In 2026, the expectations placed on cybersecurity leaders continue to grow. They must move at the speed of a threat landscape transformed by AI while maintaining trust, compliance, and operational continuity across increasingly complex environments. They are asked to do more with less, lead through persistent talent shortages, and communicate risk in terms that resonate with executives, investors, and regulators alike.

To recognize the individuals rising to meet these challenges, we're spotlighting 50 CISOs and cybersecurity leaders making a meaningful impact. These professionals stand out not only for their career achievements, but for their influence on the broader cybersecurity community. Selection criteria included:

• Demonstrated leadership: These individuals are generous with their knowledge and committed to helping the greater cybersecurity community.
• Forward-thinking mindset: They are not just solving today's problems, but preparing for tomorrow's threats.
• Level of influence: From shaping public policy to mentoring rising talent, these leaders are moving the needle across the industry.

50 CISOs and cybersecurity leaders to know and follow

• Jameeka Green Aaron, CISSP is CISO at Headspace and a 25-year cybersecurity veteran with experience spanning aerospace and defense, retail, manufacturing, and tech at companies including Nike, Okta, Hurley, and Lockheed Martin. A nine-year U.S. Navy veteran and alumna of the U.S. State Department's TechWomen program, she is committed to advancing women and people of color in STEM and is known for her candid advocacy for inclusive, collaborative cybersecurity leadership.
• Feross Aboukhadijeh is the founder and CEO of Socket, a supply chain security platform focused on detecting malicious open-source packages before they reach production. A well-known open-source security researcher with a large following in the developer community, he has spent his career making security more accessible to developers without compromising velocity.
• Temi Adebambo is GM Security and CISO, XBOX for Microsoft, where he is responsible for protecting more than 500 million monthly active players across franchises including Call of Duty, Halo, Candy Crush, Minecraft, and Fallout. Named the 2025 CISO of the Year by the Millennium Alliance and a two-time winner of the CISO Connect Top 100 Accelerated CISOs Award.
• Heather Adkins is Vice President of Security Engineering at Google and co-author of Building Secure and Reliable Systems, the definitive Google guide to security engineering. One of the longest-serving senior security leaders in Big Tech, she has spent over two decades building and leading Google's security organization and is a frequent speaker on secure-by-design principles.
• Sarah Armstrong-Smith is the former Chief Security Advisor for Microsoft EMEA and was appointed to the UK Government Cyber Advisory Board in 2025. As a top keynote speaker and the bestselling author of Effective Crisis Management and Understand the Cyber Attacker Mindset, she is one of the most experienced and credible cybersecurity voices today.
• Mick Baccio is a Threat Intelligence Advisor at Cisco Talos, with a career spanning offensive operations, national-level incident response, and senior U.S. government service. He served as Chief of the Threat Intelligence Branch at the White House under both the Obama and Trump administrations and became the first CISO in U.S. presidential campaign history when he joined Pete Buttigieg's 2020 campaign.
• Richard Bird is Chief Strategy Officer and Chief Security Officer at Singulr AI, with a career spanning executive security and technology leadership roles at JPMorgan Chase, Huntington National Bank, Ping Identity, and Traceable AI. A prolific writer, conference speaker, podcast host, and author of Famous With 12 People, he is a recognized voice on AI security, API security, and identity.
• Aarti Borkar is Corporate Vice President of Customer Success and Incident Response at Microsoft Security, where she leads a 1,000-person global team and holds WW revenue responsibility for Microsoft's security business. With 20+ years in engineering and product leadership at IBM spanning cybersecurity, AI, and cloud integration, she is also executive sponsor for Microsoft's Women in Cybersecurity employee resource group and a prominent voice on AI-driven security operations.
• Lesley Carhart is a Principal Industrial Incident Responder at Dragos and a SANS ICS515 instructor, with nearly a decade leading digital forensics and incident response in critical infrastructure environments including manufacturing, energy, and oil and gas. A retired U.S. Air Force Reserve veteran, DEF CON Hacker of the Year, and SANS Difference Maker Lifetime Achievement Award recipient, she is a well respected and recognized practitioner in ICS and OT security.
• Cindi Carter, ACHE is the Global CISO at Check Point Software Technologies, with deep expertise building security programs in highly regulated industries including healthcare, financial services, and insurance. The founding President of Women in Security – Kansas City, a 501(c)(3) nonprofit, and a board member of the National Technology Security Coalition, she has been recognized by SC Media as a "Woman to Watch in Cyber Security" and featured in Women Know Cyber: 100 Fascinating Females Fighting Cybercrime.
• Michael Coates is General Partner at Seven Hill Ventures, a cybersecurity-focused venture capital firm, and brings more than two decades of experience as a three-time CISO at Twitter, Mozilla, and CoinList. He served as Chairman of OWASP's global board of directors and is an active early-stage investor backing the next generation of cybersecurity companies.
• Joshua Copeland is Director of Cybersecurity at Crescendo, an adjunct professor at Tulane University, bestselling author, and Deputy Commander of the Louisiana State Guard Cyber Reserve. The voice behind #UnpopularOpinionGuy, he challenges cybersecurity myths and compliance theater with a frank, practitioner-first perspective that has earned him a following of nearly 40,000 on LinkedIn.
• Kirsten Davies was confirmed by the U.S. Senate in December 2025 as Chief Information Officer of the Department of War, making her the Pentagon's principal technology and cybersecurity advisor. She previously served as CISO at Unilever and Estée Lauder and is the founder of the Institute for Cyber, a nonprofit focused on digital safety.
• Noopur Davis is Corporate EVP, Global CISO and Chief Product Privacy Officer at Comcast, leading cybersecurity and privacy across all products and services delivered to residential and business customers of Comcast and Sky. Previously Vice President of Global Quality at Intel Corporation and a Visiting Scientist at Carnegie Mellon's Software Engineering Institute, she also serves on the boards of Regions Bank and Entrust and is a Presidential appointee to the National Security Telecommunications Advisory Council.
• Sherrod DeGrippo is Partner and General Manager of Global Threat Intelligence at Microsoft, where she bridges elite research teams with enterprise customers, executives, and frontline defenders to drive real-world security outcomes. Previously Vice President of Threat Research and Detection at Proofpoint, she hosts the Microsoft Threat Intelligence Podcast and is one of the most quoted practitioners in the world on ransomware, cybercrime ecosystems, and threat actor tracking.
• Laurance Dine is a Senior Resilience Lead on Microsoft's Detection and Response Team (DART), with over 20 years of global experience in digital forensics, incident response, and cyber crisis management across IBM X-Force, Verizon, FTI Consulting, and Kroll. A U.S. Air Force veteran and expert witness in multiple jurisdictions, he focuses on helping organizations build measurable cyber resilience before and after major incidents.
• Keren Elazari is a security analyst, Senior Researcher at Tel Aviv University's Blavatnik Interdisciplinary Cyber Research Center, and co-founder of both BSidesTLV and Leading Cyber Ladies, a global network for women in cybersecurity with chapters across three continents. Her TED Talk on hackers as the immune system of the internet has been viewed millions of times and translated into 30 languages, making her one of the most widely reached cybersecurity voices in the world..
• Ron Fabela is an ICS and OT security veteran with over 25 years of experience working onsite at power generation facilities, offshore oil platforms, refineries, and other critical infrastructure environments. Co-founder and former CTO of SynSaber and a former Director of Field Operations at Dragos, he is currently at ABS Group and remains one of the most hands-on and credible voices in industrial cybersecurity. A U.S. Air Force veteran, he is known for translating the unique cultural and technical challenges of OT security into practical guidance for defenders.
• Trina Ford is SVP and CISO at iHeartMedia, with over 20 years of experience designing and leading cybersecurity programs across retail, financial services, hospitality, and entertainment. Her career spans senior security leadership roles at AEG, AECOM, ADP, and Royal Caribbean Cruises, and she currently serves as a Leadership Board Member at the CyberRisk Collaborative and Co-Chair of the Evanta SoCal CISO Community.
• Laura Galante served from 2022 to 2025 as the Intelligence Community's Cyber Executive and Director of the Cyber Threat Intelligence Integration Center at ODNI, coordinating the U.S. government's response to major cyber incidents. Previously Director of Global Intelligence at Mandiant, where she built and scaled the firm's intelligence business, she now serves as a Principal at WestExec Advisors and Senior Fellow at the Center for European Policy Analysis, advising boards and executive teams on digital resilience and cyber strategy.
• Roya Gordon is a CISO and OT security specialist, most recently serving as CISO of ENGIE North America, where she led cybersecurity across 90+ critical infrastructure assets including solar, wind, battery storage, and power plants across the U.S. and Canada. A six-year U.S. Navy Intelligence veteran, Idaho National Laboratory alumna, and eight-year faculty advisor at Florida International University, she is one of the most distinctive voices in energy sector and critical infrastructure cybersecurity.
• Tamer Hassan is co-founder and Executive Chairman of HUMAN Security, the company he built over more than a decade into one of the most consequential forces fighting bot fraud, digital deception, and cybercrime at internet scale. A decorated U.S. Air Force Combat Search and Rescue helicopter pilot with four combat deployments, he played a central role in the takedowns of major ad fraud operations including Methbot and the 3ve botnet, leading to federal indictments and convictions. HUMAN was named one of TIME100's Most Influential Companies in 2023.
• Trey Herr is an Assistant Professor of Global Security and Policy at American University's School of International Service and a Non-Resident Senior Fellow at the Atlantic Council, where he previously directed the Cyber Statecraft Initiative for seven years. A former Senior Security Strategist at Microsoft and Postdoctoral Fellow at Harvard Kennedy School's Belfer Center, he is one of the most prolific policy voices on software supply chain security, vulnerability markets, and international cyber norms, and his work continues to bridge the technical and policy worlds in ways that produce concrete, real-world impact.
• Tanya Janca is CEO and founder of She Hacks Purple Consulting and the best-selling author of Alice and Bob Learn Application Security and Alice and Bob Learn Secure Coding, two of the most widely used books in the field. Known by her handle SheHacksPurple, she has trained thousands of developers and security professionals through her online academies and live programs, and is an OWASP Lifetime Distinguished Member and one of the most recognized educators in application security globally.
• Jacqueline (JJ) Jayne is an independent cybersecurity consultant, keynote speaker, and media commentator specialising in human risk management and online safety, and one of the most recognised cybersecurity voices in the Asia-Pacific region. A former Security Awareness Advocate at KnowBe4 and host of Ticker Clicks on Australian financial news channel Ticker, she brings a people-first approach to security awareness that has made her a sought-after speaker and educator across the region and beyond.
• Ann Johnson is Executive Vice President of Security Solutions at Mastercard, bringing over a decade of senior security leadership at Microsoft where she most recently served as Corporate Vice President and Deputy CISO. The former host and co-creator of the Afternoon Cyber Tea podcast, a board member at HUMAN Security and Datavant, and a longtime advisor to the Executive Women's Forum on Information Security, she is one of the most well-respected voices in enterprise cybersecurity.
• Sandra Joyce is Vice President of Google Threat Intelligence, leading the team responsible for intelligence collection, research, and analysis following Google's acquisition of Mandiant. A retired U.S. Air Force Reserve officer with over 27 years of intelligence experience, she serves on the board of Crane NXT, is Co-Chair of the Aspen Institute U.S. Cybersecurity Working Group, and is a faculty member and board member at the National Intelligence University.
• Diana Kelley is CISO at Noma Security and one of the most decorated leaders in the industry, having previously served as CISO at Protect AI, Cybersecurity CTO at Microsoft, Global Executive Security Advisor at IBM Security, and GM at Symantec. A 2023 Global Cyber Security Hall of Fame inductee, EWF Executive of the Year, co-author of Practical Cybersecurity Architecture and Cryptographic Libraries for Developers, and named one of EM360Tech's Top 10 Security Analysts of 2026, she serves on the boards of WiCyS and the Executive Women's Forum.
• Shaun Khalfan is SVP and CISO at PayPal, where he leads global cybersecurity, product security engineering, and cyber risk strategy across one of the world's largest digital payments platforms. A five-time CISO with prior roles at Discover Financial Services, Barclays International, Freddie Mac, U.S. Customs and Border Protection, and the Department of the Navy, he is also an Adjunct Professor at Carnegie Mellon's Chief Risk Officer Program and a U.S. Army veteran with combat service in Operation Iraqi Freedom.
• Katherine Kuehn is Area Vice President of Global Cyber Advocacy at World Wide Technology, with over 25 years of experience spanning CISO, CEO, and Chief Trust Officer roles at Aon, BT Group, and Senseon. A board member at the National Technology Security Coalition and named 2025 Global Cyber Woman of the Year, she is a frequent speaker, published author, and committed advocate for women and responsible AI in cybersecurity.
• Dan Lorenc is CEO and co-founder of Chainguard and co-creator of Sigstore, the open-source tool now used by major software ecosystems to verify the provenance of code. With nearly a decade as a software engineer at Google, where he helped launch foundational open-source projects including Minikube, Tekton, and SLSA, he is one of the most respected and credible voices in software supply chain security today.
• Rafal Los is VP of Client Relations and Strategic Initiatives at ExtraHop and the founder and host of the Down the Security Rabbithole podcast, a weekly industry show running since 2011. With over 20 years of experience helping organizations translate complex security challenges into business outcomes, he is a steady and trusted fixture in the enterprise security community.
• Kevin Mandia is CEO of Armadin, an AI-native red team platform, and co-founder of Ballistic Ventures, a cybersecurity-focused venture capital firm. The founder of Mandiant, which he built into the world's most recognized incident response and threat intelligence firm before its acquisition by Google, he led investigations into some of the most significant nation-state cyberattacks in history and helped establish the modern framework for attributing and responding to advanced persistent threats.
• Ciaran Martin is the founder and first CEO of the UK's National Cyber Security Centre and now a Professor of Practice at Oxford's Blavatnik School of Government, UK Chair of CyberCX, and Managing Director at Paladin Capital Group. A 23-year UK Government veteran who worked with five Prime Ministers and held senior roles at GCHQ and the Cabinet Office, he is also head of the SANS Cyber Leaders Network and co-host of its podcast, and remains one of the most influential voices in global cyber governance.
• Kayne McGladrey, CISSP is a Senior Member of the IEEE, author of the GRC Maturity Model, and an active thought leader in governance, risk, and compliance, with over 250 media features since 2017 and a Thinkers360 ranking as the number one global voice in cybersecurity and AI governance. With nearly 30 years of experience advising Fortune 500 and Global 1000 organizations, he has delivered keynote presentations at RSA, Gartner, ISC2, and ISACA.
• Stéphane Nappo is Vice President and Group Cybersecurity Director at Groupe SEB, the French multinational behind brands including Tefal, Krups, Rowenta, and Moulinex, where he leads cybersecurity across 150 countries, 39 factories, and 1,400 websites. The 2018 SC Awards Europe Global CISO of the Year and a Forbes top five cybersecurity leader, he has over two decades of senior security leadership across financial services, cloud infrastructure, and manufacturing, and is one of the most recognized European voices in the field.
• Dr. Yonesy Núñez is a six-time CISO and currently Chief Information Security Officer at Surf AI, an agentic security platform, having previously led cybersecurity at DTCC, Jack Henry, Wells Fargo, and Citi. A named inventor on four U.S. patents in fraud risk detection, an Independent Board Director at Chain Bridge Bank and Pentegra Retirement Services, and a board member of the Hispanic Security Executive Council, he has been recognized on the Hispanic IT Executives Council's list of the Top 100 Most Influential Hispanic Leaders in Technology.
• Lukasz Olejnik, Ph. D, is an independent cybersecurity and privacy researcher, Visiting Senior Research Fellow at King's College London's Department of War Studies, and a W3C Invited Expert with nearly a decade of focus on security and privacy standards. The author of Philosophy of Cybersecurity he brings a rare combination of technical depth, legal expertise, and policy influence, and is one of the most internationally distinctive voices on the intersection of cybersecurity, privacy engineering, and international law.
• Valentina Palmiotti is Head of X-Force Offensive Research at IBM, where she leads a team dedicated to advanced vulnerability research and binary exploitation in high assurance and hardened environments. A respected offensive security researcher, she has presented research at Black Hat and SANS and brings a distinctive background that spans economics, nuclear engineering research, and some of the most technically demanding work in the field.
• Margarita Rivera is SVP and Global CISO at Carnival Corporation, where she oversees cybersecurity strategy across eight cruise lines and one of the most operationally complex security environments in the world. Named the 2026 CISOs Connect Trailblazer Award recipient and the 2024 NDC Authentic Leadership Award winner, she has spent more than 20 years building and leading security programs across financial services, real estate, retail, and hospitality.
• Michael Sentonas is President of CrowdStrike, where he oversees product, engineering, sales, and go-to-market strategy for one of the world's leading cybersecurity companies. An Australian cybersecurity veteran with over 25 years in the industry, including prior roles as CTO at CrowdStrike and CTO for Asia-Pacific at McAfee, he is a Forbes Technology Council member and a regular keynote speaker on the evolving global threat landscape.
• Caleb Sima is Founding General Partner at Whiterabbit and Founder and Chair of the Cloud Security Alliance's AI Security Initiative. With over 25 years building and leading security organizations, including stints as CSO at Robinhood, VP of Security at Databricks, and founder of two acquired security startups, SPI Dynamics and Bluebox Security, he is one of the most cited voices on AI security risk in the industry today.
• Alex Stamos is Chief Product Officer at Corridor, a startup focused on making AI coding safe and trustworthy, and an Adjunct and Lecturer in Computer Science at Stanford University. Previously CSO at Facebook, CISO at Yahoo, CISO at SentinelOne, and co-founder of both iSEC Partners and the Krebs Stamos Group, he also founded the Stanford Internet Observatory and is a prolific speaker and writer on AI safety, disinformation, and election security.
• Katell Thielemann is a Distinguished VP Analyst at Gartner and a two-time Gartner Thought Leadership Award winner, covering cyber-physical systems security, OT and ICS protection, and U.S. Federal cybersecurity. She defined and popularized the CPS protection platform market category, shaping how the industry thinks about securing the convergence of IT, OT, and IoT environments, and brings over a decade of operational technology experience from her prior career at Honeywell spanning defense, aerospace, and DoD programs.
• Kemba Walden served as Acting U.S. National Cyber Director in 2023, leading an office of over 75 cybersecurity experts and helping advance the National Cybersecurity Strategy during her tenure. She currently serves as President of the Paladin Global Institute, co-chair of Aspen Digital's U.S. Cybersecurity Group, Outside Director at Elastic, and Adjunct Professor at Georgetown University, and is a member of the Council on Foreign Relations and the Atlantic Council board.
• Chenxi Wang, Ph. D is Managing General Partner at Rain Capital, a cybersecurity-focused venture fund with investments including Claroty and ProjectDiscovery, and the founder of the Forte Group, a nonprofit advancing women's careers in cybersecurity. A former Associate Professor at Carnegie Mellon, VP at Forrester Research, and VP of Strategy at Intel Security, she brings one of the most distinctive combinations of academic, analyst, operator, and investor experience in the field.
• Georgia Weidman is the founder of Shevirah and Bulb Security, a DARPA-funded security researcher, and the author of Penetration Testing: A Hands-On Introduction to Hacking, a foundational text whose accompanying Cybrary course has reached over 275,000 students. A frequent speaker at Black Hat, DEF CON, and RSA, she is one of the most recognized practitioners in offensive security and has spent her career making penetration testing more rigorous and accessible across the industry.
• Meg West, CISSP, CCSP is a Sr. Cybersecurity Consultant at CrowdStrike, with prior experience as an Incident Response Consultant at IBM X-Force and Global Cybersecurity Incident Response Manager at TD SYNNEX. Known as @cybersecmeg, she creates free cybersecurity content across YouTube and social media and actively mentors students entering the field, making her one of the most accessible and community-focused voices in the profession.
• Josephine Wolff is a Professor of Cybersecurity Policy at The Fletcher School at Tufts University and the author of You'll See This Message When It Is Too Late, one of the most critically acclaimed books on the economics of cybercrime. A former Fellow at New America and Faculty Associate at Harvard's Berkman Center, she writes regularly for major technology and policy publications and is one of the most frequently cited academic voices in debates about cybersecurity regulation and liability.
• Nir Zuk is the co-founder and CTO of Palo Alto Networks, where his technical vision has helped build one of the most influential cybersecurity platforms in the world. A principal architect of stateful inspection technology at Check Point and former CTO at NetScreen Technologies, he is widely credited as the driving force behind the next-generation firewall and one of the most consequential technical leaders in commercial cybersecurity history.

Shaping the cybersecurity landscape

As the threat landscape grows more sophisticated and the stakes of getting security wrong continue to rise, the future of cybersecurity will be defined by those who lead with vision, communicate with clarity, and build programs that can withstand contact with reality. This year's list reflects the full range of what modern cybersecurity leadership looks like, spanning practitioners and policymakers, researchers and executives, educators and operators, from every corner of the globe.

These leaders are not just responding to today's challenges, they’re building the frameworks, teams, and technologies that will determine how organizations, governments, and individuals are protected in the years ahead. Secureframe is proud to recognize their contributions to a field that has never mattered more.