Quick Take
- Narration: Walter Dixon brings steady authority to Lewis’s first-person account, handling the technical sequences and the emotional weight of the crisis with equal control, a strong narrator-material match.
- Themes: Ransomware response in real time, crisis leadership under pressure, organizational resilience
- Mood: Tense and candid, a first-person crisis narrative that doesn’t paper over the panic
- Verdict: One of the most honest accounts of what a ransomware incident actually feels like from inside an IT organization, valuable for cybersecurity professionals at every seniority level.
I started Locked Up on a Thursday evening expecting to listen for thirty minutes and assess it. I finished it Saturday morning. That’s not a recommendation I make lightly for cybersecurity nonfiction, a category where even technically excellent books often test the limits of audio engagement. Zachary Lewis has written something different: a memoir-length account of what it actually felt like to be the CISO at Saint Louis University’s Health Sciences and Pharmacy division when LockBit came through the network, and the experience of that telling is distinct from anything in the standard security literature.
LockBit is not a minor threat actor. It has been described by the FBI and Europol as one of the most prolific ransomware groups in history, responsible for attacks on hospitals, schools, and major corporations across multiple continents. When Lewis writes about negotiating with them, directly, with operational stakes, the stakes are not abstract. He was deciding whether to pay a ransom that would fund further attacks, with patient data, research infrastructure, and institutional continuity all in the balance.
The Negotiations Nobody Talks About
The most distinctive section of Locked Up is Lewis’s account of the negotiation process itself. Ransomware response literature tends to treat negotiation as a tactical checkbox, engage a professional negotiator, drag out the timeline to buy recovery time, evaluate the decryption key quality before finalizing payment. Lewis goes further, describing the actual texture of communicating with LockBit: the tone of their messages, the way they adjusted demands, the specific pressures they applied when they sensed hesitation. His phrase “darkly funny” in the synopsis is accurate, there are moments where the absurdity of the situation is the only appropriate register, and Lewis doesn’t pretend otherwise.
Crisis Management That Survives the Chaos
Where Locked Up earns its technical credibility is in the operational detail. Lewis walks through the specific decisions made under acute time pressure, which systems to isolate first, how to communicate with leadership who needed situational awareness without technical fluency, the challenge of maintaining human normalcy inside a team that was working thirty-six-hour shifts. Reviewer ALB describes it as “living through a ransomware event without having to be there and deal with the stress in person,” and that’s precisely what Lewis achieves. The decisions feel real because they were made under conditions of incomplete information, organizational panic, and sleep deprivation, not in the clean environment of a tabletop exercise.
Reviewer Arthur J. Hedge III notes that it must have taken courage for Lewis to write this, and that’s right. First-person accounts of institutional security failures require the author to document their own real-time errors of judgment, the moments where they didn’t know what to do next, and the places where luck rather than preparation saved critical data. Lewis doesn’t sanitize any of that. The CISSP-and-CISO set tends toward prescriptive authority in print; this is a memoir of fallibility alongside competence, which is rarer and more valuable.
Walter Dixon and the Narrative Pacing
Dixon’s narration handles both registers, the technical sequences describing network architecture and recovery tooling, and the human sequences describing Lewis’s personal experience of the crisis, with the same careful steadiness. He doesn’t oversell the tension when Lewis is describing system isolation procedures, which means the emotional peaks, when they come, land with appropriate weight. At eight hours and forty-two minutes, this is a complete but not padded listen. The tonal management over that runtime reflects well on both Lewis’s writing and Dixon’s interpretation of it.
Who should listen: IT professionals, cybersecurity leaders, and business continuity planners who want to understand what a major ransomware event actually feels like from inside, not what a compliance framework says it should look like. Who should skip: Readers looking for a technical manual or implementation checklist for ransomware prevention, this is incident narrative, not a prevention guide, though it offers genuine operational lessons along the way.
Frequently Asked Questions
Is Locked Up appropriate for non-technical readers, or is it too specialized?
Lewis writes for a mixed audience explicitly. The technical content, network isolation, recovery tooling, negotiation mechanics, is explained with enough context that non-technical readers can follow the operational logic. Business leaders, legal counsel, and board members responsible for crisis governance will find it as valuable as technical practitioners. Lewis specifically notes in the synopsis that the book serves business decision-makers alongside IT professionals.
Does the book describe the actual LockBit negotiation process in detail?
Yes. Lewis walks through the negotiation sequence with more candor than most published accounts, including the texture of communications with the ransomware group, the timing and pressure tactics they used, and the decision-making process around payment evaluation. This is among the most detailed first-person negotiation accounts in the ransomware literature.
Is Locked Up relevant for organizations outside higher education?
The incident occurred at a university, but Lewis explicitly addresses the relevance for healthcare, government, and nonprofit organizations throughout. The structural vulnerabilities he describes, legacy system dependencies, limited recovery time objectives, underfunded backup infrastructure, appear across sectors. The crisis management lessons translate regardless of industry vertical.
How does Locked Up compare to other cybersecurity incident narratives like Sandworm or The Cuckoo’s Egg?
Sandworm and The Cuckoo’s Egg are journalistic investigations of external actors and their methods. Locked Up is a first-person operational memoir of being the target. They’re complementary rather than competing: read Sandworm to understand the threat landscape, read Locked Up to understand what response actually looks like from inside the organization under attack.
