Friday, June 19, 2026
Culture is Control: What Your Committee Should Ask About Cybersecurity
Barry Lewis, CISSP, Senior Director, Optiri
Cybersecurity is not just a technology issue—it is a governance, risk management, and organizational culture issue. This session will help supervisory and audit committee members understand why a strong security culture is one of the most effective controls a credit union can have against cyber threats, fraud, and operational risk. Participants will learn how to identify the characteristics of a healthy security culture, recognize warning signs that may indicate vulnerabilities, and distinguish between measuring compliance and measuring culture. The session will also provide a practical framework for assessing security-culture maturity and equip volunteers with key oversight questions to help evaluate management's efforts to strengthen cybersecurity awareness and accountability throughout the organization.