Cyber Security Hub is delighted to present our top 25 leaders in cyber security for 2024.

The list features people from all over the globe and from different specialisms, including fraud detection, corporate governance, cyber defense, ethical hacking and more. They all have extensive expertise, have made remarkable achievements towards advancing cyber safety, and use their public profiles to raise awareness of the importance of cyber security, both as a safety measure and a career.

To navigate the list easily we have compiled it in alphabetical order. View a specific individual by clicking on their name in the table below, or scroll down to find out who the leaders on our list are.

Sarah Armstrong-Smith

Chief security advisor – EMEA, Microsoft

Sarah Armstrong-Smith has been in the IT space for more than 20 years, beginning in 1999 with her involvement in a millennium bug program for a UK water company. Her expertise has grown to encompass disaster recovery, cyber security, data protection, and privacy, leading to roles at insurers AXA, consultants EY, tech company Fujitsu and the London Stock Exchange Group.

Her current role is her most high profile to date, as Microsoft’s chief security advisor for the EMEA region. Alongside this she is a prolific keynote speaker, author and advisor on a number of company boards.

Armstrong-Smith frequently speaks about the human aspects of cyber security and why breaking down silos between departments and resilience are key to staying ahead of the competition.

She has more than 30 awards to her name, including being among Computer Weekly’s 2020 Most Influential Women in the UK and a 2021 Fellow of the British Computer Society. She was also named  one of the top 20 movers and shakers in cyber security of 2022 by Cyber Security Hub.

  • Find out what Sarah Armstrong-Smith is talking about on LinkedIn

Chuck Brooks

Co-founder and CEO, Brooks Consulting International

Chuck Brooks has more than 25 years of experience in cyber security, technology, and government relations, over the course of a career that has led him to form his own consultancy firm and teach courses in homeland security and cyber security at Georgetown University in Washington DC.

As a consultant, his clients have included Fortune 1000 companies, governments and even the Vatican (the Pope’s headquarters are not immune to cyber risk), and he has received presidential appointments for executive service by two US Presidents.

Brooks is regularly named as a top cyber security expert to follow by trade press, and he contributes to a number of publications including Forbes, the Washington Post, Homeland Security Today and The Hill.

“In reflecting over the span of my career in security government and in the private sector, I have come to a recognition that there are several valuable elements for reaching you career goals,” Brooks told us. “These include: 1) being able to network and build relationships; 2) having the ability to effectively write and speak; and 3) to be able to dedicate yourself to learning and developing an expertise on key issues, concepts, and policies encompassing your work.”

Dr Blake Curtis

Senior technical program manager, security assurance, Amazon

As a research scientist specializing in quantitative correlational research, Dr Blake Curtis focuses on identifying the knowledge and abilities that lead to superior performance for cyber security professionals.

He gained great acclaim with The Next Generation Cybersecurity Auditor, a study that revealed the gap between the theoretical knowledge and practical skills of auditors working at the Big Four. One of his key findings was that task-based experience holds greater objectivity than length of experience.

In addition, Curtis is a specialist in creating global information assurance programs for government, commercial and healthcare sectors. He has led security and compliance at Vanderbilt University and Cigna, before moving to Deloitte where he eventually became global cyber security strategy and program manager. Most recently he has taken on the role of senior technical program manager in security assurance at Amazon.

He sees the greatest challenges for 2024 as being promoting digital trust, objectively assessing technical competence and creating governance and risk management practices for emerging technologies. “Notably, our industry will need an objective way to ensure we’re hiring professionals with the appropriate levels of task-based experience and removing barriers from hiring and promotion practices like mandating arbitrary years of experience to address our industry-wide skills shortage,” he says.

Kirsten Davies

CISO, Unilever

As the global chief information security officer (CISO) for one of the largest companies in the world, Kirsten Davies has her work cut out. However even before her appointment to Unilever in 2021, Davies had amassed a wealth of experience in her roles as CISO at Estée Lauder, Barclays Africa Group, Hewlett-Packard and Siemens.

She has led transformative projects at these organizations, including establishing a security academy at Barclays which re-skilled people to enter the cyber security sector, and achieving a landmark cyber security agreement with the German Workers Council that is now replicated across Hewlett Packard’s other work councils across EMEA.

She is on the advisory council of NYU’s Tandon School of Engineering, and is passionate about diversity and inclusion – her cosmetovigilance and Data Integrity Program at Estee Lauder beat cyber security and IT industry averages for the inclusion of individuals across genders, ethnicities, age and nationalities.

  • Find out what Kirsten Davies is talking about on LinkedIn

Parag Deodhar 

Managing director – global IT audit, Accenture

Parag Deodhar is part of the internal audit leadership team at Accenture based in Karnataka, India, where he is responsible for global technology and cyber-security assurance. He joined the company in 2022 after a stint as regional CISO for Asia Pacific at outdoor clothing company VF Corporation.

Before this he spent many years in the finance and insurance industries, working at AXA and Deutsche Bank. As a result he has accumulated more than 20 years of experience in enterprise risk management, operational risk, and fraud risk management, making him highly in-demand at conferences where he is invited to speak about fraud and cyber threats, particularly those emerging as a result of advancing technologies.

“The threat landscape will continue to evolve with the rapid adoption of new technologies like AI and ML by businesses, and also by adversaries to devise new attack vectors,” Deodhar told us. “The challenge for cyber security practitioners will be to help businesses adopt these technologies securely, by design and also keep defending against the new attack vectors.”

  • Find out what Parag Deodhar is talking about on LinkedIn

Lynn Dohm

Executive director, Women in Cybersecurity

Lynn Dohm has worked in various capacities in the cyber security education sector, holding the role of director of communications at the National CyberWatch Center, the Community College Cyber Summit and the National Cyber League.

In 2019 she joined Women in Cybersecurity (WiCyS) as executive director, which has since positioned itself as a leading model of how a multi-organizational approach can strengthen the cyber security workforce.

She has received numerous awards including the People’s Choice award for Cybersecurity Woman of the Year and has been named among the Top 100 Women in Cybersecurity by Cyber Defense Magazine.

Dohm is particularly passionate about diversity and inclusion, and how DEI policies can bridge the workforce gap and improve the recruitment, retention and advancement of women in cyber security. “One of the challenges continues to be the critical cyber security workforce shortage,” Dohm told us. “As technology increasingly intertwines with everyone’s day-to-day lives, the need for experienced cyber security professionals expands. Some reports expect it to grow 31 percent annually until 2029.

“While nonprofits like Women in CyberSecurity (WiCyS) continue building the pipeline for the cyber workforce, we must also focus on the leaky pipe. Inclusion within the workforce is essential for women and underrepresented individuals to know that they not only belong but can thrive and advance in lucrative cyber security careers because of it. That’s why the WiCyS mission to recruit, retain and advance women in cyber security is so important.”

Jen Easterly 

Director, CISA, Homeland Security

Since 2021, Jen Easterly has been the director of the Cybersecurity and Infrastructure Security Agency (CISA), part of the US’ Department of Homeland Security. In this high profile role she leads efforts to reduce the risk of cyber attacks for individuals and businesses across the country. Other public service appointments have included being special assistant to President Obama and executive assistant to National Security Advisor Condoleezza Rice.

Previously she was the head of firm resilience at Morgan Stanley, responsible for ensuring preparedness and response to operational incidents and risks. Here she also helped build Morgan Stanley’s Cybersecurity Fusion Center, a hub for cyber defense operations.

Easterly has served in the US army, completing tours in Haiti, the Balkans, Iraq and Afghanistan, where she led the army’s first cyber battalion. Among the many awards she has received are the US Army’s Bronze Star (twice), the 2023 Sisterhood Award from Girls Who Code, and the 2022 National Defense University Admiral Grace Hopper Award.

  • Find out what Jen Easterly is talking about on LinkedIn

Keren Elazari

Security analyst and researcher, Tel Aviv University 

Keren Elazari, aka k3r3n3, is a security researcher at Tel Aviv University where she focuses on hacktivism, cyber conflicts in global politics and crowd sourcing security mechanisms such as bug bounty programs.

After watching the movie Hackers at the age of 14, Elazari decided this was the career path she wanted to take, albeit as an ethical hacker. In 2016 she co-founded BSidesTLV, a yearly conference that has become Israel’s leading event for hackers and security researchers. She also co-founded Leading Cyber Ladies in 2015, the only dedicated event for women in cyber security in Israel that aims to raise the profile of women in the field. It has since grown from quarterly meet ups in Tel Aviv to include branches in New York City and Toronto.

Elazari has spoken at TED Talks, the RSA Conference, DEFCON and NATO; some of these talks have been translated to multiple languages. She has also written articles on emerging cyber threats for Scientific American, Financial Times and WIRED magazine.

We asked her what the biggest threat to cyber security will be in the year ahead: “I believe that complacency and ‘paradigm’ thinking is the biggest threat in our industry,” Elazari said. “We need to foster a capacity for change, the ability to evolve and adapt as quickly and as fearlessly as the bad guys.”

Jane Frankland

Founder and CEO, KnewStart

As career changes go, British-born Jane Frankland has got a few under her belt. She started out as a designer, selling work to fashion and art houses including to prestigious auctioneers Christies, but it wasn’t enough to make a living as a single mother so she switched to a job in sales at a recruitment company. She later became the associate director of operations at a large assurance firm.

A report in 2015 on the lack of women in the industry led her to writing a book on the subject. Frankland describes herself as a women’s change agent, dedicated to empowering women through her writing and keynote speaking.

She is the founder of the IN Security Movement, which has given scholarships to more than 350 women worldwide, and a founding member of #Women4Cyber, an initiative from the European Cyber Security Organization (ECSO). With KnewStart, where she is founder and CEO, she provides consulting, training, mentoring, certification and talent acquisition for women in cyber security, aligned to 2030 United Nations Sustainable Development Goals.

G. Mark Hardy  

President, National Security Corporation

G. Mark Hardy has been providing information security expertise to government, military and businesses for more 30 years. In 1988 he founded National Security Corporation, a consulting firm where he remains president.

His vast experience includes managing security assessment and penetration teams, data encryption and authentication, software development and strategic planning for e-commerce, as well as writing commercial risk assessment software.

He  also spent nearly 40 years as captain in the US Navy Reserve, working in various posts including monitoring and reporting of all military forces in the Pacific theater. He has developed information security plans for four US military commands, and written the communications security encryption requirements for an experimental military satellite program.

Nowadays he is a regular speaker at industry shows, and co-host of the CISO Tradecraft podcast. He is also a founding member of the National CyberWatch Center.

Hardy recently say down with Cyber Security Hub to discuss how CISOs and their teams can navigate changing regulations. “First of all, I would say get a list of applications, do an inventory, and determine what’s out there,” he said. “Then what we want to take a look at is the area of operation, in what nations are these operating in, and in what state, etc? Because what we find out then is that where you are processing your data, where you are storing your data and where your customers are, are three different questions.”

Niel Harper 

Board director, ISACA

Niel Harper has spent 20 years advising global organizations including AT&T Wireless, Deloitte Consulting, Doodle and the European Commission on corporate governance, digital policy and cyber security management, work that has led to a number of awards like the ISJ Caribbean Security & Resilience Award, and being recognized by the World Economic Forum as a Young Global Leader in 2014.

Harper has established himself as a trusted leader in public sector cyber security policy, and has implemented digital policy roadmaps for states in Africa, Asia-Pacific, Europe, and Latin America and the Caribbean.

He is currently board director and vice-chair of the audit committee at the renowned ISACA (formerly Information Systems Audit and Control Association), as well as a member of the World Economic Forum’s working group on Cyber Risk and Corporate Governance. He was recently appointed to the UK Cyber Security Council’s Professional Standards Working Group.

Tia Hopkins

Chief cyber resilience officer, eSentire

Since starting her career installing high speed internet systems more than 20 years ago, Tia Hopkins has risen to hold senior positions at Kaplan University in Florida, IT company Zones LLC, and more recently at eSentire, where she has worked for the last six years, initially as a senior engineer before being appointed to her current role of chief cyber resilience officer and field chief technology officer. In this dual position she is responsible for leading and developing eSentire’s cyber resilience strategy and driving adoption of the company’s SaaS platform.

We asked Hopkins what threats to look out for in 2024. “I view the most imminent threat as more of a compounding effect – emerging technologies and rapid adoption, the cyber security skills gaps, and the constant evolution of threat and attack types. As we continue to rely more and more on interconnected systems, the opportunity for large-scale, multi-vector attacks only grows, and many organizations will struggle to keep pace.”

She adds: “Now more than ever it’s critical that security leaders focus on building programs and strategies that target organizational resilience as an outcome because simply managing risk is no longer enough.”

In addition to her day-to-day job, Hopkins is adjunct professor of cyber security at Katz School at Yeshiva University and a guest lecturer at the Wharton School. In 2020 she founded Empow(H)er Cybersecurity, a non-profit organization aimed at encouraging and supporting women of color to pursue cyber security careers.

Eugene Kaspersky 

CEO, Kaspersky Lab

Eugene Kaspersky is a very well-known name in cyber security and IT, known for his pioneering work in computer security software and the establishment of Kaspersky Lab, which he founded in 1997. It has since become one of the world’s leading cyber security firms.

Born in Russia in 1965, Kaspersky’s journey to becoming a cyber expert began with a background in mathematical engineering. He became interested in IT security when his computer was hit with the devastating Cascade virus in 1989, and he decided to create a program to remove it.

Kaspersky Lab consistently delivers cutting-edge antivirus tools, with its solutions deployed to combat many high profile threats including cyber espionage. Kaspersky himself is an outspoken advocate for global cooperation in combating cyber crime. He is also one of the world’s richest men, with Forbes’ estimating his net worth to be US$ 2.1 bn.

Zinet Kemal

Associate cloud security engineer, Best Buy

Zinet Kemal began her career as a legal assistant in her home country of Ethiopia, before moving to the US and embarking on a career in cyber security. Nowadays she is associate cloud security engineer at electronics retailer Best Buy, where she designs and implements measures to protect the company’s cloud-based infrastructure and data.

In addition to her day-to-day role she is on the board of Black Girls in Cyber as a community outreach director; is a TEDx speaker and regular guest on television and podcasts; a LinkedIn Learning instructor and the author of three children’s books, among them Oh, No… Hacked Again! which teaches children about the importance of online safety. Her most recent release See Yourself in Cybersecurity is an international Amazon bestseller.

Kemal is the recipient of the 2023 Minneapolis/St. Paul Business Journal 40 under 40 award, and the Women Who Code Applaud Her Award for Security, among many others.

We asked Kemal what advice she would give to someone wanting to start a career in cyber security, and she offered these tips: “Find your area of specialization in cyber – cyber security is a vast industry with diverse specialties. Put in the work to learn; seek mentorship; build your personal brand through blogs, posts on social media, or speaking engagements. Don’t underestimate soft skills, and network.”

Ondrej Krehel 

Lecturer and mentor, Columbia University

Ondrej Krehel has dedicated his career to digital forensics, ethical hacking and threat intelligence. In 2013 he founded LIFARS (Low Impact Forensics and Advanced Response Services), a company that provides critical services to organizations facing cyber attacks and data breaches, helping them identify and recover from security incidents.

An advocate for taking proactive security measures, he shares his insights through speaking engagements, publications and media appearances; he is also a lecturer in enterprise risk management at Columbia University. He previously taught at the FBI Training Academy, and has led forensic investigations and cyber security consulting for US government missions, including military special operations.

Krehel is one of a few individuals to hold a Certified Ethical Hacker Instructor (CEI) accreditation, and to be authorized to teach ethical hacking courses to government and private sectors.

Abbas Kudrati 

Director/ASEAN chief cyber security, risk and compliance advisor, Microsoft

Abbas Kudrati knows a few things about the working life of a CISO, having held the title at KPMG Australia, the Kingdom of Bahrain, and Public Transport Victoria. Since 2018 he has been responsible for cyber security for the Asia Pacific region at Microsoft, a role that sees him advising on the latest strategies and technologies to ensure Microsoft’s clients remain secure.

Alongside this, he speaks regularly at conferences around the world and has written a number of books on cyber and IT security issues, focusing on zero-trust, governance and compliance.

His desire to support the broader security community has seen him take on the role of advisor on a number of boards including Deakin University where he was previously a professor; he now teaches cyber security part time at La Trobe University in Melbourne. Additionally he is a member of the ISACA Melbourne Chapter, where he acts as a liaison to local colleges and universities.

Jason Lau 

CISO, Crypto.com

Jason Lau has more than 20 years’ experience in consulting for Fortune 200 companies in the fields of cyber security, data privacy and IT governance, including an advisory role to Microsoft and as chief information officer at Argent Software.

He is a Forbes Council member, adjunct professor of cyber security and data privacy at one of Asia’s leading business schools, and a member of the prestigious ISACA board of directors. Meanwhile his day-to-day role is that of CISO at Crypto.com, where he drives the organization’s global cyber security and information privacy strategy.

Leading security policy at the world’s biggest cryptocurrency platform means Lau is well versed in getting ahead of emerging threats, so we asked him what he thinks the biggest challenge for cyber security will be next year.  “Undoubtedly the rapid and unpredictable advancements in AI,” he told us.  “While AI offers tremendous potential for enhancing our defense mechanisms, it also presents sophisticated attack vectors.

“Adversaries are leveraging AI to automate attacks, craft deceptive phishing campaigns, and bypass traditional security measures with alarming speed and precision. The dual-edged nature of AI means that while we can harness its power to bolster our defenses, we must also be perpetually prepared for its use in novel and increasingly sophisticated cyber attacks. The race between AI-driven defense and offense will define the cyber security landscape in 2024.”

Katie Moussouris   

Founder and CEO, Luta Security 

A tech whiz from a very young age, Katie Moussouris taught herself programming on her home computer when she was still a child. She began her career working on computer systems at the MIT Department of Aeronautics and Astronautics and the Harvard School of Engineering and Applied Sciences, later joining software company Symantec as a security consultant.

Her big break came after being appointed as a security strategist at Microsoft, where she created the company’s first ever bug bounty program. Thanks to this she was able to learn of 18 vulnerabilities and new attack methods that could otherwise have posed serious problems for the tech giant.

Following this she became the chief policy officer at Hacker One, where she helped the US Department of Defense develop Hack the Pentagon, its own security bounty program created to protect the US government from cyber attacks.

As a visiting scholar at the MIT Sloan School of Management she conducted economic research into the labor market for security bugs, and has spoken out against how bug bounty programs exploit hackers. She is also an advocate for greater gender equity in the industry; in 2015 she filed a class action lawsuit against former employer Microsoft alleging systemic discrimination against its female technical professionals.

In 2016 she started Luta Security, a startup that specializes in vulnerability disclosure for governments and she is also an advisor to the Center for Democracy and Technology. Recognizing her many achievements, she has been named one of America’s Top 50 Women In Tech by Forbes magazine.

Matthew Rosenquist 

CISO, Eclipz.io Inc

With 30 years of experience in cyber security and technology, Matthew Rosenquist has become a leading authority in the field thanks to his dedication to fostering safer online environments, through advocacy, writing and speaking engagements.

Rosenquist worked at Intel for over 20 years as a security and cyber security strategist. Today he is the CISO at Eclipz.io and he sits on the advisory board of a number of universities and organizations including the United Cybersecurity Alliance.

We asked Rosenquist for his thoughts on the biggest challenges for cyber security in 2024: “Cyber attacker capabilities will take a leap forward in 2024, fueled by a new infusion of significant funding and focus from aggressive nation-states. The downstream effects will benefit the attacker community with the discovery and exploitation of very impactful vulnerabilities and empowerment of more advanced tools and tactics that reduce the time defenders have to respond.

He adds: “Cyber security organizations will once again be required to find a new gear to operate and rapidly adapt to show sustaining value.”

Rinki Sethi    

Vice president and CISO, BILL

Rinki Sethi’s extensive CV is filled with the world’s biggest companies – including Walmart, eBay, Palo Alto Networks and IBM. Most recently she was the CISO at Twitter (now ‘X’), before taking her current role as vice president and CISO at software company BILL.

Sethi is a board member and advisor to a significant number of companies including SecureWorld and Elron Ventures, and the recipient of several awards, among them the One to Watch Award from CSO Magazine and the Senior Information Security Practitioner Award from the International Information System Security Certification Consortium.

She has also somehow found the time to lead the creation of the first set of national cyber security badges and curriculum for the Girl Scouts of the USA, and to help develop Creating a Culture of Security, a book published by ISACA.

  • Find out what Rink Sethi is talking about on LinkedIn

Confidence Staveley 

Founder and executive director, CyberSafe Foundation

Among Confidence Staveley’s many awards and achievements are receiving the Young CISO of the Year award 2021, the 2022 Obama Africa Leader award, and being named one of the 20 African Women of Impact 2022 by Ventures Africa.

Staveley began her career as an IT security analyst in Nigeria, eventually taking a senior role where she managed cyber security experts in seven countries to provide training to more than 10,000 employees across 36 Nigerian states.

In 2019 she founded the CyberSafe Foundation, a non-governmental organization dedicated to improving safe digital access in Africa, particularly among vulnerable people and businesses.

Staveley is also a keynote speaker who has taken part in the World CyberSecurity Summit and Africa Cyber Defense Forum, and is an advocate for encouraging more girls to enter cyber security careers.

Shamane Tan

Chief growth officer, Sekuro

In 2017, Shamane Tan created a meetup group for people to discuss cyber security issues; this has grown to 4,000 members across seven different cities in the Asia Pacific region. She also chairs the invite-only CxO Tribe, a group of executives, CIOs and CISOs who meet regularly to discuss the state of the industry.

Tan is the author of three cyber business books that comprise leadership insights from hundreds of professionals, including the global bestseller co-authored with Dan Lohrmann: Cyber Mayday and the Day After. Tan is also an advisor to executives in APAC, has spoken at TEDx, and delivered keynotes in more than eight countries.

Meanwhile, in her day-to-day role at Sekuro she leads the outreach strategy aimed at helping C-suite executives manage cyber risk as part of their business growth objectives. Her lengthy list of accolades includes 40 under 40: Most Influential Asian-Australian and being named a Global Top 20 Influencer in the cyber security professionals category at trade show IFSEC.

  • Find out what Shamane Tan is talking about on LinkedIn

Rachel Tobac 

CEO, SocialProof Security

Rachel Tobac has had a varied career, moving from education into ethical hacking while still focused on training and advising people against cyber risks.

She spent seven years at Course Hero, an American education technology website company, where she trained interns and developed philanthropic initiatives, but as a result of her passion for information security she also developed a company-wide security training protocol here.

In 2017 she became the CEO of SocialProof Security, a company of ethical hackers that tests social engineering tactics and trains people and companies in data safety practices.

Tobac has appeared on NPR, Last Week Tonight with John Oliver, The New York Times, Business Insider, CNN, and Forbes to discuss real life social engineering stories; she is also chair of the board of directors of Women in Security and Privacy.

  • Find out what Rachel Tobac is talking about on LinkedIn

Phil Venables

CISO, Google Cloud

As the CISO of Google Cloud, Phil Venables is heavily involved in security best practices that impact businesses and individuals around the world. He also happens to be a member of the President’s Council of Advisors on Science and Technology, advising the US President on policy matters.

Prior to joining Google he worked at Goldman Sachs, first as CISO before transitioning to senior adviser for risk and cyber security, and later becoming a board director. He has also held senior positions at Deutsche Bank, Standard Chartered Bank and Barclays Bank.

British-born, he was elected Fellow of the British Computer Society in 2005; he also sits on a number of boards belonging to both private and non-profit organizations, notably the Center for Internet Security, which he co-founded, the National Security Agency (NSA) Science of Security Program, and the US-based Council on Foreign Relations.

Endré Jarraux Walls

Technology executive

Endré Jarraux Walls has handled IT security for businesses in hospitality, finance, and technology. Overall, he has 25 years of experience designing and building secure systems for customers and employees; first becoming a manager at the age of 22. Just a few years later, aged 29, he landed the role of chief technology officer at communications company CoreDial.

Walls also spent 11 years as the CEO of The Franklin Foundation, an organization working to ensure all children in America have access to education regardless of the circumstances in which they were born. More recently he has been dedicating his time to advising, and is on the board of cyber security provider Exium.

Walls said the best professional advice he has had is to “be a coach in every situation. What is meant by that is, as an executive, your job is to inspire others to innovate. You don’t have to be the smartest person in the room, you should aspire to be the wisest and ask questions that help other people reach their own breakthrough outcomes.”

“Wise leaders know how to get people to give them 200 percent without ever having to ask for more than that first 100,” he adds. “Once you’ve got that 200 percent make sure your people are recognized and appreciated for their work and innovation. This creates a culture where the job feels more like a space to create and innovate than just a job. In cyber security this is especially important. The best practitioners are innovative in their approaches and steadfast in their desire to find new ways to protect and defend the organization.”

Read more HERE.