In this episode, Dr. Dave Chatterjee speaks with Josh Cook, a seasoned cybersecurity and privacy attorney who has guided multinational corporations and mid-sized businesses through high-stakes cyber crises. Drawing on his experience as the first Global Cyber Counsel for a Fortune Global 500 company, Cook shares how he built a global cyber legal function from scratch and why legal teams must be engaged long before an incident occurs.
Together, they explore the human, organizational, and legal dynamics of crisis leadership: from building attorney-client privilege into preparation, to developing muscle memory through tabletop exercises, to ensuring the C-suite speaks with one unified voice when every second counts. Anchored in Dr. Chatterjee’s Commitment–Preparedness–Discipline (CPD) framework, the discussion underscores how legal, leadership, and security functions must converge to preserve trust and resilience in the face of relentless cyber threats.
Time Stamps
· 00:49 — Introduction to Josh Cook and his career journey
· 02:43 — Building the global cyber legal function
· 06:18 — Why legal must be engaged early in cyber strategy
· 09:10 — Prepared vs. unprepared organizations and the “B-OODA loop”
· 10:58 — Dr. Chatterjee introduces the CPD framework in crisis leadership
· 14:30 — Leadership commitment and the ROI of prevention
· 17:11 — Tabletop exercises and developing organizational muscle memory
· 19:45 — Crisis leadership styles and their impact on teams
· 21:55 — Cybersecurity as strategic enabler and trust foundation
· 27:03 — Preparing for the next attack, not the last one
· 29:45 — Common crisis weakness: fractured C-suite response
· 33:58 — Unified communication and trust building
· 38:02 — Clear, simple, consistent crisis communications
· 41:17 — The importance of genuine care for stakeholders
· 43:08 — Josh Cook’s closing reflections: cyber crises are business problems rooted in people
To access and download the entire podcast summary with discussion highlights -
https://www.dchatte.com/episode-91-leading-under-fire-legal-and-leadership-lessons-from-cyber-crises/
Connect with Host Dr. Dave Chatterjee
LinkedIn: https://www.linkedin.com/in/dchatte/
Website: https://dchatte.com/
Books Published
The DeepFake Conspiracy
Cybersecurity Readiness: A Holistic and High-Performance Approach
Articles Published
Ramasastry, C. and Chatterjee, D. (2025). Trusona: Recruiting For The Hacker Mindset, Ivey Publishing, Oct 3, 2025.
Chatterjee, D. and Leslie, A. (2024). “Ignorance is not bliss: A human-centered whole-of-enterprise approach to cybersecurity preparedness,” Business Horizons, Accepted on Oct 29, 2024.
Isik, O., Chatterjee, D., and Lourenco, D.A. (2024). “Getting Cybersecurity Right,” California Management Review — Insights, Accepted for Publication, July 8, 2024.
Chatterjee, D. (2023). “Mission critical – How American Cancer Society successfully and securely migrated to the cloud amid the pandemic,” I by IMD, March 13, 2023.
Chatterjee, D. (2022). “Preventing security breaches must start at the top,” I by IMD, September 28, 2022, Institute for Management Development, Lausanne, Switzerland
Chatterjee, D. (2022). “Making Cybersecurity Readiness Mainstream,” Executive Blog Post, NETSPI, March 1, 2022
Benz, M. and Chatterjee, D. (2020). “Calculated Risk? A Cybersecurity Evaluation Tool for SMEs,” Business Horizons, available online from May 4, 2020
Chatterjee, D. (2019). “Should Executives Go To Jail Over Cyber Attacks,” Journal of Organizational Computing and Electronic Commerce, Vol 29, Issue 1, pp. 1-3.
Abraham, C., Chatterjee, D., and Sims, R. (2019). “Muddling through cybersecurity: Insights from the U.S. healthcare industry,” Business Horizons, July 2019.