5 Questions with John Lenkart, Chief Information Security Officer at Corporate Security Advisors

Security and risk management are rapidly evolving fields, where sophisticated actors, from nation-states to cybercriminals, challenge the very foundation of organizational trust and resilience. We sat down with John Lenkart, CSA’s Chief Information Security Officer, who brings an extensive background of counterintelligence expertise in both government and industry. We asked John to explore strategies and insights that business leaders can leverage to remain ahead of emerging threats, safeguarding not just their intellectual property and financial assets, but also the people behind the systems.

Here’s what John had to say about navigating today’s complex security landscape.

1. How should businesses rethink their security and intelligence strategies to stay ahead of sophisticated financial crimes and nation-state threats?

Assess Risks to Your Assets: John emphasized the importance of organizations conducting an honest self-assessment to identify what would be of value to a hostile actor, whether they were an unscrupulous commercial competitor or an adversarial nation-state. "Understanding what makes you a target from the eyes of the threat is the first step," he said. For Fortune 500 corporations, this often includes intellectual property like pharmaceutical research, cutting-edge technology, or critical industry innovations.

Identify Potential Threat Actors: John pointed out that such assets attract attention not just from cybercriminals, but also nation-states, which may target intellectual property that aligns with their strategic goals. For instance, pharmaceutical research on age-related diseases would be highly valuable because of a rapidly aging population in a foreign country — a demographic concern linked to government/regime stability.

Understand Current Attack Methods: Beyond identifying valuable assets, businesses should transition from treating cyberattacks as crimes of opportunity — like attacks on poorly configured firewalls or phishing emails — to seeing threats as targeted campaigns. Nation-states and organized crime groups, he warned, will often employ advanced techniques, such as tailor-made phishing emails directed at specific employees, built using information gleaned from public sources like breach data or LinkedIn profiles. Also, there are many examples of critical personnel being invited to overseas conferences or asked to collaborate on research, thereby exposing them to technical attacks and deceitful personal engagements.

2. How can companies balance vigilance with a culture of trust when managing insider threats?

Educate and Inform: While "insider threat programs" often invokes concerns of mistrust or surveillance, John champions a proactive, transparent approach. "Security professionals shouldn't operate as secret police within an organization," he said. Instead, insider threat programs should prioritize employee awareness and protection, functioning more as an Asset Protection service.

Transparency about internal monitoring systems also enhances trust, John explained, noting that employees appreciate understanding what systems are in place and why. "It builds a sense of partnership rather than friction, making employees comfortable enough to share red flags when something doesn’t feel right,” he added.

Encourage Outreach and Verification: By emphasizing education and collaboration, security leaders can shift employee behavior to mitigate risk. For example, if an employee in legal or financial distress receives unusual outreach — like an unsolicited job offer or an all-expenses-paid invitation to speak at an overseas conference — security teams should encourage early open discussions to investigate the legitimacy of such offers. According to Lenkart, ensuring employees feel like active participants in protecting the company and themselves helps foster a shared commitment to security while maintaining trust in the workplace.

3. What vulnerabilities arise from the convergence of cyber and financial crime, and how can businesses address them?

Close Your Vulnerability Gaps: John cautioned that many organizations only build robust protections around assets they view as “critical” — like intellectual property — while neglecting business operational support functions, such as an organization’s legal and finance teams. However, these critical operations are often prime targets for cyber-enabled financial scams and nation-state collection attacks.

"One of the most common fraud events involve attacks like business email compromise (BEC)," he observed. Cybercriminals, armed with detailed open-source intelligence, can convincingly impersonate a trusted vendor and reroute large payments into fraudulent accounts.

To mitigate these risks, companies must integrate cybersecurity processes across all operational nodes — not just IT. For example, placing the same cybersecurity protocols used for critical research labs around finance teams and procurement systems can shore up vulnerabilities in neglected areas.

Share Information Across Functions: John also encourages collaboration between finance, procurement, and IT security departments to spot warning signals early. By protecting workflows that involve contract payments or vendor communications, organizations avoid becoming easy targets for malicious actors.

4. What intelligence-driven strategies should business leaders adopt in a world shaped by disinformation and shifting geopolitics?

Analyze Shifts In Your Risk Profile: Economic disruption, supply chain uncertainty, and geopolitical shifts are critical issues for businesses with global footprints. According to John, the key is to anticipate second-order risks before they escalate into crises.

For example, a company moving its manufacturing sites to avoid tariffs could unwittingly open vulnerabilities as foreign suppliers introduce new risks. John warned that hostile actors can easily exploit these shifts by masquerading as benign vendors in key supply chains. "They won't just focus on your intellectual property, but will game your supply chain to dupe you into adopting their solutions," he said.

Evaluate Your Vendors and Suppliers: To mitigate these risks, businesses should adopt intelligence-driven practices — studying geopolitical trends, evaluating supplier relationships, and auditing vendors for compliance with security standards. "The goal is to understand the broader risk landscape and make informed, proactive adjustments to your business and technology strategies," Lenkart advised.

5. What security and intelligence challenges are organizations underestimating the most right now?

Collaborate with Physical Security: John outlined a critical blind spot — the “gray space” between physical and cybersecurity operations. Most organizations clearly delineate cyber responsibilities under a Chief Information Security Officer (CISO) and physical security under a Chief Security Officer (CSO), creating silos. However, true vulnerabilities often fall between these two domains.

For example, he explained that supply chain breaches are often rooted in poorly vetted contractors who have physical or remote access to company systems. "You're not just buying their services when you onboard a contractor — you’re inheriting any risks endemic in their cybersecurity hygiene too," he warned.

Co-locate Security Teams: The solution? Closer integration between cyber and physical security teams. “The most effective organizations co-locate these two functions,” said Lenkart, referencing companies where cybersecurity and physical security teams share physical office space and insights. This unity enables a full-spectrum view of risks, from physical intrusions to network penetration attempts to workplace violence and disruption.

Final Thoughts

John Lenkart’s advice highlights a clear theme—security is no longer about individual systems, policies, or even firewalls. Success lies in fostering a culture of awareness, trust, and shared responsibility, both within and across teams.

By breaking down silos, focusing on second-order risks, and adopting intelligence-driven practices, organizations can shift from a reactive to a proactive approach to modern threats. "Security isn’t about spending more money or buying the latest tech," concludes Lenkart. "It’s about smarter collaboration, culture building, and honest assessments of what makes you vulnerable — and valuable."

--

John Lenkart, Chief Information Security Officer, CSA, has 30 years of experience in counterintelligence and complex technical operations. John serves as a top security advisor to Fortune 100 companies and the US government. He has a deep understanding of threats to critical infrastructure and supply chains. He culminated his federal career as the FBI executive responsible for all FBI human intelligence operations.

‍