2024 was tough in the cybersecurity world.  A single breach can cost millions, and the stakes for protecting your assets have never been this high. Just for a refresher: the cost of a single data breach is 4.45 million as of 2023, and the number of attacks per day keeps climbing. And I know how you’re facing nonstop pressure to defend against everything from sophisticated ransomware to getting scrutinized by regulatory boards.

‍

I think it’s important for us to know about those ‘pros’ at balancing risk, strategy, and innovation with serious expertise in risk management and know the ins and outs of the complex mix of threats with groundbreaking strategies that everyone else will soon be following.

‍

I’m sure you’re curious about them. Let’s check who’s reshaping the standards in cybersecurity risk management this year.

‍

Table of Contents

1. Tim McKnight — EVP and CISO at UnitedHealth Group
2. Jamil Farshchi — EVP, CISO and CTO at Equifax
3. Lesley Carhart — Technical Director, Industrial Incident Response
4. Theresa Payton — CEO of Fortalice Solutions, Former White House CIO
5. Shamla Naidoo — CXO Advisor at Netscope, Former CISO at IBM
6. Conclusion

‍

Tim McKnight — EVP and CISO at UnitedHealth Group

LinkedIn

Tim, with over 30 years in cybersecurity, has taken the seat of Chief Information Security Officer at UnitedHealth Group. He brought his experience from roles at SAP, Thomson Reuters, and the FBI. With a career spanning high-stakes environments and positions advising Google Cloud, AWS, and the NSA, Tim’s the expert UnitedHealth needs, especially following a major data breach that affected over 100 million people and shows how healthcare security is important.

‍

Achievements

• Developed UnitedHealth Group’s response strategy to strengthen protections after the Change Healthcare ransomware attack.
• Known for driving SAP’s global cybersecurity program, where he led the integration of AI and machine learning to enhance threat detection.
• Enhanced collaboration between legal, compliance, and IT security teams at UnitedHealth to streamline regulatory compliance and incident response.
• Played an advisory role for major tech players, including Google Cloud and Amazon Web Services, bringing best practices to UnitedHealth’s cloud security approach.

‍

Jamil Farshchi — EVP, CISO and CTO at Equifax

LinkedIn

Since joining Equifax in 2018, Jamil Farshchi has been on a mission to rebuild trust and strengthen cybersecurity after Equifax’s high-profile breach. His expertise spans several major organizations, including The Home Depot, Visa, Time Warner, and even NASA, making him uniquely equipped to lead one of the largest cybersecurity overhauls in financial services. With a $1.5 billion transformation, Jamil has led Equifax to become one of the most secure and transparent organizations in the industry.

‍

Achievements

• Overhauled Equifax’s entire cybersecurity strategy with a $1.5 billion budget to create one of the most advanced and transparent cybersecurity programs in the industry.
• Developed a strict incident response and risk management framework, now considered a benchmark in the financial sector.
• Strengthened partnerships with the federal government, especially through a role as a Strategic Engagement Advisor to the FBI, to improve information sharing and public-private collaboration.
• Recruited top-tier cybersecurity talent and introduced new governance structures to prevent future breaches that set a new standard for risk management and accountability 

‍

Lesley Carhart — Technical Director, Industrial Incident Response

LinkedIn

Lesley Carhart, the Technical Director of Incident Response for Dragos, is a recognized leader in industrial cybersecurity, especially in sectors like energy and manufacturing. With over 20 years of experience, including service in the U.S. Air Force Reserves, Lesley has focused her career on securing critical infrastructure from cyber threats. Her work at Dragos has been essential in shaping how industries handle incident response and protect operational technology (OT) environments.

‍

Achievements

• Strengthened incident response protocols specifically tailored for Industrial Control Systems (ICS), which protects sectors like energy, manufacturing, and utilities from cyberattacks.
• Advanced industry standards for ICS cybersecurity, particularly in response and forensics that created new frameworks for defending OT environments against targeted and insider threats.
• Played a key role in threat intelligence and threat hunting for ICS environments, which helped in identifying unique threats and sharing insights with the broader industrial cybersecurity community to improve collective defenses.

‍

Theresa Payton — CEO of Fortalice Solutions, Former White House CIO

LinkedIn

Theresa Payton, former White House CIO and now CEO of Fortalice Solutions, is a powerhouse in cybersecurity. She brought decades of experience to her clients in government and Fortune 500 companies. As the first woman to serve as White House CIO, she implemented groundbreaking digital security strategies, and her work today with Fortalice focuses on building resilient and human-centered cybersecurity solutions.

‍

Achievements

• Built Fortalice Solutions into a top cybersecurity consultancy, a company dedicated to protecting critical infrastructure and securing clients across sectors from healthcare to finance.
• Advocated for privacy and data protection, especially against the rise of disinformation and digital manipulation.
• Established Fortalice’s proprietary methods for preventing business email compromise and intellectual property theft.
• Authored several best-selling books, including Manipulated, to educate and prepare leaders on countering digital disinformation.
• Holds a U.S. patent in security, showcasing her innovation and commitment to improving cybersecurity technology.

‍

Shamla Naidoo — CXO Advisor at Netscope, Former CISO at IBM

LinkedIn

Shamla Naidoo, currently a CXO Advisor at Netskope and former Global CISO at IBM, is a veteran in integrating cybersecurity into digital transformation strategies. With decades of experience in Fortune 500 companies, Shamla has been an important figure in aligning security practices with enterprise goals to make sure that digital initiatives stay secure from the ground up.

‍

Achievements

• Pioneered IBM’s approach to cybersecurity by aligning it closely with business objectives and promoting a proactive risk management culture across the company.
• Championed security-by-design principles in IBM’s cloud and software services.
• Advised on digital transformation strategies for organizations across 20+ countries that helped them navigate regulatory and security challenges on a global scale.
• Played a significant role in cybersecurity education by creating and teaching courses on law, technology, and privacy to guide future security leaders.

‍

Conclusion

As big as the damages get when a business gets breached, there are always people working in the background, redefining how organizations approach security, resilience, and innovation. These cybersecurity leaders are setting new standards, pushing organizations to turn their backs on traditional defenses that are no longer working.

‍

To support organizations in building this level of expertise internally, AppSecEngineer provides a platform dedicated to high-impact application security training. We got it all covered from secure coding to threat modeling. If you want to strengthen your defenses while giving your teams the capability to implement industry-leading security practices, then you’ve come to the right place.

‍

Take a cue from these cybersecurity leaders. Get your team the tools and training to keep up with tomorrow’s threats and innovations.