Happy New Year! I hope you found some time over the festive period to rest and reset.
The end of the year can be an exhausting sprint, with January arriving at full throttle from the very first Monday back. There’s often so much emphasis on resolutions and forward plans, but as many of you know, I prefer to pause before accelerating. I like to look back before looking ahead.
Living in the UK, I also like to work in rhythm with the Northern Hemisphere’s darker months. I find there’s a natural invitation to slow down, reflect, and quieten. This matters more than ever in leadership roles where urgency is constant and genuine thinking time is rare.
As the final days of 2025 slipped away, my reflection went deeper than a typical year-end review. I certainly wasn’t tallying flights, projects, media mentions, or awards. I was asking a harder question:
Why did the work matter?
The Conversations that Changed Everything
Throughout 2025, my calendar was full. But it wasn’t the number of meetings that stayed with me. It was the quality of what was said when the noise died down.
I spent hours in private, often off-the-record conversations with CISOs, CEOs, board members, and founders, from global enterprises wrestling with legacy complexity to smaller organisations trying to make sense of relentless cyber headlines.
Despite the differences in scale, the emotional undertone was remarkably consistent. Behind closed doors, bravado disappeared. Leaders spoke candidly about confusion, isolation, and uncertainty — not about technology, but about decision-making under pressure. And almost every conversation led to the same conclusion:
When cyber incidents happen, organisations don’t fail because they lack technology. They fail because their leadership systems were never designed for uncertainty, pressure, and loss of control.
We’ve spent decades building systems to keep attackers out. However, we’ve spent far less time designing the human systems required to decide what to do when they inevitably get in.
The Leadership Gap
This pattern became impossible to ignore.
I heard story after story of boards paralysed during ransomware incidents because authority wasn’t clear. I listened to CISOs describe shouting warnings into a void because technical risk couldn’t be translated into business language that leaders could act on.
These were rarely technical failures. Far more often, they were failures of leadership design, communication, and culture — and they were preventable.
We train technical teams to fight fires. We rarely train executives how to lead through the smoke.
It was here, after a year of hearing the same leadership fractures repeat themselves, that something shifted for me.
Writing my Next Book
For several years, I’ve resisted writing another book. When a prominet publisher approached me last year I told them I didn’t want to write unless I felt the same sense of conviction I had when I wrote IN Security, a decade ago.
I know that was asking a lot, as that book was a true calling, but at the end of 2025, something shifted. I realised I had to write this next book.
If you scroll through Amazon, you’ll find no shortage of cybersecurity book titles. Typically, they’re technical manuals, career guides, or stories of famous hacks and hacking groups. Many are solid books, but what we still don’t have is a leadership book about what actually happens when a cyber-attack happens, systems fail, and why well-run organisations still unravel.
There remains a gap between cybersecurity, CEOs, and the board. That gap is where I’ve spent much of the past year. And it’s where I believe the real battle for resilience is being fought, and too often lost.
A New Lens: Maslow through Cyber
To make sense of what I kept seeing, I turned to a framework outside technology. Viewing Maslow’s Hierarchy of Needs through a cyber lens – something I began exploring in 2024 – proved unexpectedly powerful. It became central to my writing and talks throughout 2025.
Most organisations invest heavily in the middle layers of the hierarchy: governance, controls, and tools. These are necessary. But they are also insufficient.
Just as humans cannot thrive on shelter alone, organisations cannot survive disruption on technology alone. What we consistently neglect are the foundational layers: people, culture, and decision-making. Psychological safety. Authority. Judgment under pressure. And when those foundations are weak, resilience collapses upward.
I know writing this book will be one of the hardest things I’ve done professionally in a long time. It confronts uncomfortable truths rather than comforting narratives. It is far easier to buy new technology than to address a culture where bad news is buried.
Over time, I’ve learned this lesson repeatedly:
Leadership is often what quietly erodes resilience, or creates the conditions for people and organisations to adapt and endure.
A Year of Engagement, not Theory
These insights weren’t formed in isolation. They were tested, challenged, and sharpened in public. 2025 was a year of deep, on-the-ground engagement. I wanted to be in the rooms where these issues were being wrestled with, not commenting from the sidelines.
I spoke at leadership and cybersecurity events across the UK and Europe, from UK Cyber Week in London and Viatel Technology Group in Dublin to Money20/20 in Amsterdam, Mastercard‘s RiskX in Rome, MSP GLOBAL in Barcelona, and Cyber Root (MITA (Malta Information Technology Agency)) in Malta.
What struck me most was the shift in the questions. Fewer technical debates. More focus on judgment, authority, and survivability. Panels moved beyond “Are we secure?” to the far more honest question: “Are we ready to decide when we’re not?”
Podcasts were another highlight, as long-form conversations still matter. Sitting with people who don’t always agree and letting tension surface is where insight lives.
Many of those discussions now live on my growing YouTube channel, featuring voices from organisations including Mastercard, Microsoft, Elastic, Commvault and Cyber Monks GmbH, see:
- Inside the AI-Driven Future of Cyber Resilience | Conversation with Mandy Andress, CISO at Elastic
- Why Cybersecurity is a Boardroom Priority, Microsoft
- Quantum Computing & Cybersecurity Threats: Michael Fasulo from Commvault on Quantum-Safe Innovation
- Cybersecurity For Small Businesses: How To Protect Yourself (Cyber Monks Matercard)
- Why Hackers Love SMEs X Anas Hanous, Cyber Monks Mastercard
My influencer and brand ambassador work also continued, deliberately and selectively. In a noisy market, I chose partnerships rooted in trust, clarity, and impact from the companies jsut mentioned, and with others like Hornetsecurity, ManageEngine, Rubrik, BT Business, OutThink, Teramind and Modulate. Independence matters. Credibility matters. I want to be able to say, honestly, I believe in this.
- The Voices That Stay With You: Fraud, Emotion & AI (Modulate)
- Beyond the Breach: Identity Resilience with Jane Frankland (Rubrik
- #SheLeads – Jane Frankland MBE (365 Finance)
- Women in Tech – Empowering the Next Generation of Innovators at MSP GLOBAL 2025
- Minding the Gap Between IT and Security with Jane Frankland | STRIVE Ep 14 (Commvault)
Impact, Intent, and an Uncomfortable Reality
One of the most meaningful and confronting parts of 2025 was my work through the IN Security Movement. Over the past year, I worked closely with Cyber Monks GmbH Mastercard funding small businesses – a game changer.
I also worked with an extraordinary group of volunteers from across the globe – bright, committed people who want to make the digital world safer and more inclusive, while building skills and confidence along the way. We bonded as a cohort, made some progress, and felt that rare combination of momentum and purpose that reminds you why this work matters.
The mission of IN Security has always been simple – to increase cybersecurity awareness, widen access to opportunity, and support disadvantaged communities through mentoring, funding, and scholarships. And in many ways, that mission is working.
But last year also exposed a harsh and uncomfortable reality, which impacted our work.
In the UK, current legislation means that unless someone is a registered student or volunteering through a charity or charitable incorporated organisation, they must legally be paid the National Minimum Wage, even if they actively want to volunteer their time, learn on the job, and contribute to a meaningful cause. On paper, this law exists to protect people from exploitation. In practice, it’s also preventing access to experience in flexible, supportive environments, particularly in fast-moving fields like cybersecurity, where entry-level roles are shrinking, automation is rising, and human access points are disappearing.
It felt like a cruel irony, especially as a very small organisation trying to do some good, and one that mirrors so many of the leadership failures I’ve seen elsewhere. Systems designed with good intent, applied without nuance, end up excluding the very people they’re meant to support.
Despite this, the group didn’t dissolve. Some adapted, helped shape strategy and content, and we still managed to put more women through IN Security scholarships, thanks in part to my relationship with Black Hat.
Impact, even constrained, is still worth pursuing.
What Comes Next
If 2025 taught me anything, it’s this…
Cyber resilience isn’t something you buy. It’s something leaders design. It requires decisions made in advance. Relationships built before crisis. Clarity about values, authority, and communication when systems fail. My forthcoming book will be my attempt to give language and structure to that reality. It won’t be a technical book. It will be a human book about business survivability in the digital age.
As we step into a volitile 2026, please know how grateful I am to everyone who trusted me with their stories, challenged my thinking, and invited me into their conversations last year.
When it comes to cyber, we don’t need louder conversations. We have plenty of noise. We need braver, more strategic ones.
So here’s to a more honest, resilient, and intentional year ahead. And, thank you in advance for supporting the work I’m doing. I’m honoured to serve you, as always.
Now I Want to Hear from You
As you reflect on 2025 and plan for 2026, what did last year reveal about how your organisation really leads under pressure, and what will you design differently as a result?
Or if you’re more comfortable, tell me in the comments on LinkedIn – where the conversation is at – what lessons (personal or professional) from 2025 are you most determined not to ignore.
