Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Career Intelligence
    • Cyber Tactics
    • Cybersecurity Education & Training
    • Leadership & Management
    • Security Talk
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Interactive Spotlight
    • Photo Galleries
    • Podcasts
    • Polls
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementSecurity & Business ResilienceCybersecurity NewsTop Cybersecurity Leaders

Special Report

2021 Top Cybersecurity Leaders - Dave Estlick

CISO, Chipotle

By Maria Henriquez
SEC0321-Cover-Estlick-slide6_900px

Bio Image courtesy of Estlick — in-future / iStock / Getty Images Plus / via Getty Images

March 1, 2021

Since joining Chipotle in 2019, Dave Estlick has had a significant impact in the company’s cybersecurity posture. Upon starting his new role, he initiated a period of discovery, taking inventory of the brand’s infrastructure. He saw an opportunity to drive significant change across the organization which was equally open to prioritizing security.

Estlick had just enough time to develop his global information security roadmap and build his team of dedicated engineers, analysts, architects and project managers when the COVID-19 pandemic started. He transitioned the organization to a remote model supporting two Restaurant Support Centers (Newport Beach, Calif. and Columbus, Ohio) and 2,750 restaurants across North America and Europe. Under his direction, Chipotle launched the Single Sign-On (SSO) project in addition to a new VPN software for a safer and more reliable network connection. He drove the integration of Chipotle’s Commitment to Privacy, Data Protection & Cyber Security as an integral part of Chipotle’s new code of ethics and the brand’s new code of ethics training. Investing in both education for employees and stronger systems, he has not only built, but is executing a strategy that mitigates and identifies risk while championing the workforce as a part of the solution to drive performance.

Previously, Estlick was the Vice President and Chief Information Security Officer (CISO) for Starbucks, where he led the global technology infrastructure and global cybersecurity organization, including the establishment of the Starbucks private cloud. He was also the Director of Information Security & Compliance at PetSmart Inc.

He is most proud of leading the End-to-End (E2E) payment encryption project at PetSmart in 2008. He says, “After reaching the milestone of full PCI compliance for the enterprise in 2007, the following year we were faced with the potential of non-compliance due to end of support for our existing Windows-NT based Point of Sale (POS) systems. Lacking sufficient time to evaluate, select, procure and implement a new POS system, the CIO directed me to research and bring forward alternatives for consideration. After several weeks of research, I brought forth five alternatives with a recommendation to implement what I called E2E encryption.” Estlick’s recommendation was selected by leadership and then presented and approved for ancillary funding by the Board of Directors.

Through outstanding partnership and efforts of the both internal and external teams to the enterprise, Estlick was able to complete this initiative, from concept through deployment, in just nine months. This accomplishment stands out for several reasons, Estlick says. “First, it demonstrated creativity and innovation while directly aligning to my primary responsibilities of increasing security and protecting our customers and brand. Secondly, it delivered substantial value to our business by avoiding costly rearchitected solutions, premature or hurried investment in POS technology and unlocking new digital capabilities for customer engagement across the retail footprint (e.g. customer kiosks, digital signage, electronic shelf labels). Finally, and maybe most importantly, it later served as the case study and influential reference design for the PCI Point-to-Point Encryption (P2PE) Standard 1.0 released in 2012,” he says.

Estlick is active in the industry and has served in various board positions for Cyberstarts, Clear Sky, PCI Security Standards, Internet Security Alliance, Retail Cyber Intelligence Sharing Center, and Security Advisor Alliance.

KEYWORDS: business continuity cyber security information security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Maria Henriquez is a former Associate Editor of Security. She covered topics including cybersecurity and physical security, risk management and more.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Cyber tech background

    Security’s Top Cybersecurity Leaders 2026

    Security magazine’s Top Cybersecurity Leaders 2026 award...
    Security Leadership and Management
  • Iintegration and use of emerging tools

    Future Proof Your Security Career with AI Skills

    AI’s evolution demands security leaders master...
    Career Intelligence
    By: Jerry J. Brennan and Joanne R. Pollock
  • The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report surveys enterprise...
    The Security Benchmark Report
    By: Rachelle Blair-Frasier
Manage My Account
  • Security Newsletter
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Hand reaching up out of the ocean

What I Learned About Burnout the Hard Way (and How to Actually Fix it)

Broken wet floor sign

Why Response Time Is Becoming the Missing Metric in Workplace Safety and Security

Paparazzi

When Private Events Become Public Infrastructure: What Celebrity OSINT Teaches Security Leaders

Cyber Tactics

AIBOMs: Bringing AI Security Out of the Shadows, A Practical Guide for Security Professionals

Medical professional

Nearly 85% of Nurses Experienced Workplace Violence in the Last Year

Kaseware sponsored webinar
Schneider Electric sponsored webinar

Events

August 25, 2026

Critical Infrastructure Security Is National Security: Protecting Essential Operations in an Era of Escalating Risk

LIVE: August 25, 2026 at 2 PM EDT Learn why critical infrastructure security has become a national security imperative, and the strategies organizations can adopt to improve visibility, collaboration, and response across their security operations.

August 27, 2026

Leveraging AI & Mobility to Advance Your Security Domain

LIVE: August 27, 2026 at 2 PM EDT Explore how AI-driven cloud security solutions can elevate your security domain enhancing threat detection, streamlining operations, and delivering the resilience modern organizations demand.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products


Alertmedia sponsored webinar

Related Articles

  • SEC0321-Cover-Hadley-slide9_900px

    2021 Top Cybersecurity Leaders - Roy E. Hadley Jr.

    See More
  • SEC0321-Cover-Harris-slide10_900px

    2021 Top Cybersecurity Leaders - Shawn Harris

    See More
  • SEC0321-Cover-Conway-slide4_900px

    2021 Top Cybersecurity Leaders - Edna Conway

    See More

Related Products

See More Products
  • A Leaders Guide Book Cover_Nicholson_29Sept2023.jpg

    A Leader’s Guide to Evaluating an Executive Protection Program

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • Newsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2026. All Rights Reserved BNP Media, Inc. and BNP Media II, LLC.

Design, CMS, Hosting & Web Development :: ePublishing