29 Highly

Influential CISOs
29 Security Leaders you should follow

Compiled by Basheer Ahmed Khan

From putting together a complex Risk Management
Program to handling an unexpected huge security
threat, the job of a CISO (Chief Information Security
Officer) is getting more and more complicated with the
rapid expansion of the threat landscape. The toughest
part many CISOs face is to convince the C-suite
executives about the cybersecurity threats an
organization faces and to extract the budgets they
need for overall Cyber Security. The role of a CISO is
becoming more and more important at the C-suite
level. Apart from their technical expertise a CISO must
also possess operational and leadership skills. The role
of a CISO has become very very critical for any
organisation irrespective of the industry and the size. In
fact the role of a CISO has become so critical that even
smaller organizations who cannot afford to have an in-
house CISO are outsourcing it to a Virtual CISO (VCISO).

We have identified and listed 29 awesome Chief

Information Security Officers who have all the above
mentioned qualities. These experts are the reason
behind the impeccable CyberSecurity their
organizations have. We have arranged them in
alphabetical order.
 Abeer Khedr Billy Spears
Brian Bobo Dane Warren
Dan Bowden Dan Lohrmann
Don Cox Dr. Jackson Muhirwe
Gary Hayslip George Smirnoff
Greg Dakin Jason Lau
Jeff Brown John Meakin
Jothi Dugar Lakshmi Hanspal
Magda Chelly Mark Potter
Michael Montoya Mike Britton
Myrna Soto Nikk Gilbert
Phil Cracknell Phoram Mehta
Richard Rushing Rinki Sethi
Stephane Nappo Steven Sim Kok Leong
Todd L Bell
 ABEER KHEDR
INFORMATION
SECURITY DIRECTOR,
NATIONAL
BANK OF EGYPT

ABOUT
SOCIAL MEDIA
Abeer Khedr is the Information Security Director at the National Bank
of Egypt with more than 20 years of experience in technology and
information security fields. Abeer has been serving in her current role
for eight years where she has established the information security
strategy & program at the bank, developed information security
policies and awareness programs, and designed and certified an
information security management system (ISMS) for the bank’s main
data center & call center. She has also developed information security
effectiveness measurement program to ensure continuous
improvement and maturity in security processes in addition to being
a member in both the enterprise change advisory board and the
bank’s technology steering committee. In her current role, Abeer also
oversees cyber security functions for the bank’s remote subsidiaries
and branches.

Prior to joining NBE, Abeer has been leading the security consulting
and IT audit service lines at Deloitte Egypt serving different industries.
Abeer is a graduate of the American University in Cairo with a
computer science major and economics minor. She also has a Master
of Science degree in Business Information Technology from
Middlesex University, England. Abeer has a number of security &
governance related certifications: C|CISO, C|DPO, CISM, CISA, CRISC,
CGEIT and ISO 27001.

Abeer has been recently awarded among top regional government

security leaders in the Middle East by the CISO council in Dubai and
was also awarded among leading information security executives in
the ME by the council in 2018. She has been recognized as a “Woman
Security Leader” in the same conference, 2016. Abeer was also
selected as “CISO of the year” during Arab Security Conference, 2018
and during Cairo Security Camp, 2016. Abeer has also been recently
selected among the panel of judges for IFSEC 2019 to select global
cyber security influencers.
 ABEER KHEDR
INFORMATION
SECURITY DIRECTOR,
NATIONAL
BANK OF EGYPT

SOCIAL MEDIA ADVICE

My advice to organizations, especially in highly regulated

industries like banking, is to look upon security regulations
compliance not as a burden or cost but rather as opportunities
that foster customer trust, as a guard against reputational &
financial losses and as a mechanism that will increase their
resilience & thrival.

My advice to employees is to realize they are the most important

pillar in the security of their organization. Being so, they should
never shy out from voicing their observations or inquiries to their
colleagues in cyber security teams and reporting any
vulnerabilities and suspicious events they encounter in the
course of their work.

My advice to C-Suite members : Please be the champs of cyber

security for your organizations: you are the role models to your
teams and their commitment to cyber security will follow your
lead.
 BILLY SPEARS
EXECUTIVE VICE
PRESIDENT, CHIEF
INFORMATION SECURITY
OFFICER AT LOANDEPOT

ABOUT
SOCIAL MEDIA
Oversees enterprise cybersecurity, privacy, information technology
risk, and records management practices at loanDepot. He has more
than 20 years as a collaborative business partner and possesses deep
expertise across the cyber security, privacy, and risk management
fields. Billy has a passion for architecting and implementing strategic
solutions that build trust, enable resilience, and incorporate core
principles that drive transformation while simplifying business
processes. He strongly believes in raising awareness, influencing
positive change and disrupting the category norm using forward
thinking techniques.

Prior to this role, Spears held similar positions at Hyundai Capital

America, General Electric, Dell, the U.S. Department of Homeland
Security and the United States Marine Corps. Billy graduated with a
bachelor’s degree in information technology from National University
and later obtained an M.B.A. from the University of Phoenix.

In 2018, Billy was honored with Gartner's Evanta "Global CISO

Breakaway Influence Leader of the Year" Award and continues to
serve as an industry related thought leader and speaker for related
topics.

ADVICE

Successful practitioners have learned to master their ability to

influence levels of the company by aligning their role to business
objectives, implementing strategies that shift security priorities,
and effectively building a security awareness culture within their
organization. Remember to develop a posture of “Yes, if…” rather
than always becoming the impediment or roadblock to the
businesses success path.
 BRIAN BOBO
CHIEF INFORMATION
SECURITY
OFFICER, SUN
COUNTRY AIRLINES IN
MINNEAPOLIS, MINNESOTA

ABOUT
SOCIAL MEDIA
Brian Bobo is the Chief Information Security Office for Sun Country
Airlines in Minneapolis, Minnesota. He is responsible for all aspects of
the security and disaster recovery strategy, implementation and
effectiveness. Sun Country Airlines focuses on vacation destinations
taking vacationers to the tropical beaches of Mexico, Costa Rica and
the Caribbean, as well as flying charters to support our troops across
the world. Previously, he was the Director of Global Security at
Ecolab, a leading provider in water, hygiene, and energy technologies
to foodservice, food processing, hospitality, healthcare, industrial, and
oil and gas companies in over 170 countries. In this role, Bobo was
responsible for the planning and execution of effective processes and
technologies for incident response and security operations. He also
leads the security awareness and continuous improvement of
security.

Prior to Ecolab, Bobo was the CISO for Schneider, a leading provider
of transportation, intermodal and logistics services. In this role, Bobo
was responsible for the planning and execution of effective processes
throughout the enterprise for information security, personal and
physical security, as well as disaster recovery, business continuity and
emergency preparedness. Prior to that, Bobo was a Technologies
Services Manager for Target Corporation, where he managed
corporate-wide information protection and IT security teams. Bobo
worked for Target for 12 years, holding various positions with
increasing responsibility, including warehouse management, IT
security and disaster recovery. Bobo has 30 years of military
experience serving in the U.S. Army and Army National Guard. He
most recently led the Cyber team for the Minnesota Army National
Guard prior to being promoted to the head of IT for the Minnesota
Army National Guard.
 BRIAN BOBO
CHIEF INFORMATION
SECURITY
OFFICER, SUN
COUNTRY AIRLINES IN
MINNEAPOLIS, MINNESOTA

SOCIAL MEDIA Bobo received his Bachelor of Science degree in History and Systems
Engineering from the United States Military Academy at West Point.
He holds a Master’s Degree in Business Administration from the
University of Florida and a Master's Degree in Strategic Studies from
the U.S. Army War College. In addition, Bobo has earned the Certified
Information Systems Security Professional and Certified Business
Continuity Professional certifications.

ADVICE

You should look to fix your talent shortage problems by hiring

bright, talented, teachable people that want to learn and then
build them into what you need.
 DANE WARREN
GLOBAL CISO,
NISSAN MOTOR COMPANY

ABOUT
SOCIAL MEDIA
Dane is currently the global CISO for Nissan Motor Company, where
he is responsible for leading the global cyber security transformation
program. Dane previously worked as a Global CISO for Intertek
Testing Service, a FTSE 100 company, where he led the build out of a
global follow the sun SOC and full cyber security team. Dane also
spent several years working for Zurich Insurance Company as a CISO
for several APAC and EMEA countries. Dane’s earlier roles include -
Head of Information Risk and Security at Virgin Mobile Australia, and
CSO APAC Financial Services at EDS. Dane has nearly 20 years’
experience in cyber security, and holds a Master in Business (IT
Management) from the University of Technology Sydney. Dane was
recognized in 2017 as a top 100 global CISO.

ADVICE

Cyber security is a constant journey of relevance; be important to

your people, your peers, your customers’ and your business.
Customer value and protection must be at the centre of your
cyber security journey because that’s the reason we exist as a
business.
 DAN BOWDEN
VICE PRESIDENT AND
CISO AT SENTARA
HEALTHCARE

ABOUT
SOCIAL MEDIA
He was previously CISO at University of Utah Healthcare and the
University of Utah. Dan has been an executive leader in cybersecurity
and technology for healthcare, higher education, banking, retail, and
the military (USAF) over the past 25 years.

Along with his CISO role, Dan is actively developing joint venture and
business opportunities for Sentara in health cyber security, public
cloud, and blockchain technology. Dan’s other professional and
academic interests include digital strategies, cloud computing,
population health, healthcare analytics, data governance, global and
homeland security. Dan has a M.S. in Administration of Justice and
Security with a concentration on Global and Homeland Security. He
works in Virginia Beach, Virginia and has a home in South Jordan,
Utah. His personal interests focus on family, fitness and outdoor
activities.
 DAN LOHRMANN
CHIEF SECURITY OFFICER
AND CHIEF STRATEGIST FOR
SECURITY MENTOR

ABOUT
SOCIAL MEDIA
Daniel J. Lohrmann is an internationally recognized cybersecurity
leader, technologist, keynote speaker and author. During his
distinguished career, Dan has served global organizations in the
public and private sectors in a variety of executive leadership
capacities, receiving numerous national awards including: CSO of the
Year, Public Official of the Year and Computerworld Premier 100 IT
Leader. In 2017, Dan was awarded the cybersecurity breakthrough
CISO of the year for global security products and services companies.
Lohrmann led Michigan government’s cybersecurity and technology
infrastructure teams from May 2002 – August 2014, including
enterprise-wide Chief Security Officer (CSO), Chief Technology Officer
(CTO) and Chief Information Security Officer (CISO) roles in Michigan.

Dan currently serves as the Chief Security Officer (CSO) and Chief
Strategist for Security Mentor, Inc. Lohrmann is leading the
development and implementation of Security Mentor’s industry-
leading cyber training, consulting and workshops for end users,
managers and executives in the public and private sectors. He has
advised senior leaders at the White House, National Governor’s
Association (NGA), National Association of State CIOs (NASCIO), U.S.
Department of Homeland Security (DHS), federal, state and local
government agencies, Fortune 500 companies, small businesses and
non-profit institutions.

Dan has more than 30 years of experience in the computer industry,

beginning his career with the National Security Agency. He worked
for three years in England as a senior network engineer for Lockheed
Martin (formerly Loral Aerospace) and for four years as a technical
director for ManTech International in a US / UK military facility.
 DAN LOHRMANN
CHIEF SECURITY OFFICER
AND CHIEF STRATEGIST FOR
SECURITY MENTOR

SOCIAL MEDIA Lohrmann is the author of two books - Virtual Integrity: Faithfully
Navigating the Brave New Web and BYOD For You: The Guide to
Bring Your Own Device to Work. He has been a keynote speaker at
global security and technology conferences from South Africa to
Dubai and from Washington D.C. to Moscow. Lohrmann holds a
Master's Degree in Computer Science (CS) from Johns Hopkins
University in Baltimore, Maryland, and a Bachelor's Degree in CS from
Valparaiso University in Indiana.

ADVICE

CISOs need to focus more on relationships. Really get to know

your team, your management colleagues, your end users,
industry CISO peers and your organization's customers. The
quality of those relationships will ultimately determine both
your success and long-term career satisfaction.
 DON COX
CISO at MEDNAX

ABOUT
SOCIAL MEDIA
Don Cox has over 30 years of experience in technology. Currently
residing as the Chief Information Security Officer at MEDNAX, the
physician-led healthcare organization headquartered in Sunrise, FL,
Cox is responsible for cyber operations and engineering, identity
access management, disaster recovery, business continuity planning,
and risk and compliance for the company.

Before MEDNAX, Don was the Chief Information Officer at HHS,

SAMHSA and held executive leadership positions in several other
government agencies. Adding to his experience, he served as the
Chief Information Officer in the pharmaceutical and consulting
industry, and President of a commercial data center. Don holds a
Master of Business Administration, Master of IT Management,
Graduate Certificate in Chief Information Officer Competencies, CISM,
PMP, ITIL, and other industry certifications.

ADVICE

CISOs and CIOs should be moving toward outsourced managed

security provider (MSP). A reputable MSP will level the playing
field, reduce the volume of threats, and allow for faster
prevention of new and previously unknown risks.

Cybersecurity is no longer nice to have capability. Like insurance,

it's the cost of doing business. A successful attack could damage
your brand and cause a financial burden for your business and
your customers.
 JACKSON
MUHIRWE
Works at University of California, Davis

SOCIAL MEDIA ABOUT

Jackson currently serves as the Deputy CISO at UC Davis. In this role,
he leads various campuswide initiatives designed to improve the
security posture of UC Davis. Previously, he served the City and
County of San Francisco as the Interim City CISO and Director of
Cybersecurity Services for the Department of Technology. He led the
team that was charged with the responsibility of protecting the
critical cyber assets of the City. During his two decades in IT, Jackson
has held various leadership and academic roles with life experiences
on four different continents. Jackson holds a Ph.D. in Computer
Science, CISSP and C|CISO.

ADVICE

Message to young professionals: Cybersecurity is a young

profession with great potential. Organizations are seeking people
who will come and make a difference. Prepare to be the
difference-maker.

Message to organizations: Cybersecurity is not just a technology

problem but a business risk that needs all key stakeholders to
address.
 GARY R. HAYSLIP
Cybersecurity Strategist, CISO

SOCIAL MEDIA ABOUT

With over 25 years of information technology, security leadership, and

risk management experience, Gary Hayslip has an exceptional record
of success leading multiple, diverse cross-functional security and risk
governance teams in the planning, analyzing and implementation of
information security programs to support organizational business
objectives. Hayslip’s previous executive roles include multiple CISO,
CIO, Deputy Director of IT and Chief Privacy Officer roles for the U.S.
Navy (Active Duty), the U.S. Navy (Federal Government employee), the
City of San Diego California, and Webroot Software. In all of these
roles, Hayslip led diverse teams of 10 – 300 employees and built
information technology and security programs from the ground up.
He partnered with software development and agile teams,
integrating security into innovative workflows and new services.
Hayslip collaborated with customers, strategic partners, and
executive leadership teams on the deployment of new products,
merger & acquisition due diligence services, and the management of
his organizations business risks.

Hayslip is a proven cybersecurity professional; he has established a

reputation as a highly skilled communicator, author, and keynote
speaker. Hayslip recently co-authored the CISO Desk Reference Guide
A Practical Guide for CISOs – Volumes 1 & 2, which are considered
among the leading books on enabling CISOs to expand their
leadership and business expertise. Hayslip is an active member of the
professional organizations ISC2, ISSA, ISACA, OWASP, and Infragard.
He currently holds several professional certifications, including CISSP,
CISA, and CRISC. Hayslip has a BS in information systems
management from UMUC and an MBA from San Diego State
University.
 GARY R. HAYSLIP
Cybersecurity Strategist, CISO

SOCIAL MEDIA ADVICE

Cybersecurity is a career field that is rapidly changing with new

technologies, threats, and role requirements emerging on a daily
basis. To be successful I believe it is important that you will need
to continually educate yourself, you will need to collaborate with
peers to mature your knowledge and experience, and finally you
need to seek mentors provide mentorship when possible.
 GEORGE
SMIRNOFF
SVP / CISO at Synchrony

SOCIAL MEDIA ABOUT

Cybersecurity and information technology leader driven by a mission

to both protect and enable the business. Record of success building
outstanding programs with strong cultures that thrive on challenge,
innovation, and opportunity. On-the-ground experience successfully
leading responses to major cyber incidents and avoiding significant
enterprise impacts.

Expertise additionally includes privacy, data management, resilience,

and technology risk, with formative experience in Application
Development. Deep financial services knowledge (commercial, retail,
investment banking, wealth management, and payments)
complemented by strong retail and technology sector experience.
Recognized thought leader in cyber frameworks, regulatory
harmonization, and privacy. Strong strategic mindset combining
deep technology and security architecture skills with advanced
business acumen.

Excellent communicator who makes complex technical concepts

understandable and actionable with business leaders, partners,
stakeholders, and technical teams. Extensive Board and Regulatory
experience. JD, MBA, CISSP.
 GREG DAKIN
CISO at Interserv Plc

SOCIAL MEDIA ABOUT

Greg Dakin is an award winning CISO with over 20 years of security

experience within the Aerospace, Healthcare, Energy, Manufacturing
and Civil Engineering markets. He has operated in roles at regional,
European and global levels across all aspects of the information
security agenda and has been recognised within the Global Top 100
CISO and European PrivSec 200 listings. Greg is a founder member of
the Chartered Institute of Information Security and acquired an MSc
in Information Security Management in 1994.

ADVICE

Advice for Organisations: Consider your information as ‘currency’

in much the same way as you do for revenue, profit and cash.
Ensure that you have identified your most valuable information
assets and implemented appropriate security controls to ensure
their ongoing protection.

Advice for Employees: Manage your organisation’s information as

you would your own, personal data. Take time to consider the
implications of your online behaviours and seek to protect the
digital interests of your employer.
 GREG DAKIN
CISO at Interserv Plc

SOCIAL MEDIA

Advice for the C-Suite: Develop a security culture within your

organisation and evangelise the importance of effective
information security management. Maintain oversight of the
security status of your business and support initiatives that will
materially improve your position, balancing cost, benefit and risk
accordingly.
 JASON LAU
CISO at crypto.com

SOCIAL MEDIA ABOUT

Jason Lau is currently the Chief Information Security Officer (CISO) at

Crypto.com, a multiple award-winning cybersecurity professional,
including the “Cybersecurity Professional Award”, “Financial
Technologist of the Year (Data Privacy)”, and a global Top 20
influencer in the cybersecurity and privacy space. Jason is an
established leader in the Blockchain and FinTech industry, driving
Crypto.com to become the first Cryptocurrency company worldwide
to achieve company-wide ISO27001:2013, PCI:DSS and
Cryptocurrency Security Standard (CCSS) compliance in record time.
Jason was previously a regional Cybersecurity Advisor at Microsoft
and has over 18 years in consulting experience for Fortune 500
companies. Jason has completed Executive Programs at both
Stanford and Harvard and holds CISSP, CIPP/E, CIPM, CGEIT, CRISC,
CISA, CISM, CEH, CDNA, ISO27001 Lead Auditor, as well as being a
Fellow of Information Privacy (FIP). Jason is also currently the
Regional Lead and Co-Chairman of the International Association of
Privacy Professionals (IAPP), an Adjunct Professor (Cybersecurity and
Data Privacy), and sits on various industry cybersecurity and data
privacy Think Tanks. Jason is also a frequent industry speaker on the
topics of cybersecurity and data privacy at conferences such as RSA
Conference, Delta Summit, IAPP Privacy Forum, Cloud Forum and
more.
 JASON LAU
CISO at crypto.com

ADVICE
SOCIAL MEDIA

My advice to organisations is to make sure they always

remember to focus on the Human Element of cybersecurity, as a
bulk of the cybersecurity attacks originate from some form of
human error (e.g. phishing, weak passwords etc.) An overall
cyber-secure culture starts from the top, which means executive
buy-in to cybersecurity programmes and initiatives are critical to
ensure that organisations have a Defence-in-Depth strategy,
starting with their employees; as it's always a combination of
People, Process and Technology. Furthermore, industry tested
cybersecurity frameworks should be used to guide the
development of an organisation’s cybersecurity maturity, and a
shift is needed towards an identity driven security model using
Zero-Trust to ensure companies consistently verify and validate
controls throughout the organisation’s internal and external
infrastructure. Data Privacy also needs to be embedded deep
into the culture, where Privacy by Design, Privacy by Default
needs to guide all business decisions to ensure that the
protection of personal data is a core priority.
 JEFF BROWN
CISO Life & Retirement at AIG
Advisor to the Board at iQ4

SOCIAL MEDIA ABOUT

Jeffrey W. Brown is a recognized information security and IT risk

expert with a strong track record spanning two decades
implementing cost-effective security programs for global Fortune
500 financial institutions including Citigroup, Goldman Sachs, GE
Capital, BNY Mellon and AIG. Jeff helps senior executives understand
and manage cybersecurity risk while still keeping a commercial
perspective on meeting business objectives.

Active in the information security industry, he is a frequent speaker at

various events and conferences and is the author of multiple articles
and publications. He is the co-Chair of Evanta’s New York CISO
Executive Summit events and works in an advisory capacity with the
Cyber Investing Summit and HMG. He is currently advising iQ4 on
their Virtual Cybersecurity Apprenticeship Challenge, which aims to
prepare 10,000 students for the workforce and help address the
security skills shortage.

ADVICE

Cybersecurity is a boardroom issue, not an information

technology issue. As an industry, we need to focus on educating
our current and future business and IT leaders to make sure that
we are addressing this issue head-on.
 JOHN MEAKIN
SVP / CISO at Synchrony

SOCIAL MEDIA ABOUT

Dr. John I. Meakin is a specialist in information and systems security

with 30 years’ experience. He retired as the Chief Security & Risk
Officer at Burberry in mid-2017 and for the past few years has advised
various business on cyber risk, including acting as interim Chief
Information Security Officer at GlaxoSmithKline throughout 2018.
Prior to Burberry he was Chief Security Officer for the luxury goods
conglomerate Richemont International SA in Geneva, with oversight
of physical, information and cyber security. Previously, he has built
and led security functions in a range of Banks, notably the Royal Bank
of Scotland, Dresdner Bank and Standard Chartered Bank. He
has also been Chief Information Security Officer of BP and Reuters.
He has a Ph.D. in experimental solid-state physics from Cambridge
University. When not fighting the good fight for better cyber security
he plays five-a-side footie and classical music and jazz.

ADVICE

It is not the CISO or cyber security team’s job to secure your

business – it is yours – all staff, all management and the Board.
Expect the unexpected – if you think that you could not be a
target because you have nothing of value/interest to cyber
attackers, you are wrong! And you might just be a bystander
damaged in the “cross-fire”. Good cyber security is a balance
between risk, spend and efficiency – too much security is a bad
thing, just like too little. So, it is crucial that you engage in a
(continuous) dialogue with the cyber security experts about risk
and risk appetite – to achieve the right balance.
 JOTHI DUGAR
CISO at NIH Center for Information
Technology

SOCIAL MEDIA ABOUT

Jothi Dugar is a multi-dimensional executive, business owner, and

entrepreneur, whose diverse career to-date has included key senior
leadership roles in Cybersecurity, IT management, project
management, defense, and training, as well as in the performing arts
and holistic wellness. A leading expert and pioneer in the field of
healthcare cybersecurity, she was the Chief Information Security
Officer (CISO) at the National Institute of Health Clinical Center for
the past 8 years and is now the CISO of the NIH Center for
Information Technology.

In addition to her role at the NIH, Jothi is Director of the BollyNatyam

Masala School of Dance, a community-focused fusion dance
company and school. The company follows a mission of community
service, and regularly performs for charitable and private events, as
well as at assisted living homes, religious organizations and
community events.

With a lifelong commitment to empowering women in terms of

wellness and health, Jothi Is also the owner and principal practitioner
of The Power of Healing 360, a holistic healing practice that enables
people to heal themselves through natural and alternative medicine
therapies, treatments, and cures.

A dynamic and highly sought after international public speaker, she

has given numerous keynote addresses and talks, and featured on
leading journals, magazines, and radio interviews. Jothi is dedicated
to mentoring young professionals, and women at-large to become
self-empowered, find their voice, and break the glass ceiling in the
STEM fields.
 JOTHI DUGAR
CISO at NIH Center for Information
Technology

SOCIAL MEDIA Outside of her many professional pursuits, Jothi is a dedicated wife
and mother of three. She and her family reside in Great Falls, Virginia.
Jothi loves the thrill of adventure and traveling. She has traveled to
over thirty countries, almost every state in the U.S., and loves
adventure sports.

ADVICE

In my personal opinion, organizations must take a holistic and

integrative approach to Cybersecurity. Viewing people as our
greatest assets, we must train them, keep them informed,
engage them, and empower them to make the right decisions
even when no one is watching - that is the sign of a well run
organization from all aspects, including Cybersecurity.
 LAKSHMI
HANSPAL
Global Chief Information Security Officer
at Box

SOCIAL MEDIA ABOUT

Lakshmi Hanspal is the Global Chief Security Officer of Box, leading

the Trust Office for Box across multiple security domains including
Corporate, Physical, Cyber, Customer, Product, Platform, Risk &
Assurance, Compliance and Data Protection. Lakshmi is a persuasive
and recognized executive leader who provides overall
transformational leadership for security strategies, with emphasis on
cloud security, risk and privacy management. She has strong ability
to engage with customers and senior level executives across the
organization and influence buy in and consensus on key initiatives.
Lakshmi is passionate about securing digital transformation, IoT
security and supporting socially conscious connected commerce. She
is active in engaging and promoting Women in technical leadership
roles and developing early talent for diversity within teams. Lakshmi
is considered as a catalyst and harbinger of change within her
professional and volunteering circles.

Prior to joining Box, Lakshmi was the Global CISO at SAP Ariba, where
she protected the world’s largest dynamic digital marketplace, with
more than $3 trillion in annual business commerce. Lakshmi has also
held leadership roles at PayPal and Bank of America. Her career
spans across 24+ years in Information Security and risk management,
with16+ years in the financial and payment space.
 LAKSHMI
HANSPAL
Global Chief Information Security Officer
at Box

SOCIAL MEDIA ADVICE

Cybersecurity is a boardroom issue, not an information

technology issue. As an industry, we need to focus on educating
our current and future business and IT leaders to make sure that
we are addressing this issue head-on.
 MAGDA CHELLY
Managing Director, CISO on Demand
at Responsible Cyber Pte. Ltd.

SOCIAL MEDIA ABOUT

Magda Lilia Chelly is a Managing Director and a Chief Information

Security Officer On Demand. Magda performs her cyber security
duties during the day and hacks during the night. She reviews
technical architectures, cloud migrations, and digital
transformations, and provides security recommendations for her
clients worldwide. She has a PhD in Telecommunication Engineering
and a CISSP. Magda is also the founder of Woman in Cyber and
promotes cyberfeminism or encouraging women in joining the cyber
security industry.

Magda with her expertise, and technical background provides 360

degrees cyber security support for companies; from governance to
incident management, she coordinates and builds resilient
businesses. Magda''s latest two projects covered the roles of an ISO
Lead Implementer for a Fortune 500 (ISO 27001:2013) and a business
information security officer role for a regulated Fortune 500 company
covering 13 countries in Asia Pacific.

She has been nominated with the below:

TOP 50 International cyber security influencer, internationally
10 cybersecurity experts to follow on Twitter in 2018
58 Women In Cybersecurity To Follow On Twitter
Top 17 Cybersecurity Influencers in 2018 You Must Follow
 MARK POTTER
CISO at
NewWave Technologies Inc.

SOCIAL MEDIA ABOUT

Mr. Mark Potter currently serves as a CISO at NewWave, a Health IT
company. He has worked in IT for over 25 years including 15 years in
information security, GRC, and data protection/privacy program
design and implementation. He has been involved in cloud security,
architecture, and risk management since he attended the inaugural
Cloud Security Alliance (CSA) meeting at MITRE in 2009 and joined
NIST Cloud Computing Security and NIST Cloud Forensic Science
Working Groups in 2012.

His passion for the protection of critical infrastructure, including

healthcare, began when he joined InfraGard Maryland in 2004 while
working at Washington Gas. He served as the Maryland InfraGard
Sector Chief for the IT sector in 2013, is a board member the FBI
Baltimore Citizens Academy Alumni Association, and graduated from
the FBI CISO Academy. He was a member of Capitol Technology
University (formerly Capitol College) Information Assurance Advisory
Board (2014-2015). He is a member of the SANS/GIAC Advisory Board
and is part of the SANS Instructor Development Program. He is an
IAPP Fellow of Information Privacy (FIP) and holds over 30 security
certifications including: CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP,
GCIH, GISP, CAP, CCSP, CSSLP, HCISPP, SSCP, CISM, CRISC, CISA,
AWS-SAA, CEH, CCISO, FITSP-M, FITSP-A, CIPP/G, CIPP/US, CIPT, CIPM,
CCSK, SABSA-SCF, ITIL-F, CASP+, CySA+, Cloud+, and Security+
 MARK POTTER
CISO at
NewWave Technologies Inc.

SOCIAL MEDIA
ADVICE

Advice to Organizations: Engage with, fund, staff, and train your

security function across the organization.

Advice to Employees: Contrary to what some say, you aren't the

weakest link. We count on you to tell us when something or
someone feels 'off'.

Advice to Internet Users: Be suspicious and alert. Use a cam cover

and don't overshare.
 MICHAEL
MONTOYA
CISO at Equinix

SOCIAL MEDIA ABOUT

As the Chief Information Officer for Equinix, Michael is responsible for
leading Equinix's global cybersecurity risk program. His
responsibilities include leading the company's information security
program, the company's cybersecurity roadmap, enterprise risk
management and compliance programs. Michael also works closely
with Equinix's product development, Operations, IT, compliance and
business continuity teams to help ensure the company has a world-
class approach to securing its global assets as well as providing the
most secure environment for over 10k customers and partners in over
200 global datacenters and 385K interconnections.

Michael has extensive experience in enterprise IT support and has

held several senior management roles with Microsoft, Fireeye and
EMC. He has extensive experience overseeing global cybersecurity
programs and advising large enterprises, governments and regulators
across global markets. His roles included:
Microsoft where he held various leadership roles including Asia
Chief Cybersecurity Advisor, Asia Regional CIO, and Global Director
of Cloud Internet Operations.
Fireeye where he served as Vice President of Cloud Services
leading all cloud-security operations supporting FireEye’s threat
intelligence backbone and cloud services of Threat Analytics
Platform, Email Threat Prevention, Mobile Threat Platform and
Cloud Endpoint Security.
EMC where he serviced as an IT and Services Leader responsible for
their EMC Proven platform resulting in a CIO100 industry
recognition.
Digital Realty where he served as Senior Vice President and Chief
Information Security Officer.

Michael is an industry recognized innovative IT and Security leader

and serves as an advisor to several security and IT startups, and
venture capital firms. Michael has dual degrees in Economics and
Political Science from the University of New Mexico.
 MIKE BRITTON
VP and CISO
at Alliance Data

SOCIAL MEDIA ABOUT

Cyber Security and Privacy Executive with multi-industry experience
in guiding organizations, ranging from fast-paced to large-cap global
leaders, to solve complex business issues from strategy through
execution. A proven record of building strong cross-functional
relationships that enable consistent achievement of growth targets,
while understanding how to mitigate risks, and comply with
regulatory and business requirements. An inspirational mentor who
can form and lead dynamic teams of high-performing leaders and
technical experts in competitive marketplaces.

He has many achievements to his credit. We are listing a few of them

here.
Led $5M security program employing seven internal resources and
outsourced MSSP. Ensured information security, privacy, and
physical security.
Governed global security teams of 120+ professionals with $20M
operating budget protecting regulated data of 2,000+ clients in a
matrixed environment.
Designed and implemented a comprehensive technology
compliance program encompassing a general computer controls
framework and a robust testing schedule. This function
consistently delivered reliable test results and saved over $250K in
external audit fees.
Introduced metrics for security performance and macro-level risks.
Instituted regular metrics reports that became a staple feature of
board meetings leading to more effective risk reduction strategies
across the organization.
 MYRNA SOTO
COO & Partner
Global CISO Emeritus, Digital Hands

SOCIAL MEDIA ABOUT

Myrna Soto serves on the Boards of CMS Energy/Consumers Energy
(NYSE: CMS),Spirit Airlines(NYSE ; SAVE ) and Popular Inc. [Operates
under the brand names of Banco Popular, and Popular Bank
(NASDAQ:BPOP)]. She is recognized as a Governance and Board
Leadership Fellow by the National Association of Corp Directors.

Myrna Soto is COO of Digital Hands LLC. Digital Hands is an award-

winning managed security service provider focused on providing
world-class security operations to customers and partners.

Myrna was a Partner at ForgePoint Capital (formerly known as Trident

Capital Cybersecurity) and was a member of the ForgePoint Capital
Investment Team. Myrna remains a Venture Advisor for ForgePoint
Capital. ForgePoint Capital is a venture capital fund focused
exclusively investing in Cybersecurity companies.

Prior to joining Digital Hands & ForgePoint Capital Myrna served as

Corporate SVP & GCISO (Global Chief Information Security Officer) for
Comcast Corp. In her role, Myrna was responsible for all security &
technology risk management for the Enterprise. She was responsible
for aligning security initiatives with enterprise programs and business
objectives to ensure information assets and technologies were
adequately protected across the entire corporation. Her scope of
responsibility included over 54 business lines within the Comcast
Portfolio. Myrna served in her role as Corp SVP & Global Chief
Information Security Officer for 9 years.
 MYRNA SOTO
COO & Partner
Global CISO Emeritus, Digital Hands

SOCIAL MEDIA
Myrna has had over 28 years of focused Information Technology/
Security experience and accolades within a variety of industries,
including: financial services, hospitality, Insurance/Risk Management
and gaming/entertainment. Prior to joining Comcast, Myrna served as
CISO & Vice President of Information Technology Governance for
MGM Resorts International (formerly known as MGM MIRAGE). She
previously held senior leadership positions with American Express,
Royal Caribbean Cruise Line, Norwegian Cruise Lines and Kemper
Insurance.

Myrna holds a bachelor’s degree from Florida International University,

a Master of Science degree in Industrial Psychology, and a Master of
Business Administration degree from Nova Southeastern University.
Myrna also holds a Masters Certification in Program Management
from George Washington University. She is the recipient of the 2015
CSO Compass Award and was named Information Security Executive
of the Year in 2013 by ISE. CNET also named her one of the top 20
Most Influential Technology Latinos in 2014. She was recognized by
SC Magazine as the Top 10 Power Players for Women in Security in
2015, Top Women to Watch by Diversity Journal Magazine in 2017
named to the Top 100 CISOs list by Hottopics, in 2017 and named to
the Top 50 Women in Internet Security in the same year. She was
recognized by Multi Channels News as a member of the 2017
“Wonder Woman” honoree class. In August of 2019 she was named to
ALPFA’s List of 50 Most Powerful Latinas in Business for the third year
in a row, 2019 ranked as #1. She is a Maestros Awardee, Named to
Women’s Inc Most Influential Corporate Directors (2018), and named
by Bold Business as one of the Top 25 leaders in CyberSecurity
(2018).and was named as one of the World’s Top IT Security
Influencers by CISO Platform (Dec 2018).
 NIKK GILBERT
CISO at
Cherokee Nation Businesses

SOCIAL MEDIA ABOUT

Nikk Gilbert is the Chief Information Security Officer for Cherokee

Nation Businesses. Cherokee Nation Businesses is the economic
engine of Cherokeee Nation, the largest Indian Nation in the United
States. Cherokee Nation and its businesses employ 11,000 people.
CNB owns companies in the gaming, hospitality, information
technology, health care, personnel services, distribution,
manufacturing, telecommunications, environmental services and
security and defense industries.

With 20 years of executive-level experience in Information

technology roles, Nikk is a respected thought leader within the
government & private sectors. Experienced in multiple verticals,
(financial services, manufacturing, oil & energy, government &
military), He is focused on building success by understanding the
needs of the customer, and by enabling the business through a deep
understanding of the corporate strategy and its culture.

Nikk’s experience includes working as an information security

executive (CISO, CSO) & information technology leader (CIO) for large
multinational organizations such as the American Department of
Defense, NATO, Alstom, ConocoPhillips and the U.S. Navy.

Nikk is a recipient of the US Navy’s Meritorious Civilian Service Medal,

holds the CISSP and CISM security certifications and has been a
keynote speaker at technology events throughout the world.
 PHIL CRACKNELL
Board Advisor IP Performance,
EveryCloud UK
Founder, The Metrics Project

SOCIAL MEDIA ABOUT

Phil is regarded as one of Europe’s leading information security

experts. He has held several CISO (Chief Information Security Officer)
roles spanning five different industry sectors and thirty years. His
experience has been gained in a variety of high-profile technology
and security management roles, enabling him to offer a unique and
captivating insight to the world of information security, cyber-threats
and risk management. As national publicity on the subject of
‘Wireless security’ peaked in 2002, Phil became somewhat of a cyber-
security celebrity with appearances on Sky TV, BBC News and in
national and industry press. Phil remains highly technical with a
hands-on security capability not normally present with someone of
his seniority in the industry.

He has vast amounts of project success, technical deliverable

experience and can operate at any level. Serving as Group Security &
Risk Advisory to Arriva Plc.(2015), Advisor to the Board at Camelot UK
(2016/17), a board advisor retained by HomeServe plc (2017-18) and
more recently the cyber security lead for the government health
checks working for the Cabinet Office (2018-2019). He was the
founder and chairman of the non-profit ClubCISO group –
www.clubciso.org, is also a non-executive director of the Cloud
Security firm Everycloud – www.everycloud.co.uk and board advisory
for IP Performance www.ip-performance.co.uk.

Phil has many awards in his name. A few of them are

Runner-up in the SC Awards 2017 CISO of the year category
Voted Cyber Security Awards Personality of the Year – July 2015
BCS Information Security Professional of the Year – December 2014
 PHORAM MEHTA
Head of Infosec, APAC at PayPal

SOCIAL MEDIA ABOUT

Mr. Phoram Mehta is the Head of Information security for PayPal's

Asia-Pacific region. A seasoned professional and technical leader with
two decades in Information Security, Phoram has been instrumental
in building secure technology solutions for multiple companies
across a spectrum of sectors including financial services, healthcare,
telecommunication, and government in North America and Asia-
Pacific regions.

Phoram also oversees PayPal's Infosec research and outreach

initiatives. He currently serves as the President of ISACA Singapore
and advises cybersecurity startups in Singapore, India and US.
Phoram is an active participant in SG, ASEAN and APAC level
industry forums on Cybersecurity related topics.

ADVICE

Focus on the basics and employ a strong discipline around cyber

hygiene. No matter what your risk profile when the organization
gets hit, your resilience almost entirely depends on your
foundational capabilities.
 RICHARD
RUSHING
CISO at Motorola Mobility

SOCIAL MEDIA ABOUT

Mr. Richard Rushing is the Chief Information Security Officer for

Motorola Mobility LLC.; Richard participates in several corporate,
community, private, and government Security Council’s and working
groups setting standards, policies, and solutions to current and
emerging security issues. As Chief Information Security Officer for
Motorola Mobility, he has led the security effort by developing an
international team to tackle the emerging threats of mobile devices,
targeted attacks, and cyber-crime. He organized developed and
deployed practices, tools and techniques to protect the intellectual
property across the worldwide enterprise. A much-in-demand
international speaker on information security Richard has presented
at many leading security conferences and seminars around the
world.

ADVICE

Stop genericizing complex subjects to simple terms or simple

all-encompassing ideas, like Risk, and adding words like
maturity. The executives want data and results, not some
number for your entire program and all business targets are
never set about between 2.5 and 3.5 level of maturity. They are
cold hard numbers to meet, or consequences will follow.

Always make your problems smaller by reducing the scope; you

will never successfully boil the ocean.
 RINKI SETHI
VP & CISO at Rubrik, Inc.

SOCIAL MEDIA ABOUT

Award winning leader and executive in security innovation with

experience leading and developing innovative online security
infrastructure for Fortune 500 companies like PG&E, Walmart.com,
and eBay as well as other large companies like Intuit Inc. and Palo
Alto Networks. Recognized by CSO Magazine & Executive Women’s
Forum with the “One to Watch” award, and in 2010, led a team at
eBay to receive the “Information Security Team of the Year” by SC
Magazine.

11 years of experience as strategic leader with a developer

background. Expertise in Product Security, Security Education, and
Security Operations. Instrumental key player on all mergers and
acquisitions as it relates to maintaining the integrity and security of
Global wide systems. Leader of a technical team of 15 both nationally
and internationally, while leading across packaged, cloud and mobile
secure software development. Experience leading security projects
and project teams with budgets in excess of $35 Million. Extensive
experience acting as the key strategic and visionary leader for
product security for Fortune 500 companies like Walmart.com, Intuit
Portal, Pacific Gas & Electric, and eBay.com. Built a $10 Million
security infrastructure for Walmart.com. Provided a vital role in due
diligence, design and implementation and maintenance. Established
security strategies for eBay’s 30+ adjacent businesses and conducting
global businesses (China, India, Australia, Korea, Germany, United
Kingdom etc,)
 STEPHANE
NAPPO
Global CISO at OVHcloud

SOCIAL MEDIA ABOUT

Stephane Nappo is the Global Chief Information Security at

OVHcloud who delivers services in 138 countries. His mission targets
Cybersecurity, Data protection, Innovation protection, Cloud
technologies and Anti-Fraud. He was previously Global Head of
Information Security for Société Générale International Banking since
2011. Present in 67 countries, this employs over 71, 000 people and
has 30 million clients distributed within 40 autonomous banks. He
was formerly senior consultant specializing in IT security as of 1995.
His multicultural extensive expertise in security, business
administration and law, allows him to have a comprehensive
approach towards solving technological and business related issues.
Stephane Nappo has been named Global CISO of the year in 2018
and recognised several times among the main cybersecurity
influencers in 2019 in France and at international level.

ADVICE

"One of the main cyber-risks is to think they don’t exist. The other
is to try to treat all potential risks." Fix the basics, protect first
what matters for your business and be ready to react properly to
pertinent threats. Think data, but also business services integrity,
awareness, customer experience, compliance, and reputation.
 STEPHANE
NAPPO
Global CISO at OVHcloud

SOCIAL MEDIA

Know Thyself prior to know your enemy. “Threat is a mirror of

security gaps. Cyber-threat is mainly a reflection of our
weaknesses. An accurate vision of digital and behavioral gaps is
crucial for a consistent cyber-resilience.”
 STEVEN SIM KOK
LEONG
Global CISO, Vice President of the ISACA
Singapore Chapter

SOCIAL MEDIA ABOUT

Steven Sim is the current Vice President of the ISACA Singapore

Chapter. ISACA is a leading global provider of knowledge,
certifications, community, advocacy and education on information
systems (IS) assurance and security, enterprise governance and
management of IT, and IT-related risk and compliance with more
than 140,000 members across 221 chapters in 188 countries. With
approximately 2,500 members in Singapore, part of its mission is to
provide high-quality learning opportunities and organizes an annual
GTACS conference (GTACS stands for Governance, Technology, Audit,
Compliance, Security).

Steven has worked for more than 22 years in the cybersecurity field
with large end-user enterprises and critical infrastructures,
undertaken global CISO roles, driven security governance and
management initiatives and headed incident response, security
architecture, technology and operations at local, regional and global
levels. He holds a Master's in computing, is certified in multiple
governance and cybersecurity domains and an accredited trainer for
ISACA's core certifications of CISA, CISM, CRISC and CGEIT. In the
early 2000s, he developed a strategy for inexpensive automated
containment of infected/vulnerable systems (NIQCC gold win) and
also directed the largest honeynet project setup outside the US. He is
a SkillsFuture Fellow and a Professional (Leaders) Category Finalist in
the inaugural Cybersecurity Awards 2018 held in Singapore. He
regularly shares his thoughts on cyber risk and security, lectures on
an adjunct basis and frequently speaks at conferences. He strongly
believes that cybersecurity is only as strong as the ecosystem and is
always keen to connect with you on LinkedIn and listen to your
thoughts.
 STEVEN SIM KOK
LEONG
Global CISO, Vice President of the ISACA
Singapore Chapter

SOCIAL MEDIA
ADVICE

As a business, taking some risk is inevitable. To future-proof the

new digital economy of an exposed everything-4.0 against
increasingly sophisticated threats, risk alignment and
management across the enterprise, IT, OT and supply chain has
never been as important to enable the business to achieve its
vision and goals. Because the new cybersecurity normal is
already an assumed breach, organisations should focus their
attention on active defense, by strengthening their detection,
containment and recovery capabilities and measures to disrupt
the hackers and attacks just as they gain footholds into your
business networks and supply chain but before they could
disrupt or deal any damage to your business.
 TODD L. BELL
Chief Security & Trust Officer at Stealth
Mode Fintech Startup

SOCIAL MEDIA ABOUT

Todd Bell has spent his 15-year career devoted to advancing,

developing, and driving technology and cybersecurity capabilities
through his roles as a visionary technology executive and Chief
Information Security Officer (CISO) for some of the world’s largest
public companies. Mr. Bell has been a major contributor for
developing next generation technologies for cloud and cybersecurity
capabilities throughout his career and is the recognized leader for
his methods to secure public companies and leveraging new digital
technologies to transform companies by improving efficiencies. Mr.
Bell is currently the VP Enterprise Architecture & CISO at Intersec
Worldwide and frequent speaker with the top three Management
Consulting Companies, Private Equity Banks, and Investment Banks
as a leading expert for technology & cybersecurity products and
services. In addition, Bell has been an SC Magazine Awards judge for
2016, 2019, 2020 and has written numerous publications across the
globe. Mr. Bell is also a Member of the Advisory Board for Forticode in
Melbourne, Australia. Other past Advisory Boards include Versive
(Seattle, WA) which was sold to Esentire and CloudCentral (Canberra,
Australia).

Mr. Bell holds an M.B.A. from Regis University in Denver, CO w/Alpha

Sigma Nu honors and bachelor’s degree in Business Information
Systems. In addition, Mr. Bell holds a variety of professional
certifications consisting of Corporate Governance (SOX) from Tulane
University Law School, PMP credential from Project Management
Institute, Information Security (CISSP), and a certified Master Project
Manager from Regis University.
 TODD L. BELL
Chief Security & Trust Officer at Stealth
Mode Fintech Startup

SOCIAL MEDIA ADVICE

Be the champion of cybersecurity and operate like a diplomat

building bridges across the enterprise. These relationships bear
fruit in the form of unidentified risk because you are digging
deeper into the enterprise for data breach prevention and
continuously validate these cyber controls for proper protection.