CybersecurityCIO PulseDefenseEnterprise

Cyber Security Readiness: Prevention Vs. Response | David McLeod, CISO of VF Corporation

CIO Talk Network
CIO Talk NetworkMay 20, 2026

Why It Matters

Effective cyber resilience now hinges on integrating both preventive controls and rapid response, shaping budget priorities and board oversight across all sectors.

Key Takeaways

  • Prevention and response must be balanced, not mutually exclusive.
  • VF’s retail focus drives a risk‑based, customer‑centric security strategy.
  • Data‑driven frameworks translate risk into actionable budget requests.
  • Boards demand clear answers on breach prevention and rapid recovery.
  • Continuous threat intelligence and asset visibility are essential for modern CISOs.

Summary

The CIO Talk Radio episode features David McLeod, CISO of VF Corporation, discussing cyber‑security readiness and the perennial debate between prevention‑focused and response‑driven strategies. McLeod frames the conversation around VF’s diverse retail portfolio—brands like Vans, The North Face, and Wrangler—and explains how the company’s business model shapes its security priorities.

He argues that a pure‑prevention or pure‑response stance is insufficient; instead, a risk‑based framework that quantifies asset value, threat likelihood, and business impact is essential for securing budget and executive buy‑in. Stakeholders, especially boards, are asking concrete questions about protection measures, governance, and rapid recovery plans, forcing CISOs to translate technical controls into business‑level metrics.

McLeod illustrates his points with vivid examples: the inevitability of breach attempts (“it’s not if, it’s when”), the need for comprehensive asset inventories, and the role of continuous threat‑intelligence feeds. He even imagines an unlimited‑budget scenario, highlighting the importance of encryption, rigorous process discipline, and proactive hunting capabilities.

The takeaway for leaders is clear: cyber‑risk must be managed like any other enterprise risk, with ongoing dialogue between security teams, business units, and the board. Balancing prevention investments with robust response capabilities protects brand reputation, sustains e‑commerce growth, and ultimately safeguards shareholder value.

Original Description

In this episode of CIO Talk Radio, Sanjog Aul is joined by David McLeod, CISO of VF Corporation, to discuss the critical dilemma of cybersecurity readiness: prevention vs. response. With cyber threats becoming increasingly sophisticated, how should organizations balance prevention strategies with the ability to respond swiftly when attacks occur? Tune in as David shares insights on real-world strategies that CISOs can apply to protect their organizations and manage risks effectively.
Topics Covered:
The growing threat landscape and the importance of preparing for cyberattacks.
Strategies for prevention and mitigation, including frameworks like NIST.
The impact of cyberattacks on businesses and how to manage stakeholder expectations.
Building a strong incident response plan and the role of threat intelligence.
How to balance preventive measures with a proactive response strategy.
Timestamps:
0:00 – Introduction
1:30 – David McLeod introduces VF Corporation and its cybersecurity priorities
7:00 – Preventive vs. response strategies in cybersecurity
14:45 – The business case for cybersecurity investments
21:00 – Importance of the NIST framework for cybersecurity governance
28:30 – How to engage stakeholders on cybersecurity risks and solutions
35:00 – A deep dive into incident response planning
40:00 – Managing APTs and other advanced threats
46:30 – The future of cybersecurity and the evolving role of CISOs
50:00 – Closing remarks
About CIO Talk Network:
CIO Talk Network is a leading platform where executives and experts share their insights on business and technology. Tune in for thought-provoking discussions about digital transformation, leadership, and more.
Connect with us on:
Don’t forget to like, share, and subscribe for more insightful discussions.

Comments

Want to join the conversation?

Loading comments...