By Dave DeFusco
Five students in the Katz School of Science and Health鈥檚 M.S. in Cybersecurity earned third place and scholarship prizes at the ISACA New York Metropolitan Chapter 2026 Cybersecurity Case Study Competition by tackling one of the most disruptive technology failures in recent history.
Competing under the team name 鈥淭he Futurists,鈥 Daniel Lodi, Joanna Chishakwe, Abraham Isyagi, Wetaka Rogers and Chabota Matongo were challenged to analyze the CrowdStrike global outage of July 19, 2024. The incident affected approximately 8.5 million Windows computers worldwide, disrupting airlines, hospitals, banks and other critical services while causing an estimated $5.4 billion in losses among Fortune 500 companies.
Rather than examining the event solely as a technical malfunction, the team focused on the leadership, decision-making and oversight failures that allowed a small software update to trigger a worldwide crisis.
鈥淭he recommendations changed our conclusions because we were looking at things from the governance perspective,鈥 said Lodi, who served as team lead and assumed the role of CrowdStrike鈥檚 director of technical support. 鈥淚n every organization, leadership and governance define how security supports business operations and objectives. If leadership does not support the cybersecurity initiatives presented by the technical team, any initiative will not work.鈥
The competition case study, 鈥淰endor Woes: How a Perfect Storm Marred CrowdStrike鈥檚 Reputation,鈥 required participants to analyze what happened when a software configuration update caused millions of Windows systems to crash. The outage was not the result of a cyberattack but rather a series of failures involving testing, change management and organizational oversight.
To address the challenge, the other members of The Futurists joined Lodi in assuming leadership roles within CrowdStrike. Chishakwe served as compliance and legal director, Isyagi as sensor engineering lead, Rogers as release manager and Matongo as information security architect. The role-playing approach required the students to think like executives responsible for preventing the failure and restoring customer trust.
The team produced a 25-slide presentation and a 15-minute video that proposed a complete redesign of CrowdStrike鈥檚 governance and change management processes. Among their recommendations was a restructured Change Advisory Board, a group responsible for reviewing and approving technology changes before they are deployed.
The students also developed a six-ring 鈥渃anary deployment鈥 framework, which would release software updates in carefully controlled stages rather than all at once. The approach would first test updates on CrowdStrike鈥檚 own systems before gradually expanding deployment to larger groups of users.
鈥淲ith the phased rollout, we would have contained the July 19 blast to a radius of less than 1% of the affected machines,鈥 said Lodi. 鈥淚nstead of deploying globally in one automated wave, we proposed a staged process with monitoring and rollback capabilities at every step.鈥
The team also created a responsibility framework that clearly identified who should be accountable for testing, risk assessment and deployment decisions. In addition, they recommended stronger contracts and service-level agreements that would require software vendors to provide advance notification of high-risk updates and accept greater accountability when failures occur.
鈥淭he CrowdStrike incident taught us one big thing: cybersecurity is not solely a technology problem,鈥 he said. 鈥淲ithout proper governance structures and leadership approvals, technology won鈥檛 deliver. Technology is only as effective as the governance behind it.鈥
The competition also challenged students to communicate complex ideas clearly and concisely, forcing participants to carefully prioritize which findings and recommendations to present. For Lodi, the experience mirrored the real-world challenges cybersecurity professionals face every day.
鈥淭he competition forced us to inhabit a real failure with real consequences and ask what exactly went wrong, who is responsible and what would you actually do about it,鈥 he said. 鈥淭hose are not academic questions. They are the questions cybersecurity professionals will face throughout their careers.鈥
Sivan Tehila, program director of the M.S. in Cybersecurity, said the team's success demonstrates the value of combining technical expertise with business and leadership skills.
鈥淭heir analysis showed a deep understanding of governance, risk management and executive decision-making,鈥 said Tehila. 鈥淏y examining the CrowdStrike outage through a leadership lens and developing practical recommendations for preventing similar incidents, they demonstrated exactly the type of strategic thinking that organizations need from today鈥檚 cybersecurity professionals.鈥
