When companies talk about cyber defense, the conversation usually starts with firewalls and endpoints. The sharper lesson is that HR now sits inside the security model itself, shaping competency, policy, and workforce governance.