The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for the first time to support a deeper commitment to information security.
Follow this column to keep up with new appointments to senior-level security roles and perhaps gain a little insight into hiring trends. If you have an announcement of your own that you would like us to include here, contact Andrew Flynn, regional executive editor, at [email protected].
New CISO appointments, October 2023
Zoom names Nathan Mills as head of global security
Video conferencing company Zoom has named Nathan Mills as its head of global security, with the subtitle of chief security officer, physical). Mills, who was previously Zoom’s head of physical security, will be responsible for the company’s converged cyber and physical security organization. Mills has previously served as director of security risk and crisis management at General Electric, and as security technology Manager, NEA Region, for the US Department of State.
New CISO appointments, September 2023
Patrice Wilmot becomes deputy chief information security officer at the IRS
The US Internal Revenue Service has named Patrice Wilmot deputy chief information security officer. Wilmot was formerly the director of identity and access management at the US federal tax agency and served in various cyber roles at the US Defense Information Systems Agency.
Offensive security firm Bishop Fox appoints Christie Terrill as first CISO
Bishop Fox, which provides penetration testing, red teaming, and attack surface management services, has named Christie Terrill as its first chief information security officer. Terrill has spent 14 years at Bishop Fox, before which she served in multiple technology consulting roles for Global 500 companies with Accenture and Ernst & Young.
Marqeta appoints Heather Gantt-Evans as chief information security officer
Payment and card issuing platform Marqeta has named Heather Gantt-Evans as its new CISO. Gantt-Evans has previously held senior positions as a security and risk management leader at SailPoint, The Home Depot and Ernst & Young, and will be responsible for overseeing Marqeta’s global corporate and product security strategies. She is also a US Army Reserves veteran, having served as an all-source threat intelligence analyst while supporting the Air Force Cyber Command, focusing on cyber threat intelligence and cyber fusion operations.
DTCC names Yonesy Nunez as managing director and CISO
Financial services firm the Depository Trust & Clearing Corporation (DTCC) has appointed Yonesy Nunez as managing director and CISO to lead information security and technology risk management as it advances technological modernization efforts. Nunez was formerly CISO at Jack Henry & Associates and has held positions in cyber and information security at Wells Fargo, Citi and Price Waterhouse Coopers.
Jordan Avnaim becomes CISO of payment and identity security firm Entrust
Entrust has named cybersecurity veteran Jordan Avnaim as its new chief information security officer. Avnaim has held numerous senior cybersecurity roles at The Capital Group Companies and Deloitte & Touche and has led the delivery of specialized security and risk consultative services to C-suite executives and clients around the world. He will be tasked with helping to scale and mature Entrust’s information security program for both corporate and commercial portfolios. He will also join the Entrust Cybersecurity Institute as an expert member.
Cyemptive Technologies names Vince Dova as VP security and Jason Huff as COO
Preemptive cybersecurity solution provider Cyemptive Technologies has appointed Vince Dova, a former branch chief for cyber policy and capabilities at the US Joint Chiefs of Staff as vice president of security. Dova has advised the Joint Chiefs on cyber-related matters such as military network defense and cybersecurity for the defense industrial base and critical infrastructure. At Cyemptive, the former US Navy commander will be responsible for ensuring the security of intellectual property and client data, developing organizational and technical governance, and planning security-relevant training/certification for the company and client workforce. Cyemptive Technologies also named retired Air Force Lt. Col. Jason Huff as chief operating officer, security operations. Prior to joining Cyemptive, Huff served in a number of executive leadership roles within the US Air Force. He has staff experience sustaining and modernizing US Nuclear Command, Control and Communications Enterprise, served as CIO for NATO Special Operations Forces Headquarters and held command positions over the course of his military career.
Boom Supersonic CISO Chris Roberts joins Onyxia as strategic advisor.
Chris Roberts, Chief Information Security Officer (CISO) of Boom Supersonic, is joining AI-powered cybersecurity management solutions provider Onyxia Cyber’s board as a strategic advisor. Onyxia provides security leaders with real-time cybersecurity program assessments and benchmarking, streamlined business-level reporting, and insights for proactive risk management and improved cybersecurity program performance. Roberts is a cybersecurity authority noted for demonstrating the risk to aviation systems that left flight control systems vulnerable to attack in 2015.
New CISO appointments, August 2023
Asurity Technologies appoints Scott Sykes as CISO
Compliance software and services firm Asurity Technologies has named Scott Sykes as CISO to oversee all aspects of data security and compliance on an enterprise-wide basis. Sykes was most recently CISO at Netcracker Technology and Tata Communications. “Over his career, Scott has built and implemented global security programs, working closely with government regulatory bodies in the United States and European Union. In addition, he has developed and managed security organizations with operations in security operations center, GRC, audits, application security, infrastructure security, and customer delivery,” the company said in a statement.
Girish Dixit named chief information security officer and executive vice president at Kotak Securities
Stockbroking company Kotak Securities has named 20-year cybersecurity veteran Girish Dixit as CISO and executive vice president. Dixit previously served as head of cyber defense at HDFC Bank and has worked as executive director and CISO for the India Branch of JPMorgan Chase. He was also formerly senior vice president and India Business Information Security Officer at Citibank India, where he was responsible for safeguarding critical information assets.
Uptycs appoints Kevin Paige as CISO and VP of product strategy
Unified CNAPP and XDR platform provider Uptycs has named Kevin Paige as its new chief information security office and vice president of product strategy. Paige brings 30 years of security experience to the role, having served as vice president and CISO at Flexport and in senior security leadership roles at Salesforce, MuleSoft, and xMatters. He is also a former director of data center operations and security for the US Army, served in the U.S. Air Force, and co-led a nationwide digital transformation initiative to secure and modernize over 300 applications across multiple government agencies.
Former Citrix and Google security executive Fermin Serna named Databricks chief security officer
Data and AI firm Databricks has named industry veteran Fermin Serna as its new CSO. Serna will lead Databricks’ high-impact network, platform, and user security programs along with governance and compliance efforts. Serna was previously CISO of Citrix and has served as the head of product security at Google and held senior security roles at Microsoft and GitHub acquisition Semmle. “Databricks is at the forefront of data and AI innovation as it pioneers the new lakehouse category and I am incredibly excited to join the leadership team during such a pivotal time,” Serna said in a statement.
New CISO appointments, July 2023
Fredrick Lee becomes CISO for Reddit
Fredrick “Flee” Lee has been named as the new chief information security officer of the Reddit community network. Lee has previously held senior positions at major financial services companies and technology startups, including CSO at Square and CSO and head of IT at Gusto. Lee will be tasked with overseeing Reddit’s privacy and security teams and is responsible for identifying and mitigating risks and challenges around information security, privacy, and compliance. “As Reddit grows, it is crucial that our security and trust systems remain resilient and agile to adapt to the ever-evolving threat landscape,” Lee said in a statement. “I believe Reddit uniquely helps its users build meaningful connections and conversations around the areas or interests they are most passionate about.”
Fastly names former Mozilla CSO Marshall Erwin as new chief information security officer
Fastly has named Marshall Erwin as its new CISO. Erwin was most recently chief security officer at Mozilla and has served in the US intelligence community, working on cybersecurity and counterterrorism and as the cybersecurity and counterterrorism advisor on the US Senate Homeland Security and Government Affairs Committee. “Marshall brings deep security operations, product development, and trust and privacy knowledge to enhance our ability to make online experiences safer for everyone,” Fastly CEO Todd Nightingale said in a statement announcing the appointment.
Allied Payment Network appoints James Dixon as CISO
Payment solutions provider Allied Payment Network has appointed James Dixon as chief information security officer (CISO). Dixon, who was most recently CISO for accounts receivable technology provider Versapay, has more than 25 years of technology and industry experience. He has also held executive and senior leadership positions with payment technology companies including 2Checkout (now Verifone), Vesta Corporation, Official Payments (now ACI Payments) and InComm Payments. “With him at the helm, we are confident in our ability to navigate the evolving threat landscape and uphold the highest standards of data protection,” Allied CEO Geoff Knapp said in a statement.
Attila Torok named CISO of GoTo
GoTo, a Boston-based IT management, support, and business communication firm, has named Attila Torok as its chief information security officer. Torok is returning to the company, having served in leadership positions in the company’s security department from 2014 to 2019. He was most recently head of security at Zapier. “Attila’s expertise in cloud and product security and his proven record of seamlessly integrating security in all aspects of the product development process make him ideally suited to lead GoTo as we deepen our commitment to providing our customers with best-in-industry innovative and secure SaaS products,” GoTo CTO Olga Lagunova said in a blog on the company website.
Google Cloud CISO Phil Venables named to Veza board
Noted cybersecurity leader Phil Venables has been named to the board of directors of identity security firm Veza. “Phil is the most respected cybersecurity leader in the world, and we are truly honored to welcome Phil Venables to the Veza Board,” Veza founder and CEO Tarun Thakur said in a statement. “Phil will be instrumental in guiding our product innovations and roadmap. We are humbled to have Phil join us in building an iconic identity technology company.” Venables, who is currently the CISO of Google Cloud, has acted a White House advisor and as the first CISO for Goldman Sachs.
New CISO appointments, June 2023
Hoxhunt appoints Petri Kuivala as chief information security officer advisor
Cybersecurity behavior change software company Hoxhunt has named Petri Kuivala chief information security officer (CISO) advisor. Kuivala will work closely with the CISOs and security teams of current and prospective customers of the Finladn-based company to evaluate human-centred security vulnerabilities and help devise risk mitigation strategies. Kuivala has held positions as vice president of general IT and UX at NXP Semiconductors and as a security executive at Nokia, serving as the company’s CISO and CSO for more than a decade. He was also a senior director of global security at Microsoft.
Brown & Brown name Barry Hensley chief security officer and Rob Burch chief information security officer
Insurance provider Brown & Brown has appointed Barry Hensley as its first chief security officer and Rob Burch as chief information security officer. Hensley is a global cybersecurity leader who served as the chief threat intel officer and senior vice president for Secureworks and is the former director of the US Army’s Global Network Operations and Security Center. Burch was formerly senior vice president and chief information security officer for Fidelity National Financial.
Josh Lemos becomes CISO at GitLab
DevSecOps platform GitLab has named 20-year cybersecurity veteran Josh Lemos as CISO. Lemos joins GitLab from his post as CISO at Block (formerly known as Square), and previously held senior security executive roles at Cylance and ServiceNow.
Scott Putnam appointed CISO at New Charter Technologies
Managed IT Services provider New Charter has appointed Scott Putnam as its chief information security officer. Putnam, a founding partner of New Charter, previously served as president for managed security service providers Cyber74 and Digital Umbrella and as president of Apex Technology Management, an IT managed services provider. A 30-year veteran of the IT and cybersecurity industry Putnam is also co-author of “Cyber SWAT: Hackers are only part of the problem.”
New CISO appointments, May 2023
Former Twitter CISO Lea Kissner named CISO of Lacework
Cloud security company Lacework has appointed Lea Kissner as its new chief information security officer. The former Twitter CISO will be responsible for leading the development and implementation of Lacework’s overall security strategy and programs. Kissner has worked in cybersecurity for more than 20 years including as chief privacy officer at Humu and global lead of privacy technology at Google.
Maria Milosavljevic to become chief information security officer at ANZ
Former Services Australia CISO and chief data officer Maria Milosavljevic has been appointed CISO of ANZ Banking Group, replacing Lynwen Connick, who will retire in October. Milosavljevic is currently the chief data integration officer at the Australian Department of Defence. Milosavljevic will be responsible for ensuring ANZ’s information security strategy continues to address the challenging cyber security landscape and supports the bank’s digital transformation. She will begin working at ANZ on Monday, August 28.
Lee Buttke named CISO of AgileBlue
AgileBlue, an autonomous cyber security operations center (SOC) and security orchestration and automated response (SOAR) platform, has named Lee Buttke as its new chief information security officer. Buttke will also take a position as managing director at AgileBlue. Buttke has held positions as director of risk, security, and privacy at Online Business Systems and director at penetration testing firm NetSPI and is the former president of software and professional services provider Truonix.
Security and compliance automation platform Drata appoints Matt Hilary as vice president of security and CISO
Matt Hilary has been named vice president of security and CISO at Security and compliance automation platform Drata. Hilary was formerly senior vice president systems and security and CISO at Lumio and previously held CISO and lead security roles at Weave and Workfront, Instructure, Adobe, MX, and Amazon Web Services.
Bill O’Hern named CISO of Travelers
Former AT&T chief security officer Bill O’Hern has been appointed as a senior vice president and CISO of insurance firm Travelers. O’Hern spent more than 20 years in security-related roles at AT&T and was previously general manager for the Midwest US region at Handex Environmental.
Earl Duby appointed CISO at Auxiom
Earl Duby has been named the first-ever CISO of Michigan-based managed service provider Auxiom. A CSO50 Award winner, Duby was formerly CISO of Lear Corp. and has two decades of experience in cybersecurity, including leadership roles at GE, Affina Group, and Federal Mogul.
New CISO appointments, April 2023
UK appoints Anne Keast-Butler as first female GCHQ director
The UK government has appointed Anne Keast-Butler as the new director of intelligence, security, and cyber agency Government Communications Headquarters (GCHQ). Keast-Butler was appointed following a cross-government recruitment process and will succeed Sir Jeremy Fleming, who is stepping down after six years in the role. Keast-Butler, currently serving as deputy director general at domestic counterintelligence and security agency MI5, will become the first female director of GCHQ. She will take up her post in May.
Bryce Carter becomes first CISO of Arlington, Texas
Bryce Carter has been appointed as the first chief information security officer for the city of Arlington, Texas. Mr. Carter was previously a senior information security analyst for Bellingham, Washington, and has served in senior security-related roles in Miami County, Kansas, and at companies including Clover Security Advisors, United Release, and FlyPage. In a statement, Mr. Carter said he intends to “communicate security in a way that everyone can understand” and will focus on creating an enterprise-wide security program, reducing security outsourcing.
Brian Contos appointed chief strategy officer at Sevco Security
Cyber asset attack surface management (CAASM) company Sevco Security has appointed Brian Contos as its chief strategy officer. Mr. Contos is a 25-year veteran of the security industry, having served previously as CISO at Verodin “Enemy at the Water Cooler” and a co-author of “Physical & Logical Security Convergence.” Mr. Contos said he believes security “needs a disruptive approach. Sevco Security fundamentally changes how organizations get value from their existing security and IT operations investments by having the most accurate and timely asset intelligence.”
James Hill named CISO of cloud infrastructure software developer CYTRACOM
James Hill has been appointed as CISO of CYTRACOM. Mr. Hill has 20 years of experience in “business development, cybersecurity, people development, and technical expertise,” according to a statement. His role at the company will be to ensure CYTRACOM and its employees are working securely, minimizing exposure and risk with an effective and sustainable cybersecurity strategy and program.
IntelePeer appoints Gary Starling as new CISO
Communications Automation provider IntelePeer has named Gary Starling as CISO. Mr. Starling recently served as vice president of IT and security at IntelePeer and led the company’s compliance program. Mr. Startling was previously interim CIO, assistant vice chancellor of IT infrastructure, and CISO, at the University of Denver. He also served as director of global IT, networks and security for EchoStar/Hughes Network Systems and was an avionics communications systems specialist in the US Air Force and as telecommunications specialist, tech control for NORAD. He has been tasked with streamlining IT and security solutions across IntelePeer’s business units, steering the company to develop a high-performance security team in opposition to new and emerging threats.
New CISO appointments, March 2023
Andrea Simpson named CISO of Howard University
Ms. Simpson, a highly regarded expert in cybersecurity, has more than 20 years of professional experience in the industry. She has held the CISO role with the Federal Communications Commission, where she directed the pilot program for government-issued laptop deployment for the agency’s telework initiative as part of its pandemic response plan, and AmeriCorps. Simpson says working at Howard will help her create a space for young adults to gain hands-on cyber experience.
Meredith Griffanti appointed as global head of cybersecurity and data privacy communications at FTI
Ms. Griffanti, who is based in New York, will oversee the growth of FTI Consulting’s cybersecurity communications capabilities. She most recently served as Americas co-leader of cybersecurity and data privacy communications at the business consulting firm, specializing in crisis communications during incident response and cybersecurity preparedness planning. Ms. Griffanti will focus on partnering with leaders and teams globally to further strengthen the firm’s holistic cybersecurity communications capabilities and enhance new levels of collaboration to support clients.
Sebastian Welsh appointed CISO of energy technology company SwitchDin
Mr. Welsh becomes the first CISO at SwitchDin and will work to establish security frameworks for emerging technologies. With 17 years of experience as a leader specializing in building a whole-of-enterprise defense model within businesses, he held roles as the head of security at Canva and staff security engineer at Google before joining SwitchDin.
Joshua Reedy becomes new CISO at New Zealand technology services firm Kordia
Mr. Reedy will take responsibility for Kordia’s Group’s internal cyber security posture, integrating best practices and leading a team of security specialists. He was previously security services manager at Vodaphone, where he oversaw security operations, design, and delivery and led internal offensive security teams.
David Dunn named CISO at global risk and financial advisory service provider Kroll
Mr. Dunn, who had served as deputy CISO at Kroll since 2016, is tasked with continuing to strengthen the firm’s security program to address the evolving and complex threat landscape. With more than 25 years of experience, he was previously a member of the US Secret Service Electronic Crimes Task Force — where he was a lead investigator on an international stolen credit cards scam involving millions of dollars — and is also a 19-year veteran of the Seattle Police Department.
Jaya Baloo named CSO at cloud threat detection provider Rapid7
Ms. Baloo will be tasked with strengthening Rapid7’s internal security program and furthering the company’s mission to deliver greater access to cybersecurity across industries. With more than 20 years of cybersecurity experience, she has previously held roles at Avast and was CISO at Dutch telecom firm KPN. Ms. Baloo is a member of the advisory boards of The Netherlands National Cyber Security Centre and the EU Quantum Flagship’s Strategic Advisory Board.
New CISO appointments, February 2023
Doug Clare appointed as head of cyber strategy for ISS Corporate Solutions
Mr. Clare will assume overall responsibility for ICS’ cyber solutions strategy, including evolving its cyber risk-related offerings and client experience. He will also lead the cyber-risk product and client teams tasked with enhancing and expanding ICS’ risk monitoring and broader suite of related products. He has more than 25 years of experience at Fair Isaac (FICO) and served most recently as FICO’s vice president of fraud, compliance, and authentication solutions.
Keith Anderson named CISO of JetBlue
Mr. Anderson will oversee JetBlue’s information security and will oversee the airline’s strategies, policies and procedures designed to minimize information security risk and proactively detect and address new threats. He previously served as CISO at Warner Bros. Discovery and held security leadership roles at AT&T, Goldman Sachs, and Citi. Mr. Anderson holds a master’s degree in cybersecurity from New York University and a master’s degree in management information systems from Stevens Institute of Technology.
Melissa Knight appointed as CISO of Tego Cyber
Cybersecurity software-as-a-service provider Tego Cyber has named Melissa Knight as chief information security officer. Ms. Knight has been as CISO and cybersecurity executive for 20 years, working in government and commercial sectors. She has held leadership roles with the US Department of Defense and US Department of Energy’s National Nuclear Security Administration security operations teams. She has also worked at Sands Corp., Herjavec Group, and Brier & Thorn.
Mike Housch named CISO of banking digital transformation solutions provider Q2 Holdings
Mr. Housch has more than 25 years of security experience in the financial technology sector. He previously served as CISO for Black Night and as information security officer for Lender Processing Services. He spent more than 10 years as chief information officer at First Federal Bank of Florida.
John Paul Cunningham joins identity protection firm Silverfort as CISO
Mr. Cunningham brings more than 24 years of experience managing cyber risk, building operating models designed to reduce cost and cyber risk, while also adhering to compliance standards as CISO at Bank of Hope, Docupace, Ares Management and J.P. Morgan Asset Management. He will design and implement Silverfort’s cybersecurity program.
Claudia Plattner appointed as President of German Federal Office for Information Security (BSI)
Ms. Plattner is formerly Director General Information Systems of the European Central Bank (ECB) and was chief information officer at DB Systel, the IT provider for Deutsche Bahn. She is the first female president to be named to the role at BSI. She will begin in the position on 1 July 2023. Plattner replaces former president Arne Schonbohm, who was dismissed in October over allegations of ties with Russian intelligence agencies.
Heather Lowrie appointed as first CISO for the University of Manchester
Ms. Lowrie will lead the strategic transformation of information security and identity and access management services at the University of Manchester and will design and implement a vision for the protection of the university’s digital footprint. She formerly held the position of head of cybersecurity, risk, and resilience for National Records of Scotland. Ms. Lowrie provided cybersecurity assurance, oversight, and operational management for Scotland’s first digital-first census. She will join the university at the start of May 2023.
New CISO appointments, January 2023
Chris Hodson hired as CSO at Cyberhaven
Mr. Hodson will be responsible for all areas of security to protect both employees and customers. This includes cloud and application security, operations, and risk management. He comes to data detection and response solution vendor Cyberhaven from Contentful, and previously has held CISO roles at Tanium and Zscaler. Mr. Hodson is a board advisor at workforce development platform Cybrary and a fellow at the Chartered Institute of Information Security. He is also the author of the book Cyber Risk Management.
Amanda Fennel named CISO and CIO at Prove Identity
Ms. Fennel will oversee security operations at Prove, a provider of digital identity solutions. She will also play a role in educating the security market about digital identity authentication technologies. She was previously CISO and CIO at Relativity and earlier had worked in digital forensics and cybersecurity at companies such as Symantec, Dell SecureWorks, Zurich Insurance Group, Booz Allen Hamilton, and Guidance Software.
Harold Rivas joins Trellix as CISO
Mr. Rivas will lead the extended detection and response vendor’s global security and compliance initiatives. He comes to Trellix from LoanDepot, where he served as CISO. Prior to that, Mr. Rivas’s 20-plus-year career include senior information security roles at Santander Consumer, Fujitsu America, and Citigroup. He is also a member of the FBI InfraGard.
Careers, CSO and CISO, Security