By Dave DeFusco

Five students in the Katz School of Science and Health’s M.S. in Cybersecurity earned third place and scholarship prizes at the ISACA New York Metropolitan Chapter 2026 Cybersecurity Case Study Competition by tackling one of the most disruptive technology failures in recent history.

Competing under the team name “The Futurists,” Daniel Lodi, Joanna Chishakwe, Abraham Isyagi, Wetaka Rogers and Chabota Matongo were challenged to analyze the CrowdStrike global outage of July 19, 2024. The incident affected approximately 8.5 million Windows computers worldwide, disrupting airlines, hospitals, banks and other critical services while causing an estimated $5.4 billion in losses among Fortune 500 companies.

Rather than examining the event solely as a technical malfunction, the team focused on the leadership, decision-making and oversight failures that allowed a small software update to trigger a worldwide crisis.

“The recommendations changed our conclusions because we were looking at things from the governance perspective,” said Lodi, who served as team lead and assumed the role of CrowdStrike’s director of technical support. “In every organization, leadership and governance define how security supports business operations and objectives. If leadership does not support the cybersecurity initiatives presented by the technical team, any initiative will not work.”

The competition case study, “Vendor Woes: How a Perfect Storm Marred CrowdStrike’s Reputation,” required participants to analyze what happened when a software configuration update caused millions of Windows systems to crash. The outage was not the result of a cyberattack but rather a series of failures involving testing, change management and organizational oversight.

To address the challenge, the other members of The Futurists joined Lodi in assuming leadership roles within CrowdStrike. Chishakwe served as compliance and legal director, Isyagi as sensor engineering lead, Rogers as release manager and Matongo as information security architect. The role-playing approach required the students to think like executives responsible for preventing the failure and restoring customer trust.

The team produced a 25-slide presentation and a 15-minute video that proposed a complete redesign of CrowdStrike’s governance and change management processes. Among their recommendations was a restructured Change Advisory Board, a group responsible for reviewing and approving technology changes before they are deployed.

The students also developed a six-ring “canary deployment” framework, which would release software updates in carefully controlled stages rather than all at once. The approach would first test updates on CrowdStrike’s own systems before gradually expanding deployment to larger groups of users.

“With the phased rollout, we would have contained the July 19 blast to a radius of less than 1% of the affected machines,” said Lodi. “Instead of deploying globally in one automated wave, we proposed a staged process with monitoring and rollback capabilities at every step.”

The team also created a responsibility framework that clearly identified who should be accountable for testing, risk assessment and deployment decisions. In addition, they recommended stronger contracts and service-level agreements that would require software vendors to provide advance notification of high-risk updates and accept greater accountability when failures occur. 

“The CrowdStrike incident taught us one big thing: cybersecurity is not solely a technology problem,” he said. “Without proper governance structures and leadership approvals, technology won’t deliver. Technology is only as effective as the governance behind it.”

The competition also challenged students to communicate complex ideas clearly and concisely, forcing participants to carefully prioritize which findings and recommendations to present. For Lodi, the experience mirrored the real-world challenges cybersecurity professionals face every day.

“The competition forced us to inhabit a real failure with real consequences and ask what exactly went wrong, who is responsible and what would you actually do about it,” he said. “Those are not academic questions. They are the questions cybersecurity professionals will face throughout their careers.”

Sivan Tehila, program director of the M.S. in Cybersecurity, said the team's success demonstrates the value of combining technical expertise with business and leadership skills.

“Their analysis showed a deep understanding of governance, risk management and executive decision-making,” said Tehila. “By examining the CrowdStrike outage through a leadership lens and developing practical recommendations for preventing similar incidents, they demonstrated exactly the type of strategic thinking that organizations need from today’s cybersecurity professionals.”