Zach Lewis serves as both CIO and CISO at the University of Health Sciences and Pharmacy in St. Louis, bringing nearly a decade of experience across engineering, systems administration, help desk leadership, and executive IT leadership. He oversees technology operations and cybersecurity for one of the oldest pharmacy institutions in the United States, balancing academic continuity, research integrity, and institutional resilience. Zach is also the author of the upcoming book Locked Up: Cybersecurity Threat Mitigation, Lessons from a Real World LockBit Ransomware Response, which documents a firsthand ransomware incident and the leadership decisions required to navigate it. His perspective blends technical depth with lived experience under real pressure.
Zach Lewis walks through the ransomware incident that ultimately inspired his book. The attack began with system outages that initially looked like aging infrastructure failures during a period of delayed hardware refreshes caused by supply chain issues. After briefly restoring systems, the environment collapsed again, revealing a ransomware note at the hypervisor level. By that point, core files had been encrypted, leaving little opportunity for traditional endpoint or EDR controls to intervene.
Zach explains the rapid shift from disaster recovery to full incident response. External forensics teams, negotiators, cyber insurance, legal counsel, and federal authorities were brought in while the university worked to remain operational. Thanks to a SaaS first strategy adopted prior to the incident, students and faculty were largely unaffected, even as backend systems were rebuilt. Full recovery and remediation took nearly two months, with teams working long hours under extreme pressure.
A central theme of the conversation is the human side of ransomware. Zach describes the stress placed on leadership, the emotional toll on staff, and the importance of remaining calm when others are overwhelmed. He emphasizes that CISOs are not hired to prevent every incident, but to respond, recover, and lead through uncertainty. Clear communication with executives, boards, and end users became just as important as technical recovery.
Zach also discusses why he chose to write Locked Up. Ransomware incidents are often hidden due to legal and reputational concerns, leaving practitioners without real guidance. By openly documenting what happened, including mistakes and lessons learned, Zach aims to provide a practical framework for others who will inevitably face similar events. He closes with advice on incident response planning, out of band communication, backup testing, password manager access, and the value of pre established relationships with the FBI and CISA.
Resources mentioned in this episode
This episode is brought to you by CyberLynx.com
CyberL-Y-N-X.com.
CyberLynx is a complete technology solution provider to ensure your business has the most reliable and professional IT service.
The bottom line is we help protect you from cyber attacks, malware attacks, and the dreaded Dark Web.
Our professional support includes managed IT services, IT help desk services, cybersecurity services, data backup and recovery, and VoIP services. Our reputable and experienced team, quick response time, and hassle-free process ensures that clients are 100% satisfied.
To learn more, visit cyberlynx.com, email us at help@cyberlynx.com, or give us a call at 202-996-6600.