In a year where 52% of U.S. businesses reported a data breach, few roles are more pivotal than that of the Chief Information Security Officer. From global enterprises to high-growth startups, CISOs influence public policy, contribute to open-source initiatives, educate future cybersecurity professionals, and share insights with the broader security community. The decisions they make impact national security, economic resilience, and the trust users place in modern technology.

In 2025, the expectations placed on CISOs continue to grow. They must keep pace with an evolving threat landscape while maintaining trust, compliance, and operational agility. They are asked to do more with less, navigate an ongoing talent shortage, and lead cross-functional teams capable of proactively defending against increasingly sophisticated attacks.

To recognize the individuals rising to meet these challenges, we’re spotlighting 50 CISOs and cybersecurity leaders making a meaningful impact. These professionals stand out not only for their career achievements, but for their influence on the broader cybersecurity community.

Individuals are listed in alphabetical order below, and selection criteria included:

• Demonstrated leadership: These individuals are generous with their knowledge and committed to helping the greater cybersecurity community.
• Forward-thinking mindset: They are not just solving today’s problems, but preparing for tomorrow’s threats.
• Level of influence: From shaping public policy to mentoring rising talent, these leaders are moving the needle across the industry.

50 influential CISOs and cybersecurity leaders defining the next era of security 

• Marene Allison is the former Chief Information Security Officer at Johnson & Johnson and a retired FBI Special Agent, with over three decades of leadership in global security and cybersecurity. She now serves as a strategic advisor to multiple organizations and is the current President of West Point Women, continuing her long-standing commitment to national defense and diversity in leadership.
• Jennifer Ayers is an accomplished cybersecurity leader currently serving as a Chief Operating Officer and as a Board Member at DevZero. With prior leadership roles at DNSFilter, CrowdStrike, FireEye, and GE, she brings deep expertise in threat detection, incident response, and security operations across both startup and enterprise environments.
• Jaya Baloo is a seasoned cybersecurity executive and current COO of a stealth startup focused on AI and cybersecurity, with prior leadership roles as Chief Security Officer at Rapid7 and CISO at Avast and KPN Telecom. With over two decades of international experience in network and VOIP security, she also serves on multiple boards and is a faculty member at Singularity University.
• Robin Bienfait is a seasoned technology executive and entrepreneur with over 30 years of experience in enterprise mobility, security, and innovation. She is the founder and CEO of Emnovate and Atlanta Tech Park, and previously held executive leadership roles at Samsung, BlackBerry, and AT&T, where she led global network and compliance operations.
• Andrew Bochman is Senior Grid Strategist at Idaho National Laboratory and a Non-Resident Senior Fellow at the Atlantic Council, where he advises on critical infrastructure security and climate resilience. A former IBM energy security leader and Air Force officer, he brings decades of experience shaping cybersecurity policy, standards, and strategy for both public and private sectors.
• David Brumley is the CEO of Mayhem and a professor at Carnegie Mellon University, where he has spent over 15 years advancing the field of offensive security and autonomous application testing. A former director of CMU's CyLab and recipient of the U.S. Presidential Early Career Award, he combines deep technical expertise with a mission to make software fundamentally more trustworthy.
• Devon Bryan is the Global Chief Security Officer at Booking Holdings and a five-time CISO with nearly 30 years of experience leading cybersecurity programs across the public and private sectors. A U.S. Air Force veteran and co-founder of Cyversity, he is widely recognized for advancing DEI in cybersecurity and driving enterprise risk management for organizations including the IRS, ADP, Federal Reserve, KPMG, MUFG Union Bank, and Carnival Corporation.
• Elvis M. Chan is the Assistant Special Agent in Charge of the FBI’s San Francisco Cyber Branch, where he leads a multidisciplinary team tackling nation-state threats and cybercrime. A former semiconductor engineer, Chan now spearheads major investigations, public-private collaboration, and incident response for some of the most high-profile cyberattacks in recent history.
• Roland Cloutier is a seasoned cybersecurity and risk management leader with over three decades of experience across both the public and private sectors. He formerly served as Global Chief Security Officer at TikTok and ADP, and now leads The Business Protection Group as a principal advisor, helping organizations protect critical infrastructure and navigate complex security and privacy challenges at the highest levels.
• Deneen DeFiore serves as Vice President and Global CISO at United Airlines, where she leads global cybersecurity strategy across one of the world’s largest airlines. With more than two decades of experience, including executive roles at GE Aviation and leadership positions across multiple national advisory councils, she’s recognized as a leading voice in aviation security and critical infrastructure protection. DeFiore also serves on the President’s National Infrastructure Advisory Council and the boards of Blackbaud and the Internet Security Alliance.
• Brandon Dixon is a security technologist and entrepreneur advancing AI-driven cybersecurity at Microsoft Research. As a former product lead for Copilot for Security and co-founder of PassiveTotal, he has launched multiple industry-defining solutions in threat intelligence and external attack surface management, including work at RiskIQ and Facebook. Blending deep technical expertise with product vision, Dixon drives innovation across security, AI, and cloud ecosystems.
• Jeff Farinich is SVP of Technology and CISO at New American Funding, where he leads enterprise IT and security strategy. With over 25 years of experience, he’s known for driving business-aligned transformation and is a frequent speaker on cloud security, privacy, and risk governance.
• Jamil Farshchi is EVP, Chief Information Security Officer & CTO at Equifax, where he led a post-breach transformation hailed as a model for corporate cybersecurity. A trusted advisor to the FBI and board member at UKG, he brings decades of experience from high-stakes roles across government and Fortune 500 companies.
• Dr. Allan Friedman leads the global push for Software Bill of Materials (SBOM) adoption at CISA, helping make software supply chains more transparent and secure. With over two decades of cybersecurity and tech policy expertise, he’s known for bridging technical and policy communities through engaging, multistakeholder efforts.
• Eva Galperin is Director of Cybersecurity at the Electronic Frontier Foundation, where she focuses on protecting vulnerable populations from digital surveillance and abuse. A renowned digital rights activist and security researcher, Galperin is a leading voice in the fight against stalkerware and state-sponsored spying.
• Camille Stewart Gloster, Esq. is a nationally recognized cybersecurity and emerging tech leader with deep experience across law, policy, and operations. Formerly the Deputy National Cyber Director at the White House, she now leads AI and resilience services at CrowdStrike and advises cross-sector organizations on responsible AI and cyber policy through her firm, CAS Strategies.
• Aanchal Gupta is a seasoned security executive and technologist currently serving as CVP of the Office Product Group at Microsoft. She has held leadership roles across Azure, M365, and Skype, and previously served as CISO at Novi (Meta). Gupta also sits on the board of the Internet Security Research Group and is widely recognized for her work advancing AI-powered security and privacy innovation.
• Travis Howerton is the co-founder and CEO of RegScale, a platform transforming legacy GRC into automated, real-time Continuous Controls Monitoring. With a career spanning national security, digital transformation, and cybersecurity innovation, he’s led major IT modernization initiatives across DOE, Bechtel, and Oak Ridge National Laboratory.
• Harri Hursti is a renowned hacker, cybersecurity researcher, and voting system expert best known for exposing vulnerabilities in election infrastructure. He co-founded the DEF CON Voting Village and has advised governments worldwide on cybersecurity and critical infrastructure. Hursti’s work has been featured in HBO’s Hacking Democracy and Kill Chain.
• Merike Kaeo is a trailblazing CISO, advisor, and author who led Cisco’s first security initiative and wrote the seminal book Designing Network Security. With decades of global cybersecurity experience, she now advises organizations on national cyber strategies, security governance, and risk management. 
• David Koh is Singapore’s Commissioner of Cybersecurity and Chief Executive of the Cyber Security Agency (CSA), where he leads the nation’s cybersecurity strategy, legislation, and operational defenses. With authority to investigate and respond to national cyber threats, he also advises key government boards including MAS, GovTech, and DSTA. 
• Bob Kolasky is a nationally recognized expert in infrastructure risk management and cybersecurity, currently serving as Senior Vice President for Critical Infrastructure at Exiger. He was the founding director of the DHS National Risk Management Center and has shaped U.S. strategy on supply chain security, risk governance, and resilience. Kolasky also advises Carnegie, CSIS, and OECD on global risk and technology policy.
• Dr. Nir Kshetri is a professor at the University of North Carolina at Greensboro whose research explores how emerging technologies like AI, blockchain, Web3, and the metaverse are transforming global economies, organizations, and societies. He is widely recognized for his academic contributions on the intersection of technology, innovation, and economic development.
• Zane Lackey is a General Partner at Andreessen Horowitz, where he invests in cybersecurity and platform engineering startups. He previously co-founded Signal Sciences and served as CISO at Etsy. A recognized industry thought leader, Lackey is the author of Building a Modern Security Program and a frequent speaker at top conferences including RSA and Black Hat.
• Dr. Andrea Little Limbago is a computational social scientist and national security expert specializing in the intersection of emerging technologies, geopolitics, and policy. As SVP of Applied AI at Interos, she leads research and development around global supply chain risk, with a focus on AI, cybersecurity, and regulatory trends. With prior roles at Virtru, Endgame, and the Department of Defense, she’s known for her cross-disciplinary leadership, thought leadership in cyber policy, and commitment to diversity in tech and security.
• Javvad Malik is a well-known security awareness advocate, video blogger, and industry commentator who currently serves as Lead Security Awareness Advocate at KnowBe4. As a co-founder of Security B-Sides London and one of the industry's most recognizable voices in security vlogging, Malik champions practical, people-centered cybersecurity education that resonates across audiences.
• Adam Marrè is the CISO and SVP at Arctic Wolf, with over 20 years of experience in cybersecurity and intelligence. A former FBI cyber agent and instructor, he previously led security operations at Qualtrics and brings a mission-driven approach to defending against modern cyber threats.
• Joanna McDaniel Burkey is a seasoned cybersecurity and technology executive who most recently served as CISO at HP Inc. and now advises global enterprises through her firm, Flat Rock Strategic Advisors. She brings decades of leadership in cyber defense, risk, and digital transformation to multiple corporate boards across industries including tech, insurance, and energy.
• Allie Mellen is a Principal Analyst at Forrester covering SecOps, nation-state threats, and AI/ML in cybersecurity tools. She advises Fortune 500 companies on detection and response strategies and regularly appears in top media outlets and conferences like RSA and Black Hat.
• Allison Miller is a veteran cybersecurity and risk executive known for her work at the intersection of fraud prevention, payments, and product strategy. She’s held leadership roles at Reddit, Google, PayPal, Visa, and Bank of America, where she built and scaled security and risk programs. As a thought leader and board advisor, Miller helps protect consumers and platforms from online threats.
• Camille Morhardt is Director of Security Initiatives and Communications at Intel, where she drives industry collaboration around supply chain transparency and platform trust. With a background in product strategy and IoT, she’s known for launching impactful initiatives and distilling complex technical topics for broad audiences. She also hosts Intel’s InTechnology podcast, interviewing security, AI, and tech experts from across the industry.
• Katie Moussouris is the founder and CEO of Luta Security, known for creating the first bug bounty programs at Microsoft and the U.S. Department of Defense. A global expert in vulnerability disclosure, she advises governments and organizations on building secure, sustainable programs and serves on key federal cybersecurity advisory boards.
• Nicole Perlroth is a cybersecurity investor, advisor, and award-winning journalist. Formerly the lead cybersecurity reporter at The New York Times, she authored the bestselling book This Is How They Tell Me the World Ends, chronicling the global cyber arms race. She now leads Silver Buckshot Ventures, serves as a Venture Partner at Ballistic Ventures, and sits on the DHS Cybersecurity Advisory Committee.
• Lisa Plaggemier is the Executive Director of the National Cybersecurity Alliance, where she leads public awareness efforts to empower people and businesses to stay safe online. She's a frequent speaker at RSA and SANS, known for her people-first approach and advocacy against hacker clichés.
• Nasrin Rezai is SVP and Global CISO at Verizon, with 25+ years leading cybersecurity and risk across Fortune 100 enterprises. She’s an expert in securing digital transformation, M&A, and critical infrastructure, with prior roles at GE, Cisco, and State Street. A national thought leader, Rezai advises government and industry through roles with the FCC, Aspen Institute, and multiple boards.
• Jack Rhysider is the creator and host of Darknet Diaries, a hit podcast sharing real stories about hackers, cybercrime, and digital misadventures. Before launching the show in 2017, he spent a decade as a network security engineer, building SOCs and securing networks for clients across government, finance, and education.
• Jimmy Sanders is President of ISSA International and a longtime leader in information security, having held key roles at Netflix DVD, Samsung, Fiserv, SAP, and Marqeta. Sanders also serves on the boards of ISLF and several college cybersecurity advisory groups, where he’s a vocal advocate for education, community, and professional growth in security.
• Runa Sandvik is the founder of Granitt, a security consultancy dedicated to protecting journalists and high-risk individuals. With past roles at The New York Times, Freedom of the Press Foundation, and The Tor Project, she is a recognized voice in press freedom and digital security. Sandvik also serves on CISA’s Technical Advisory Council and the Aspen Institute’s Global Cybersecurity Group.
• James Saunders is is Maryland’s State CISO and a seasoned cybersecurity leader with over 15 years of experience driving transformation across federal, financial, and critical infrastructure sectors. He’s led major Zero Trust, cloud, and AI security initiatives at agencies like OPM, aligning cybersecurity strategy with mission and business outcomes.
• Shailaja K. Shankar is a seasoned tech executive and current SVP, Head of Cisco Security Engineering, with a track record of leading global teams and launching first-to-market security products across consumer, SMB, and enterprise markets. She’s driven security innovation at McAfee, Intel, and Cisco, and serves on multiple boards supporting AI and cybersecurity startups.
• Jason Shockey is the CISO at Cenlar FSB and a former U.S. Marine Corps cyber operations leader, with deep expertise in GRC, cyber defense, and regulatory compliance. He’s also the founder of MyCyberPath, a platform helping veterans transition into cybersecurity careers. Shockey’s background includes leadership roles with the CNMF and NCIJTF, and extensive experience across frameworks like NIST, ISO, and NYDFS.
• Camille Singleton is a cyber threat intelligence leader with over 18 years of experience across government and private sectors, including UnitedHealth Group and IBM. She specializes in threat actor analysis, strategic reporting, and mentoring high-performing teams, with a strong foundation in Russian area studies and technical cybersecurity.
• Joe Slowik is a cyber threat intelligence and OT security expert with over 15 years of experience spanning critical infrastructure, adversary tracking, and detection engineering. He has led threat teams at organizations including Dragos, MITRE, and Huntress, and now heads cybersecurity alerting strategy at Dataminr while consulting through his firm, Paralus LLC.
• Lena Smart is a veteran cybersecurity executive with over 25 years of experience leading security programs across tech, finance, fintech, and utilities. She currently serves as Head of Trust at SecurityPal and previously held CISO roles at MongoDB, Tradeweb, and the New York Power Authority.
• Tina Thorstenson is a seasoned technology executive with over 25 years of experience spanning cybersecurity, IT infrastructure, and enterprise applications in higher education, government, and industry. As VP at CrowdStrike and former Deputy CIO and CISO at Arizona State University, she’s known for aligning security strategies with business goals and building trusted partnerships to drive innovation.
• Rachel Tobac is the CEO of SocialProof Security and a leading ethical hacker known for her engaging live social engineering demos and security awareness training. A frequent media contributor and former CISA Technical Advisory Council member, she helps organizations and individuals understand and defend against real-world cyber threats. Tobac also serves as Chair of the Board for Women in Security and Privacy, advocating for greater inclusion in the field.
• Deborah Wheeler is a cybersecurity executive with over 25 years of experience leading global information security programs in the financial and aviation sectors. As CISO at Delta Air Lines and former CISO at Freddie Mac, Ally, and Fifth Third Bank, she specializes in security strategy, privacy, regulatory compliance, and IT risk management. She also serves as an independent board member, bringing governance and cyber oversight expertise to the energy and infrastructure sectors.
• Tarah M. Wheeler is a cybersecurity leader, entrepreneur, and international policy expert. She is the CEO of Red Queen Dynamics, a Fellow at the Council on Foreign Relations, and a trusted advisor on cyber norms, compliance, offensive security, and AI governance. With a background spanning startup leadership and senior roles at Splunk and Symantec, Wheeler helps organizations secure infrastructure and shape the future of cybersecurity.
• Jessica Wilkerson is a licensed attorney and federal cyber policy expert specializing in healthcare and medical device cybersecurity. With over a decade of experience at the FDA, White House ONCD, and U.S. Congress, she has led regulatory initiatives and incident response efforts impacting patient safety and national infrastructure.
• Kayla Williams is an award-winning CISO with experience leading cybersecurity, privacy, and risk programs across SaaS, cloud, and financial services. She builds business-aligned security strategies that support growth and ensure compliance. Currently Field CISO at Cyera, Williams also advises startups and contributes to cybersecurity leadership communities.

Shaping the future of cybersecurity

As the threat landscape grows more complex, the future of cybersecurity will be defined by those who lead with vision, embrace innovation, and act with urgency. This year’s list of top CISOs and cybersecurity leaders reflects that shift by championing modern approaches like automation, continuous monitoring, and AI-driven defense to stay ahead of emerging threats.

These leaders aren’t just responding to today’s challenges. They’re building the frameworks, technologies, and teams that will define how companies, consumers, and countries are protected in the years to come.