Start your day with intelligence. Get The OODA Daily Pulse.
Informing your decisions with actionable intelligence
Start your day with intelligence. Get The OODA Daily Pulse.
Informing your decisions with actionable intelligence
By Vala Afshar, R “Ray” Wang”, and David Bray, PhD
As AI-generated employees infiltrate workforces, hardware arrives pre-compromised, and nation-states deploy Cold War tactics against corporations, organizations need a unified approach that works across security, operations, and leadership.
Editor’s Note: This article represents the first OODA Loop collaboration among R “Ray” Wang, CEO of Constellation Research; Vala Afshar, Chief Digital Evangelist at Salesforce; and Dr. David Bray, Chair of the Accelerator and Distinguished Fellow at the Stimson Center. Ray and Vala host a weekly video show called DisrupTV that has more produced more than 400 episode over ten years. Episode 435 is featured here in OODA Loop because the action-oriented insights raised in that episode bridge the worlds of Corporate Boards and CEOs with National Security, AI, and Economic Risks in an era of converging threats.
When the retired Deputy Director of the FBI tells you that insider threats are underestimated, when a geopolitical strategist warns that one in four employees won’t be real by 2027, and when an executive coach reveals record CEO resignations because the job has fundamentally changed, you’re not hearing isolated problems. You’re witnessing the convergence of three crises that traditional playbooks can’t address. In our 435th episode of DisrupTV, a unified framework emerged from this collision of perspectives: the gap between physical and cyber security that adversaries exploit, the hardware compromises that bypass software defenses, and the leadership models optimized for a world that no longer exists.
In addition to R “Ray” Wang and Vala Afshar as co-hosts, DisrupTV Episode 435 featured three guests. Paul Abbate, retired Deputy Director of the FBI with nearly three decades leading counterterrorism, cybersecurity, and international operations, delivered operational wisdom from the frontlines. Dr. David Bray, Distinguished Chair at the Stimson Center and CEO of LeadDoAdapt Ventures, illuminated how both geopolitical and technological risks converge. Caroline Stokes, author of Aftershock to 2030 and founder of FORWARD Human Capital Solutions, shared insights from coaching executives through what she calls “the polycrisis” of AI disruption, geopolitical fracturing, and societal transformation.
Through our conversation, we synthesized a five-principle framework, initially advanced by David and refined through our collective dialogue, that operationalizes resilience across every organizational layer: from HR verification protocols for fake employees to IT hardware verification for compromised devices, from “come in from the cold” programs for honeypot victims to integrated physical-cyber security teams, from CIO-General Counsel partnerships to polymathic board composition. This is battle-tested wisdom from FBI operations, geopolitical strategy, and CEO coaching distilled into actionable guidance for boards and executives navigating our current period of prolonged turbulence and global uncertainty.
The most dangerous vulnerabilities in modern organizations aren’t technical. They’re structural. When physical security operates separately from cybersecurity, when CIOs don’t partner with General Counsel, when boards lack geopolitical expertise, adversaries exploit the gaps between functions. David emphasized this as the foundation of his framework: “Organizations need to retain Responsible Heretics: Both people inside and outside the organization that can let them know if they’re doing something that’s questionable or if they’re missing something because we’re all going to have blind spots.”
Ray pressed on the practical implementation: how do organizations create these structural integrations when legacy systems and organizational charts resist change? Paul’s operational experience provided the answer. “Often in organizations, cyber and physical security sit in separate components and separate from each other.” He emphasized that while individuals and teams work hard to bring it together, “it’s not necessarily natural. Such a gap creates significant risk and vulnerability.”
Vala raised a critical question about board readiness for this level of transformation, which Caroline addressed directly. “Boards need to be able to really have that reckoning with themselves… boards aren’t ready. Boards have people on there that don’t even reflect what you’re talking about.” She highlighted an innovative approach at Lloyds of London: “They have AI in the boardroom now.”
The responsible heretic principle advocated by David, Paul, and Caroline operationalizes across every function. In security, it means CIOs partnering with General Counsel to present unified tech-geopolitical risk assessments rather than separate briefings. David emphasized this integration: “The CIO, the chief information officer, increasingly needs to be working with general counsel to collectively bring to the CEO and the board, here’s what we’re seeing at the intersection of tech and geopolitical risks. You can’t treat them as separate.” In operations, it means physical and cyber security teams structurally integrated, not just collaborating. In governance, it means boards including polymathic expertise across AI, geopolitics, and systems thinking, not just financial acumen.
Ray’s observation about the speed of change reinforced why responsible heretics matter now more than ever: organizations can no longer rely on quarterly reviews to catch strategic blind spots when the environment shifts weekly.
David’s second principle addresses a fundamental challenge our conversation repeatedly surfaced: our instincts were calibrated for a world that no longer exists. “Your gut might tell you something, however because this is a new world that’s changing so quickly, you might be wrong. As such, it is important to encourage the bringing of data to challenge and inform your views.” This principle directly confronts the polycrisis Caroline described, where AI disruption, geopolitical fracturing, and societal transformation converge faster than traditional decision-making cycles can process.
Paul’s operational framework illustrated what data-driven decision-making looks like under pressure. When asked about evaluating threats, he explained: “What are the assets of the company? What do people want? What do criminals want? What do foreign adversary states want? What are they going after and how do they get at that?”
When Vala asked about threats ranging from water poisoning to energy grid attacks to CEO deepfakes, Paul provided crucial perspective: “Unless you lock things down, which means you’re not doing business and you’re not generating revenue, you’re not making profits, you’re not going about life, which everyone needs to do and wants to do.”
Caroline connected this principle to the leadership crisis driving record CEO resignations, a trend Ray has been tracking across his research at Constellation. “AI Magazine just reported that the integration of AI into business operations is reshaping the corporate landscape so significantly that they’re expecting C-Suite leaders to confront the questions about their own roles.” She noted that “CEOs have been doing the thinking and identified they don’t want to be in that role anymore because the environment has changed so much.”
David highlighted the intersectionality of AI and data, cautioning: “We’re now facing a world that by 2027, one in four employees won’t actually exist.” He explained: “Boards need to ask your HR department: how do we verify that this person who’s applying is a who they claim to be and actually has the talents claimed?”
Vala’s experience from his graduate studies reinforced this point: his advisor would challenge him relentlessly with questions until reaching ground truth, building the critical thinking muscle that data-driven decision-making requires.
David’s third principle addresses a dimension often missing from security and operational discussions: “Create a space to reflect and ask: what do we morally think is right? Take your time to allow moral clarity.”
This principle connects directly to Caroline’s observation about the loneliness epidemic and purpose crisis driving CEO resignations. “Finding purpose, that is everybody’s challenge right now. This is why there’s been a loneliness epidemic. There’s a sense of loneliness because we have found it hard to find our purpose.”
Paul’s career path illustrated moral clarity in action. When Ray asked for advice to young FBI agents aspiring to leadership, his response was straight to the point: “I would say just focus on the work, on the street, on the front line every day. That’s keeping people safe and defending the country. When I started out many years ago, I never thought about or envisioned myself or imagined myself going into management or a supervisory role. I never sought that out. I never pursued it.” This humility-based approach prioritizes mission over ambition, service over status.
The moral clarity principle has practical implications for the verification imperative all our experts emphasized. David noted: “There are actors that are using Cold War style tactics on companies where they’re trying to get someone in a honeypot situation, trying to get them compromised. And then extort that person to have information fed to them.”
When building insider threat programs, Paul emphasized, organizations must balance vigilance with trust. Paul noted: “I think insider threat is something that is often underestimated.”
Vala’s questioning throughout our conversation pushed on this dimension: how do we ensure AI deployment serves human flourishing rather than just efficiency? Moral clarity means asking not just “can we do this?” but also “should we do this?” and “how do we do this in a way that reflects our values?”
David’s fourth principle operationalizes adaptability: “Decision elasticity asks: how wrong would my assumptions about the state of things happening in the world and in my organization to change my decision?” This principle directly addresses the polycrisis reality that even the best decisions may need revision as conditions change faster than planning cycles.
Caroline identified a critical challenge this principle solves: the communication gap created by AI acceleration. “The way that if you and I work with AI to solve a particular problem, we can solve it quickly. What we have to be able to do is to bring everybody else along with it.” Decision elasticity means building in the flexibility to adjust speed and direction as the organization learns.
Ray’s research at Constellation has documented how the most resilient organizations build what he calls “adaptive architectures” that enable rapid reconfiguration. The decision elasticity principle requires specific governance mechanisms. Boards need to define tripwire events that trigger immediate leadership discussions instead of waiting for scheduled meetings, as the geopolitical instability Paul described demands.
Vala emphasized that this requires leaders who can change their minds in the presence of better information without being labeled inconsistent, a cultural shift many organizations still resist.
David’s fifth principle completes the framework: “Whatever decisions you make, don’t get anchored to them should the world change and new data tell you otherwise. Maximize for pivotability because, even if it’s the best decision in the moment, you’ll need to pivot in three or six months as conditions change.” This ensures every major decision includes identified alternatives should updated insights as to the corporate situation later arrive.
Caroline observed leaders who optimized for quarterly results often backed themselves into strategic corners where the only option was continuing a failing approach or admitting complete failure. Pivot options create middle paths.
Paul’s emphasis on public-private partnerships before crisis illustrates pivot options in practice. He stressed the importance of coordination: “Every company should be focused on coordinating in advance and building the partnerships with local, state, local, and federal law enforcement at every level.” These relationships aren’t just for receiving intelligence. They are pivot options when internal security capabilities prove insufficient, when geopolitical events require rapid response, when insider threats exceed organizational capacity to investigate. The relationship exists before you need it, creating options you hope never to use.
For IT facing hardware compromises, pivot options require diverse supply chains and verification protocols at different points in the supply chain. David cautioned: “We are seeing very sophisticated hardware intrusions by sophisticated threat actors. While there’s all this work on zero trust security and software vulnerability detection, we still haven’t actually paid the emphasis on how you verify that a digital device, whether it’s your computer or it’s a web servers, isn’t also sharing additional information to some other location. The risk is the loss of sensitive data and intellectual property.”
Vala’s questioning throughout our conversation highlighted a critical insight: pivot options aren’t just backup plans: they’re strategic assets that enable bold moves because leaders know they have alternatives if conditions change.
The five principles work as an integrated system, not a checklist. Responsible heretics surface the data that challenges gut instincts. Data reveals when moral clarity is compromised by short-term thinking. Moral clarity informs the thresholds for decision elasticity. Decision elasticity only works if pivot options exist. And pivot options require responsible heretics to identify them before they’re needed.
As David emphasized: “What are you doing to reward people if they see something that’s odd, but they don’t know exactly what it is? We need to be putting in place both incentives for people, and machines if they see something odd, yet they don’t know what it is, to elevate early.”
He linked this to cybersecurity incentives as well: “In the real world, if you were a fighter pilot and had a real-world contested engagement, you would get a medal. Yet in cybersecurity if you had a cyber event, a lot of Boards still perceive it as akin to being a bad thing and the folks involved often are penalized. Unintentionally, we are disincentivizing people to engage and do the right thing amid a turbulent world.”
The question facing every board and CEO is simple: Will you implement this framework for leading through extreme uncertainty proactively by building verification systems, integrating across silos, and rewarding engagement before crisis strikes? Or will you discover its necessity only after an adversary exploits the gaps between your physical and cyber security teams, when you realize one in four of your employees doesn’t exist, or when your CEO resigns because the job has fundamentally changed and you have no succession plan for polymathic leadership?
It is our belief that the organizations embracing collective intelligence, building structural resilience, and focusing on maintaining moral clarity will be the ones that shape the future rather than being shaped by it.
R “Ray” Wang is the CEO of Silicon Valley-based Constellation Research Inc. He co-hosts DisrupTV, a weekly enterprise tech and leadership webcast that averages 50,000 views per episode and blogs at www.raywang.org. His ground-breaking best-selling book on digital transformation, Disrupting Digital Business, was published by Harvard Business Review Press in 2015. Ray’s new book about Digital Giants and the future of business, titled, Everybody Wants to Rule The World was released in July 2021. Wang is well-quoted and frequently interviewed by media outlets such as the Wall Street Journal, Fox Business, CNBC, Yahoo Finance, Cheddar, and Bloomberg.
Vala Afshar is currently chief digital evangelist at Salesforce, where he advises customers on the rise of agentic AI and the future of advanced technologies. Previously, he has served as VP of engineering, chief customer officer and CMO. Recognized as a leading industry thought leader, Vala boasts over a million followers on X and LinkedIn, holds multiple US patents, writes a weekly column for ZDNET and has hosted the popular enterprise podcast DisrupTV for over a decade. He is co-author (with Henry King) of “Autonomous: Why the fittest businesses embrace AI-first strategies and digital labor” (Wiley, 2025) and “Boundless: A new mindset for unlimited business success” (Wiley, 2023).
Dr. David A. Bray is a Distinguished Fellow and Chair of the Accelerator with the Alfred Lee Loomis Innovation Council at the non-partisan Henry L. Stimson Center. He is also a CEO and transformation leader for different “under the radar” tech and data ventures seeking to get started in novel situations. He is Principal at LeadDoAdapt Ventures, Inc. and has served in a variety of leadership roles in turbulent environments. He previously served as a non-partisan Senior National Intelligence Service Executive, as Chief Information Officer of the Federal Communications Commission, and IT Chief for the Bioterrorism Preparedness and Response Program. Business Insider named him one of the top “24 Americans Changing the World” and he has received both the Joint Civilian Service Commendation Award and the National Intelligence Exceptional Achievement Medal. David accepted a leadership role in December 2019 to direct the successful bipartisan Commission on the Geopolitical Impacts of New Technologies and Data that included Senator Mark Warner, Senator Rob Portman, Rep. Suzan DelBene, and Rep. Michael McCaul. From 2017 to the start of 2020, David also served as Executive Director for the People-Centered Internet coalition Chaired by Internet co-originator Vint Cerf. Business Insider named him one of the top “24 Americans Who Are Changing the World” and he was named a Young Global Leader by the World Economic Forum. For twelve different startups, he has served as President, CEO, Chief Strategy Officer, and Strategic Advisor roles. The U.S. Congress invited him to serve as an expert witness on AI in September 2025.
About the Author
Dr. David A. Bray is a Distinguished Fellow and Chair of the Accelerator with the Alfred Lee Loomis Innovation Council at the non-partisan Henry L. Stimson Center. He is also a CEO and transformation leader for different “under the radar” tech and data ventures seeking to get started in novel situations. He is Principal at LeadDoAdapt Ventures, Inc. and has served in a variety of leadership roles in turbulent environments. He previously served as a non-partisan Senior National Intelligence Service Executive , as Chief Information Officer of the Federal Communications Commission, and IT Chief for the Bioterrorism Preparedness and Response Program. Business Insider named him one of the top “ 24 Americans Changing the World ” and he has received both the Joint Civilian Service Commendation Award and the National Intelligence Exceptional Achievement Medal . David accepted a leadership role in December 2019 to direct the successful bipartisan Commission on the Geopolitical Impacts of New Technologies and Data that included Senator Mark Warner, Senator Rob Portman, Rep. Suzan DelBene, and Rep. Michael McCaul. From 2017 to the start of 2020, David also served as Executive Director for the People-Centered Internet coalition Chaired by Internet co-originator Vint Cerf . Business Insider named him one of the top “24 Americans Who Are Changing the World” and he was named a Young Global Leader by the World Economic Forum . For twelve different startups, he has served as President, CEO, Chief Strategy Officer, and Strategic Advisor roles. The U.S. Congress invited him to serve as an expert witness on AI in September 2025.
Informing your decisions with actionable intelligence
Informing your decisions with actionable intelligence