Heather Costa, MPS, CBCP, CCRP
Founder & CEO at Ashmark Strategies
Information Technology and Services
Education: University of Akron - Penn State University
Akron, OH, USA
Biography
Heather M. Costa, MPS, CBCP, CCRP, is a nationally recognized expert in cyber, technology, and operational resilience, with more than 20 years of experience helping organizations navigate disruption and prepare for the future. She founded Ashmark Strategies to partner with critical sector organizations, designing strategies that protect operations, meet regulatory demands, and build confidence in the face of evolving risks.
Heather began her career in business resilience at PNC Bank, developing risk management and continuity strategies within the financial sector. She later led enterprise resilience programs at Cleveland Clinic and Mayo Clinic, pioneering integrated approaches across business continuity, cyber resilience, and crisis management.
Widely regarded as a thought leader, Heather shares her expertise through conferences, executive forums, and media—including HIMSS, HIPAA Summit, Rubrik Forward, and Harvard's LeaderReadyCast. She currently serves as Vice President of the WiCyS Healthcare Affiliate and mentors the next generation of cybersecurity and resilience professionals.
Passion
I am passionate about transforming how organizations think about resilience - moving beyond reactive disaster recovery to proactive, integrated strategies that turn risk into competitive advantage. I believe that true organizational resilience starts with authentic leadership and psychologically safe cultures where people can adapt, innovate, and thrive under pressure. My mission is helping critical infrastructure organizations build the same antifragile capabilities that nature's most resilient creatures possess - the ability to not just survive disruption, but emerge stronger from it.
Best Story
"Mom, did you know that the tardigrade - also called the water bear or moss piglet - is the most resilient animal in the world?" My 3-year-old's eyes lit up as he shared his latest discovery. "They can survive lava, ice, and even outer space!"
Intrigued, I researched these microscopic creatures and was amazed. Tardigrades possess an extraordinary ability to adapt at the cellular level, surviving environments that would destroy virtually any other life form. They've endured all five mass extinctions, thriving for over 600 million years regardless of what catastrophe struck Earth.
My son was absolutely right - this was the ultimate example of resilience. But here's what struck me as a resilience strategist: Tardigrades don't just survive by being tough. They survive by being adaptable. When conditions become impossible, they essentially shut down non-essential functions and enter a state called cryptobiosis, a form of suspended animation that allows them to weather any storm.
That's when I realized we've been building organizational resilience all wrong. Most organizations prepare to be turtles, withdrawing into shells when crisis hits. But what if we could help them become tardigrades - adaptive, anticipatory, and antifragile? This insight became the foundation for transforming enterprise resilience at Cleveland Clinic and Mayo Clinic - two of the nation's top healthcare systems - and now guides everything we do at Ashmark Strategies.
Origin Story
In August 2016, as a solo parent with one kid in college, one in high school, and two in diapers - plus a full-time job and a business on the side - I made what seemed like an impossible decision: return to school full-time to finish a bachelor's degree I'd started 25 years earlier.
On Mother's Day 2018, I crossed the commencement stage, graduating summa cum laude with a 4.0 GPA, while my children cheered me on. One week later, a recruiter from Cleveland Clinic called about a cybersecurity position with their Business Continuity team. Four years later, that path led me to Mayo Clinic as Director of Technology Resilience.
But here's what I discovered: the same resilience principles that got me through juggling family, work, school, and business became the foundation for transforming enterprise resilience at two of the nation's top healthcare systems. The lessons learned from surviving my own impossible circumstances - adaptability, persistence, and the ability to thrive under pressure - became the blueprint for helping organizations build that same antifragile capability.
That's why I founded Ashmark Strategies. Personal resilience and organizational resilience aren't separate concepts - they're deeply connected. And the insights gained from both sides of that equation are what drive everything we do to help critical infrastructure organizations transform risk into strategic advantage.
Example talks
Turtle to Tardigrade...A Future Towards Resilience
What can the world's most resilient creature teach us about organizational survival? Tardigrades have survived all five mass extinctions, thriving in environments from Antarctica to outer space. Meanwhile, most organizations still operate like turtles - slow to adapt and hiding in shells when disruption strikes.
Drawing from breakthrough work transforming resilience at Mayo Clinic and Cleveland Clinic, Heather reveals how to evolve from reactive "turtle" thinking to proactive "tardigrade" resilience. Discover the integrated frameworks that helped enterprise organizations shift from disaster recovery to strategic resilience, creating competitive advantage from crisis preparedness.
Audiences will learn to anticipate disruption rather than just react, build adaptive capacity at cellular organizational levels, and transform risk into strategic advantage. This isn't about returning to normal - it's about building something fundamentally better
Business Resilience IS Cybersecurity
Stop thinking of cybersecurity as an IT problem - it's your most critical business strategy. While organizations invest millions in prevention, 93% still experience breaches. The real competitive advantage isn't stopping every attack; it's building the organizational resilience to thrive despite them.
Drawing from enterprise transformations at Mayo Clinic and Cleveland Clinic, discover how to reframe cybersecurity from a cost center to a strategic enabler. Learn why business resilience and cybersecurity are inseparable, how to build integrated response capabilities that maintain operations during crisis, and why the organizations that emerge stronger from incidents are those that planned for resilience, not just recovery.
Audiences will walk away with frameworks to align cyber investments with business outcomes, build organizational confidence in crisis response, and transform cybersecurity from a compliance checkbox into a competitive advantage.
Belonging and Becoming: Building Resilient Teams Through Authentic Leadership
In crisis, technical systems don't fail - people do. The most resilient organizations aren't those with the best technology, but those where people feel safe to be authentic, make mistakes, and support each other under pressure.
From leading enterprise resilience transformations to returning to school as a solo parent with four children, Heather shares the personal journey that shaped breakthrough approaches to building psychologically safe, high-performing teams. Discover why authentic vulnerability creates stronger crisis response, how self-awareness becomes a leadership superpower during disruption, and why the most resilient cultures are built on belonging, not just procedures.
Leaders will learn practical frameworks for creating psychological safety in high-stakes environments, building trust that withstands crisis pressure, and developing authentic leadership presence that inspires confidence when everything is uncertain. This isn't just personal development - it's organizational resilience strategy.
The Future of Cyber Resilience: Beyond Recovery to Strategic Advantage
Traditional disaster recovery is dead. Organizations need integrated resilience strategies that anticipate, withstand, and adapt to disruption. Explore sector-specific frameworks that align people, process, and technology while meeting regulatory demands and building competitive advantage through superior crisis preparedness.
From Recovery to Resilience: Post-Incident Excellence in the Age of AI
Most organizations stop at incident response - we go beyond. Explore the untapped opportunity of post-incident recovery coaching that transforms organizational trauma into strategic advantage. Learn AI-augmented frameworks that turn cyber incidents into catalysts for building stronger, more resilient organizational cultures and capabilities.
Cognitive Training for Crisis Leadership: Building Mental Resilience Under Pressure
When crisis strikes, technical systems are only as strong as the humans operating them. Discover breakthrough cognitive training methods that prepare leaders and teams for high-stakes decision-making. Learn to overcome cognitive biases, improve decision quality under pressure, and build the psychological resilience necessary for effective crisis leadership.
Zombies, Meteors, and Tardigrades: Leading Resilience in the Age of AI
A captivating exploration of what the world's most resilient creatures teach us about organizational survival. From surviving mass extinctions to thriving in outer space, nature's lessons combined with AI-enhanced strategies provide a blueprint for building unstoppable organizational resilience. This engaging presentation transforms complex concepts into actionable leadership strategies.
Featured Video
I am willing to travel
More than 100 miles
When it comes to payments
I always get paid for speaking
Topics
Best Story
"Mom, did you know that the tardigrade - also called the water bear or moss piglet - is the most resilient animal in the world?" My 3-year-old's eyes lit up as he shared his latest discovery. "They can survive lava, ice, and even outer space!"
Intrigued, I researched these microscopic creatures and was amazed. Tardigrades possess an extraordinary ability to adapt at the cellular level, surviving environments that would destroy virtually any other life form. They've endured all five mass extinctions, thriving for over 600 million years regardless of what catastrophe struck Earth.
My son was absolutely right - this was the ultimate example of resilience. But here's what struck me as a resilience strategist: Tardigrades don't just survive by being tough. They survive by being adaptable. When conditions become impossible, they essentially shut down non-essential functions and enter a state called cryptobiosis, a form of suspended animation that allows them to weather any storm.
That's when I realized we've been building organizational resilience all wrong. Most organizations prepare to be turtles, withdrawing into shells when crisis hits. But what if we could help them become tardigrades - adaptive, anticipatory, and antifragile? This insight became the foundation for transforming enterprise resilience at Cleveland Clinic and Mayo Clinic - two of the nation's top healthcare systems - and now guides everything we do at Ashmark Strategies.
Origin Story
In August 2016, as a solo parent with one kid in college, one in high school, and two in diapers - plus a full-time job and a business on the side - I made what seemed like an impossible decision: return to school full-time to finish a bachelor's degree I'd started 25 years earlier.
On Mother's Day 2018, I crossed the commencement stage, graduating summa cum laude with a 4.0 GPA, while my children cheered me on. One week later, a recruiter from Cleveland Clinic called about a cybersecurity position with their Business Continuity team. Four years later, that path led me to Mayo Clinic as Director of Technology Resilience.
But here's what I discovered: the same resilience principles that got me through juggling family, work, school, and business became the foundation for transforming enterprise resilience at two of the nation's top healthcare systems. The lessons learned from surviving my own impossible circumstances - adaptability, persistence, and the ability to thrive under pressure - became the blueprint for helping organizations build that same antifragile capability.
That's why I founded Ashmark Strategies. Personal resilience and organizational resilience aren't separate concepts - they're deeply connected. And the insights gained from both sides of that equation are what drive everything we do to help critical infrastructure organizations transform risk into strategic advantage.
Example talks
Turtle to Tardigrade...A Future Towards Resilience
What can the world's most resilient creature teach us about organizational survival? Tardigrades have survived all five mass extinctions, thriving in environments from Antarctica to outer space. Meanwhile, most organizations still operate like turtles - slow to adapt and hiding in shells when disruption strikes.
Drawing from breakthrough work transforming resilience at Mayo Clinic and Cleveland Clinic, Heather reveals how to evolve from reactive "turtle" thinking to proactive "tardigrade" resilience. Discover the integrated frameworks that helped enterprise organizations shift from disaster recovery to strategic resilience, creating competitive advantage from crisis preparedness.
Audiences will learn to anticipate disruption rather than just react, build adaptive capacity at cellular organizational levels, and transform risk into strategic advantage. This isn't about returning to normal - it's about building something fundamentally better
Business Resilience IS Cybersecurity
Stop thinking of cybersecurity as an IT problem - it's your most critical business strategy. While organizations invest millions in prevention, 93% still experience breaches. The real competitive advantage isn't stopping every attack; it's building the organizational resilience to thrive despite them.
Drawing from enterprise transformations at Mayo Clinic and Cleveland Clinic, discover how to reframe cybersecurity from a cost center to a strategic enabler. Learn why business resilience and cybersecurity are inseparable, how to build integrated response capabilities that maintain operations during crisis, and why the organizations that emerge stronger from incidents are those that planned for resilience, not just recovery.
Audiences will walk away with frameworks to align cyber investments with business outcomes, build organizational confidence in crisis response, and transform cybersecurity from a compliance checkbox into a competitive advantage.
Belonging and Becoming: Building Resilient Teams Through Authentic Leadership
In crisis, technical systems don't fail - people do. The most resilient organizations aren't those with the best technology, but those where people feel safe to be authentic, make mistakes, and support each other under pressure.
From leading enterprise resilience transformations to returning to school as a solo parent with four children, Heather shares the personal journey that shaped breakthrough approaches to building psychologically safe, high-performing teams. Discover why authentic vulnerability creates stronger crisis response, how self-awareness becomes a leadership superpower during disruption, and why the most resilient cultures are built on belonging, not just procedures.
Leaders will learn practical frameworks for creating psychological safety in high-stakes environments, building trust that withstands crisis pressure, and developing authentic leadership presence that inspires confidence when everything is uncertain. This isn't just personal development - it's organizational resilience strategy.
The Future of Cyber Resilience: Beyond Recovery to Strategic Advantage
Traditional disaster recovery is dead. Organizations need integrated resilience strategies that anticipate, withstand, and adapt to disruption. Explore sector-specific frameworks that align people, process, and technology while meeting regulatory demands and building competitive advantage through superior crisis preparedness.
From Recovery to Resilience: Post-Incident Excellence in the Age of AI
Most organizations stop at incident response - we go beyond. Explore the untapped opportunity of post-incident recovery coaching that transforms organizational trauma into strategic advantage. Learn AI-augmented frameworks that turn cyber incidents into catalysts for building stronger, more resilient organizational cultures and capabilities.
Cognitive Training for Crisis Leadership: Building Mental Resilience Under Pressure
When crisis strikes, technical systems are only as strong as the humans operating them. Discover breakthrough cognitive training methods that prepare leaders and teams for high-stakes decision-making. Learn to overcome cognitive biases, improve decision quality under pressure, and build the psychological resilience necessary for effective crisis leadership.
Zombies, Meteors, and Tardigrades: Leading Resilience in the Age of AI
A captivating exploration of what the world's most resilient creatures teach us about organizational survival. From surviving mass extinctions to thriving in outer space, nature's lessons combined with AI-enhanced strategies provide a blueprint for building unstoppable organizational resilience. This engaging presentation transforms complex concepts into actionable leadership strategies.