of just preparing for known risks, we need to be ready for anything. I often say, “Winter is always coming” when talking about resilience. It’s about being prepared for the unexpected, ensuring that when incidents occur, we can minimize their impact and recover swiftly.
What strategies do you recommend for companies to improve their recovery and adaptation when cyber incidents occur?
I love the framework of anticipating, withstanding, recovering, and adapting—it helps organizations assess their strengths and address gaps. But I advise against treating these pillars in isolation. Each pillar influences the others. For instance, better anticipation strengthens your ability to withstand attacks, which then reduces the effort required for recovery. It’s like a castle; the less damage to the walls, the faster the repairs. Organizations should focus on their strengths but also ensure they maintain a holistic view of their resilience program.
As a professor and a cybersecurity leader, how has your background shaped your approach to cybersecurity?
I hope my perspective helps evolve the industry. Understanding where a business is now, where it needs to go, and bridging that gap daily is crucial because the end goal is always shifting. Cybersecurity is constantly evolving—our networks are borderless, our users and data are everywhere, and AI is accelerating the development of sophisticated attacks. Resilience has to be the goal, allowing businesses to continue delivering value despite adversity. My PhD research is focused on using cyber resilience to bridge the communication gap between technical and non-technical leaders. It’s about speaking the same language—business leaders care about resilience, so that’s where we find common ground.
Is there anything else you’d like to add?
One thing I often hear is, "How do I start a cyber resilience program?" It’s really about adding a mindset and a clear destination to what you’re already doing. It will help guide prioritization and outcomes. Assess where your organization stands and where your leadership is on the concept of resilience, get buy-in if needed, and take it from there. And don’t try to do everything at once—you’ll get stuck.