Governance leadership shaped by federal service, enterprise risk, and the discipline of consequential decisions.
The lens that informs the work.
Donald Daglo is a governance-minded executive whose leadership perspective is shaped by U.S. Air Force service, federal data and security leadership, and the founding of Lumeva LLC, an advisory and government contracting firm operating at the intersection of enterprise risk, governance architecture, and cybersecurity.
Military service shaped how I think about risk appetite, command judgment, and the discipline of operating with incomplete information. Federal leadership added the depth of stewarding mission-critical data and security in high-consequence environments. That perspective informs how I work with boards and executives on enterprise risk, governance structures, and the question that defines every executive conversation: where is the organization placing trust, and is that trust still warranted?
What I bring to boards and senior leadership is the combination of practitioner depth and governance judgment. The technical understanding of how enterprises actually fail, paired with the executive perspective on how governance must be designed to hold under stress. That combination is rare, and it is the foundation of every advisory conversation I take on.
Governance is not paperwork.
Governance is the discipline of seeing reality clearly, making decisions under pressure, and deciding where an organization is willing to place Trust.
This is not a metaphor. It is the actual work of governance at the board level and the executive level in environments where compliance frameworks were designed for a slower, more predictable world. The organizations that survive contested terrain are the ones that understand governance, risk, and leadership as a single operating system rather than three separate functions.
One operating system.
Most boards treat governance, risk, and leadership as separate functions. They are not. They form a unified operating system in which every decision about trust cascades throughout the enterprise.
When a board approves a vendor relationship, that decision is simultaneously a governance act, a risk act, and a leadership act. Treating these as separate workstreams creates seams where exposure accumulates. The work is to design the organization so the three move together.
Why are we implicitly trusting something we have not verified?
This question shifts boardroom focus from compliance to proactive risk verification. It engages leaders to identify vulnerabilities and ensure trust is grounded only in proven reality, not inherited assumptions. The strongest boards make this question a standing item on the agenda rather than an exception triggered by incidents.
Risk no longer moves linearly.
Cyber incidents become supply chain disruptions become regulatory disclosures become market confidence crises in the same week. In contested environments, geography, logistics, data, cyber, and adversary intent are all part of the same battlespace.
Boards that still process risk as a quarterly review cycle are operating on a clock that no longer matches the speed of events. The work is to build governance machinery that can see, decide, and act inside the timeframe of the actual environment.
Trust is not a control. Verification is.
Compliance frameworks ask whether the right policies exist. Governance asks whether the policies actually hold under pressure. Those are different questions and they produce different organizations.
The enterprises that survive contested terrain are not the ones with the most comprehensive policy library. They are the ones whose leaders have built the discipline to verify rather than assume, to see rather than report, and to act inside the timing of the environment rather than the timing of the calendar.
Enterprise risk as contested terrain.
Traditional governance is backward-looking. Boards receive sanitized reports after risk has already matured, see compliance dashboards and red-yellow-green charts, but often miss the actual terrain the organization is operating in.
I think about risk the way a geospatial intelligence analyst thinks about contested terrain. You must understand the movement, timing, life pattern, dependencies, chokepoints, and the adversary's likely path.
In enterprise terms, that means understanding how data flows, where access is overextended, where third-party exposure exists, where geopolitical instability affects the mission, and where a single failure could cascade across the organization.
The board should know.
Four questions that should be standing items on the governance agenda, not exceptions triggered by incidents.
What assets matter most
Not every asset is equally valuable to the mission. Real governance requires clarity about which assets carry the most weight and where the loss of any one would create a disproportionate impact.
Who can reach them
Access maps reveal trust assumptions. The organizations that have mapped their actual access patterns rather than their policy intentions are the ones prepared for contested operations.
Under what conditions
Access that is acceptable under normal operations may be unacceptable under stress. The governance work is to design access that holds under the actual conditions the organization will face.
What happens if assumptions fail
Every governance structure rests on assumptions. The question is whether the board has explicitly identified those assumptions and stress-tested what happens when each one fails.
Beyond the cybersecurity framework.
Zero Trust is not just a cybersecurity framework; it is a governance philosophy that applies verification and trust principles across all enterprise functions, including board decisions and risk management.
The cybersecurity industry has adopted Zero Trust as a technical architecture. That work matters. But the deeper opportunity is to apply the same discipline at the board level, where decisions about partnerships, vendors, geographies, and strategic exposure benefit from the same rigor of never assume, always verify.
Built for board-level judgment.
The frameworks below reflect a disciplined approach to helping leaders make decisions under complexity, uncertainty, and operational pressure. Each one shapes how I approach governance, risk, and the work of strategic counsel.
COSO Enterprise Risk Management
Enterprise risk discipline grounded in strategy, performance, governance, and organizational resilience.
National Association of Corporate Directors
Director credentials through the National Association of Corporate Directors.
Columbia University & University of Miami
Graduate and executive education spanning enterprise risk management, strategy, leadership, and enterprise-level decision-making.
Forrester Zero Trust Strategist
Zero Trust strategy applied beyond technical architecture to governance, data, vendors, access, and enterprise risk.
Fellow of Information Privacy
Privacy and information governance expertise supporting responsible data use, regulatory awareness, and trust-based leadership.
Together, these frameworks support a governance perspective built for boards, executives, and organizations navigating enterprise risk, cyber resilience, data governance, regulatory complexity, and strategic uncertainty across both public and private-sector environments.