CISOs & Security Practitioners (2025)

CISOs are the ones with the final say. They're balancing boardroom pressure, regulatory headaches, and a security team that's stretched thin. To stay ahead of threats, many are turning to proactive threat intelligence strategies that help them make smarter, faster decisions. Right beside them are the practitioners — the engineers and analysts who run the tools every day and know when something will actually work in the real world.

This page is designed as a field guide. Not theory, not vendor slides — but a practical way to track who the key security leaders are, what they care about, and how to earn their attention.

You'll find:

  • A curated list of CISOs and practitioners (with verified profiles) across industries.
  • Their focus areas: from Zero Trust and identity to XDR, CNAPP, and cloud security.
  • What kind of proof they respond to — implementation stories, ROI evidence, peer case studies.

If you're in cybersecurity sales, alliances, or even a founder trying to land enterprise deals, this isn't just background reading. It's meant to help you walk into a meeting with context, credibility, and something useful to say.

Why CISOs Matter

  • Decision-Makers at the Top → CISOs have the final say on which security tools and platforms make it into the stack. No CISO buy-in, no deal.
  • Bridge Between Board & Security Teams → They translate business risk and budgets into real-world security requirements.
  • Focus on ROI & Risk Reduction → Flashy features don't cut it. They want proof a solution reduces measurable risk and pays for itself.
  • Influencers of Security Culture → If a CISO backs a tool, the rest of the security team takes it seriously.
  • Strategic Shapers → Beyond buying tech, they set the direction of an organization's entire security posture.

Why Follow CISOs & Practitioners

If you're selling or partnering in cybersecurity, tracking CISOs and practitioners isn't optional — it's table stakes. Here's why they're worth your attention:

  • They make the shortlist: No tool makes it to procurement without the CISO or Head of Security nodding yes.
  • They define the real requirements: Things like “works with Splunk,” “SOC 2-ready,” “API-first” often come straight from their teams.
  • They validate ROI: If your pitch doesn't connect to cost savings or measurable risk reduction, you're done.
  • They influence peers: Many are on LinkedIn, speaking at RSA, or swapping notes at invite-only dinners. What they endorse spreads fast.

The Influence Map (2025 Themes)

When you hang around CISOs long enough, you notice patterns. Not trends-for-trends-sake, but the real issues they keep circling back to over coffee, in panels, or behind closed doors. Here's what's dominating the playbook this year:

  • SOC Modernization & XDR
    The old “20 tools, 200 dashboards” model is collapsing. CISOs are desperate to cut noise, unify detection, and give analysts a fighting chance. If you can prove fewer false positives and faster response, you're in the game.
  • Zero Trust & IAM
    This isn't hype anymore. It's the backbone of security strategies. Every board is asking, “Have we done Zero Trust yet?” and CISOs need real enforcement across apps, devices, and remote users.
  • Cloud Security at Scale
    Multi-cloud chaos is real. Teams are stitching together CNAPP, CSPM, and automation just to keep up. If you help them tame AWS/Azure/GCP sprawl without a 12-month rollout, you'll get attention.
  • Compliance as a Budget Driver
    Like it or not, acronyms write checks: NIS2 in Europe, DORA for financials, PCI DSS v4, FedRAMP in the US. If your solution makes audits easier or regulators calmer, you're speaking their language.
  • AI in the SOC
    CISOs are cautiously poking at AI copilots — not for magic, but to triage alerts, guide investigations, and handle grunt work. The promise: free analysts from drowning in alerts so they can chase real threats.
  • OT & Critical Infrastructure
    If you're in energy, transport, or manufacturing, uptime is king. CISOs here care less about “next-gen dashboards” and more about “don't let malware take my turbines offline.” Safety and continuity come before anything else.

The 2025 CISO & Practitioner Directory

In this section, you'll find a curated directory of top CISOs and security practitioners for 2025. It's organized by categories so you can quickly spot the leaders most relevant to your industry and focus area.

Global Enterprise CISOs & Security Leaders

LeaderCompanyRoleFocus / NicheCountry
Stephen SchmidtAmazon Web ServicesVP & CSOCloud security, enterprise guardrailsUSA
Bret ArsenaultMicrosoftCVP & CISOPlatform & identity at massive scaleUSA
Guy RosenMetaCISOAbuse prevention, large-scale appsecUSA
Phil VenablesGoogle CloudSecurity Advisor (ex-CISO)Board-level risk, cloud controlsUSA
Bala SathiamurthyAtlassianCISOSaaS & developer platform securityAustralia
David BradburyOktaChief Security OfficerIdentity & Zero TrustUSA
Jaya BalooRapid7Chief Security OfficerDetection & response, threat intelUSA (global)
Michael FanningSplunkCISOSOC analytics, resilienceUSA
Henry ShiembobJPMorgan ChaseGlobal CISOSoftware supply chain, resilienceUSA
Tim BrownSolarWindsCISOSDLC hardening, supply chainUSA
Aanchal GuptaAdobeChief Security OfficerProduct & enterprise securityUSA
George StathakopoulosAppleVP, Corporate InfoSecCorporate & product lifecycleUSA
Rob BlackFractional CISOCISOvCISO services, SOC modernization, small-enterprise programsUSA
AJ YawnAquiaCEO & Security LeaderSOC 2 automation, continuous monitoring, compliance-driven SOC opsUSA

Zero Trust & Identity Leaders

LeaderCompanyRoleFocus / NicheCountry
Bala SathiamurthyAtlassianCISODevSecOps, Identity-first security in cloud-native environments.Australia
David BradburyOktaChief Security OfficerIdentity & Zero Trust, breach communication and resilience.USA
Phil VenablesGoogle CloudSecurity Advisor (ex-CISO)Board-level risk, cloud security architecture, Zero Trust maturity.USA
Guy RosenMetaCISOLarge-scale identity, abuse prevention, and application security.USA
Tim BrownSolarWindsCISOSupply chain security, post-breach resilience, and secure software development lifecycle (SDLC).USA
Jaya BalooRapid7Chief Security OfficerThreat intelligence, detection, and response, with a focus on human and non-human identity.USA (Global)
George StathakopoulosAppleVP, Corporate InfoSecCorporate and product lifecycle security at massive scale.USA
Michael FanningSplunkCISOSOC analytics, resilience, and data-driven security.USA
Patrick “Pat” OpetJPMorgan ChaseGlobal CISOSoftware supply chain, resilience, and vendor risk.USA
Andrew WilderVetcorCSOZero Trust implementation in hybrid and legacy environments.USA
Heather AdkinsGoogleSecurity EngineeringZero Trust and large-scale secure systems.USA
Keren ElazariTED Speaker, Security AnalystIndependentHacker culture, ethical hacking, and the role of identity in security.Israel
Rinki SethiForgeRockAdvisor / Ex-CISOIAM / GovernanceUSA
Pete NicolettiCheck Point SoftwareGlobal CISOZero Trust ArchitectureIsrael
Jay ChaudhryZscalerFounder & CEO (ex-CISO)Cloud-based Zero TrustUSA
Mickey BoodaeiTransmit SecurityCEO (ex-CISO)Biometric Identity / FIDOUSA/Israel
Dor LiniadoCyberArkChief Security OfficerIAM / Privileged AccessUSA/Israel
Nick EspinosaSecurity FanaticsCISOZero Trust, IAM frameworks, SMB cybersecurityUSA
Lenny ZeltserAxoniusCISOIdentity asset management, Zero Trust enforcementUSA
Paul ValenteViso TrustCEO & Co-founder at VISO TRUST | fmr CISOVendor security, third-party risk, Zero Trust approachesUSA

Cloud & SaaS Security CISOs

This list features prominent CISOs from cloud-native, SaaS-first organizations. These leaders are experts in securing multi-tenant environments and leveraging native cloud security services to protect business-critical applications and data at scale.

LeaderCompanyRoleFocus / NicheCountry
Stephen SchmidtAmazon Web ServicesVP & CSOCloud security, enterprise guardrails.USA
Bret ArsenaultMicrosoftCVP & CISOPlatform security at massive cloud scale.USA
Aanchal GuptaAdobeChief Security OfficerProduct & enterprise cloud security.USA
Shamla NaidooNetskopeCISOCloud security, SASE architecture.USA
Lakshmi HanspalBoxCISOSaaS security, cloud content management.USA
Michael FanningSplunkCISOSOC analytics, cloud resilience.USA
Patrick “Pat” OpetJPMorgan ChaseGlobal CISOSoftware supply chain, cloud resilience.USA
Eric BoatengMassMutualCISODigital transformation, multi-cloud.USA
Ben de BontServiceNowCISOSaaS platform security, compliance.USA
Marnie WilkingBooking.comCISOConsumer SaaS security, global scale.Netherlands
Rich NagleOhio State UniversityCISOCloud security in academia, research.USA
Assaf RappaportWizCo-founder & CEO (ex-CISO)Cloud vulnerability and postureUSA/Israel
David BradburyOktaChief Security OfficerWorkforce cloud identityUSA
Mickey BoodaeiTransmit SecurityCEO (ex-CISO)Passwordless/Biometric SaaS identityUSA/Israel
Pete NicolettiCheck Point SoftwareGlobal CISOSecure cloud migrationIsrael
Emily WearmouthDocuSignCISOSaaS platform securityUSA
Ian ColdwaterDockerSenior Principal Security ArchitectCloud-native container securityUSA
Frank BalonisKiteworksCISOSecure SaaS content communicationUSA

AI & SOC Modernization CISOs

This list features security leaders who are at the forefront of transforming the Security Operations Center (SOC). They are actively leveraging artificial intelligence, machine learning, and automation to move from a reactive, alert-driven model to a proactive, threat-informed defense. Their work focuses on improving efficiency, reducing alert fatigue, and staying ahead of sophisticated, AI-driven attacks.

LeaderCompanyRoleFocus / NicheCountry
Steve ZalewskiLevi Strauss & Co. (ex-CISO)CISO AdvisorSOC transformation, AI strategy, leadership.USA
Bret ArsenaultMicrosoftCVP & CISOAI-integrated security workflowsUSA
Josh LemosGitLabCISOAI-assisted threat triageUSA
Justin DellaportasSyniverseCISOAI alert filteringUSA
Patrick O'KeefeAlimentation Couche-TardHead, Global Cyber RiskAutonomous alert responseCanada
Carrie MillsSouthwest AirlinesCISOAI-governed SOC opsUSA
Jason LishCiscoGlobal CISOAI-enhanced XDR & orchestrationUSA
Edward WuDropzone AIFounder / CISOAI SOC analyst agentsUSA
Michael FanningSplunkCISOSOC analytics, AI/ML for security.USA
Jaya BalooRapid7Chief Security OfficerDetection & response, threat intelligence.USA (Global)
Phil VenablesGoogle CloudSecurity Advisor (ex-CISO)Board-level risk, AI governance.USA
Rich NagleOhio State UniversityCISOSOC modernization, security leadership.USA
Lakshmi HanspalBoxCISOSaaS security, proactive defense.USA
Andrew FentonBausch HealthCIOAI in security, SOC automation.USA
Sebastian LangeSAPGlobal CISOSecurity operations, AI-driven defense.Germany
Keren ElazariTED Speaker, Security AnalystIndependentHacker culture, AI's role in security.Israel
Harold RivasTrellixGlobal CISOXDR, AI-powered security.USA
Jack NaglieriPantherFounder & CTOCloud-native SIEM, AI-driven SOC automationUSA

Compliance & Regulatory-Heavy CISOs

These CISOs are not only technical experts but also masters of governance, risk, and compliance (GRC) in some of the most stringently regulated sectors globally. Their expertise lies in navigating complex legal frameworks, ensuring data privacy, and building a security program that stands up to intense audits and public scrutiny.

LeaderCompanyRoleFocus / NicheCountry
Hemangini ThakkarHSBCCISOMulti-jurisdiction banking, privacyUK
Cezary PiekarskiStandard CharteredGroup CISOCross-border banking, complianceAsia/UK
Tim HeldU.S. BankEVP & CISOFFIEC, risk quant, resilienceUSA
Susan KoskiPNC Financial ServicesEVP & CISOFinancial services, third-party riskUSA
Christopher PorterFannie MaeSVP & CSO (CISO)Financial services, FAIR riskUSA
Deneen DeFioreUnited AirlinesVP & CISOAviation, critical infrastructureUSA
Nasrin RezaiVerizonSVP & CISOTelecom, critical infrastructureUSA
Christophe GabioudAXAGroup Chief Security OfficerInsurance, solvency, privacyFrance
Andrew CoyneMayo ClinicCISOHealthcare, HIPAA/HITRUSTUSA
Tim McKnightUnitedHealth GroupEVP & CISOHealthcare, breach recoveryUSA
Vishal SalviQuick Heal / SeqriteCEO (ex-Infosys CISO)Enterprise compliance, GRCIndia
Phil VenablesGoogle CloudStrategic Security Advisor (ex-CISO)Regulated cloud, riskUSA
Thomas HSantanderCISOGlobal banking, riskSpain/UK
Patrick “Pat” OpetJPMorgan ChaseGlobal CISOSoftware supply chain, third-party risk.USA
Eric BoatengMassMutualCISOFinancial services, digital transformation.USA
Sandro BucchianeriNational Australia BankGroup Chief Security OfficerBanking security, global risk management.Australia
Joe MartinezAonGlobal CISOInsurance, cyber risk, data privacy.UK
Rich BaichAT&TVP & CISOTelecommunications, critical infrastructure.USA
Rich NagleOhio State UniversityCISOResearch security, academic compliance.USA
Roland CloutierCISO Advisor (ex-TikTok)CISO AdvisorGlobal privacy, national security.USA
Sameer RatolikarHDFC BankEVP & Head, Information SecurityBanking, risk management.India
Eric GalisCengageBusiness LeaderEdTech, student data privacy.USA
Sagar ChavanAxis Mutual FundSVP & CISOFinancial services, compliance.India
Manoj SarangiIndusInd BankSVP & CISOBanking, ISO 27001, IT strategy.India
Matt HillaryDrataCISOSOC 2, HIPAA, ISO 27001 compliance automationUSA
Christina CacioppoVantaFounder & CEOAutomated compliance, SMB GRC frameworksUSA

OT/ICS & Critical Infrastructure CISOs

These leaders are serious about real-world safety and uptime. They secure power systems, telecom networks, manufacturing lines, or urban infrastructure—where failure isn't just lost dollars, but dangerous.

LeaderCompanyRoleFocus / NicheCountry
Roland CloutierADP (ex-TikTok)Former Global CSOCritical infrastructure resilience in consumer techUSA
Dawn CappelliDragosCEO & Co-Founder (ex-ICS CISO)Industrial threat detectionUSA
James ShiraPwCCIO & CISOEnergy & utility cyber riskUSA
Phil VenablesGoogle CloudSecurity Advisor (ex-CISO)OT/ICS security for cloud workloadsUSA
Devender KumarSecuraPrincipal Security ExpertDutch infrastructure OT riskNetherlands
Malcolm HarkinsEpiphany SystemsCSOOT/ICS operational resilienceUSA
Tim HeldU.S. BankEVP & CISOOT security for financial servicesUSA
Arve KjoelenMcAfee EnterpriseCEO (ex-CISO, Cisco)Infrastructure-level threat managementUSA
Hannah BrownNISTIncident Responder / AdvisorEnergy & infrastructure incident handlingUSA
Nicholas Santillo Jr.American WaterDirector, Chief Security ArchitectWater utility ICS/OTUSA
Christopher HendersonHuntressSenior Security ResearcheICS/OT threat hunting, SOC responseUSA
Lesley CarhartDragosDirector of Incident ResponseICS/OT incident response, critical infrastructure protectionUSA

APAC & Middle East CISOs

These are the ones navigating diverse regulations, massive scale, and regional nuance—if your product offloads audit pain or streamlines multi-jurisdictional enforcement, they'll listen.

LeaderCompanyRoleFocus / NicheCountry
Durga Prasad DubeReliance IndustriesEVP & CISOEnergy conglomerate securityIndia
Shiv Kumar PandeyAdani GroupGroup CISOInfrastructure, transport, energy securityIndia
Sameer RatolikarHDFC BankCISOBanking, digital transformation securityIndia
Vishal SalviQuick Heal / SeqriteCEO (ex-Infosys CISO)Enterprise security leadershipIndia
Pete NicolettiCheck Point SoftwareGlobal CISOIsrael cyber defense leadershipIsrael
Trishneet AroraTAC SecurityCEOASM, VAPT for enterpriseIndia
Anand PrakashPingSafe (acquired)Founder & CEOCloud/SaaS security post-acquisitionIndia
Saket ModiSafe SecurityCo-Founder & CEOCyber risk quantification, APAC enterprise securityIndia


Influencers & Advisors (ex-CISOs)

These are the trusted voices—no longer in the CISO chair, but still in the room. Their frameworks, podcasts, and advisory roles influence buying decisions before a demo ever happens.

LeaderCompanyRoleBlend / Niche
Wendy Nather1Password (ex-Duo/Cisco)Senior Research Initiatives DirectorAdvisory CISO, research voice
Bob KolaskyCISA (former)Former U.S. Infrastructure CISONational incident prep
Anton ChuvakinGoogle CloudSecurity Advisor (ex-CISO)Regulated cloud security
Deepak GuptaGrackerAICEO/CISOAI-driven PLG & cybersecurity SaaS


Useful Resource- How to get CISO to REspond to Cold Emails

How Vendors Should Approach CISOs

  • Lead with the pain, not the pitch-
    “If you start with a 20-slide deck about your ‘AI-driven synergy platform,' I'm already checking email. Show me how you'll stop the breach that keeps me awake.”
  • Respect their time-
    CISOs aren't browsing demos for fun. They're slammed. If you get 15 minutes, don't waste 10 on your company history.
  • Bring proof, not promises-
    Everyone says “we reduce risk.” Few can show a real case study with metrics. Numbers matter more than adjectives.
  • Talk outcomes, not features-
    “I don't care if it uses blockchain, fairy dust, or hamsters in a wheel. If it lowers my audit findings or saves my analysts 20 hours a week, I'll listen.”
  • Be blunt about limitations-
    Nothing earns respect faster than a vendor who admits, “We don't cover X. You'll still need Y.” That honesty sticks.
  • Tailor to their industry-
    A hospital CISO hears “patient safety.” A bank CISO hears “regulator off my back.” Same product, different story.
  • Support the team, not just the boss-
    Win over their lieutenants—the SOC manager, the architect. If they vouch for you, the CISO signs faster.
  • Follow up like a human-
    Not with five automated “Just checking in!!!” emails. One thoughtful note with a relevant insight goes way further.

What CISOs Care About (In Their Own Words)

  • Risk above all else-
    “I don't care if it's shiny AI—show me how it cuts breach exposure today.”
  • Compliance headaches-
    “Half my week is mapping controls to acronyms—GDPR, HIPAA, PCI. Miss one, and it's a lawsuit.”
  • How painful the rollout is-
    “If my team needs six months of training, forget it. I need plug-and-play, not another science project.”
  • Proof they can show upstairs-
    “The board doesn't want tech talk. They want a chart that shows red risk boxes turning green.”
  • Future-proofing-
    “I'm not buying a tool for 500 users today if it'll break at 5,000 tomorrow.”
  • Reputation and trust-
    “If a vendor's been breached or fudged a report once… word spreads fast. I won't risk my badge.”
  • Reducing the noise-
    “My SOC is already drowning in alerts. If you add more without filtering, you're not helping me.”
  • Staff shortages-
    “I've got two open reqs for analysts and no candidates. If your product saves headcount, now you're talking.”

Wrapping It Up

At the end of the day, CISOs and their teams don't just buy tools — they bet their careers on them. If you want to earn a seat at their table, you need more than buzzwords. You need proof, context, and respect for how they work.

That's why this guide exists: to help you see the world through their eyes, know who actually shapes decisions, and understand the themes driving 2025 budgets.

If you're serious about selling into enterprise security:

  • Start with the people (the CISOs and practitioners who matter).
  • Speak their language (risk, ROI, compliance, outcomes).
  • Back it up with evidence (case studies, metrics, peer validation).

This page is just one piece of the bigger map. Check out our guides on Cybersecurity CEOs & Platform Leaders, Cybersecurity Influencers & Experts, and Top Cybersecurity VC Resources to complete the picture.