Security magazine is pleased to present our inaugural Top Cybersecurity Leaders for 2021. Security partnered with (ISC)², the world’s leading cybersecurity professional organization, to find enterprise information security executives who have made and continue to make significant contributions in the cybersecurity space to their organizations and the security profession. They were nominated by their colleagues and associates, and were chosen based upon their leadership qualities and the overall positive impact that their cybersecurity projects, programs or departments have had on their shareholders, organizations, colleagues and the general public.

Left attempting to optimize security teams while struggling to cope with multiple crises simultaneously, security leaders feel as if almost 75% of the workday is spent battling internal bureaucracy, while 25% is spent dedicated to the issues that require attention. But you’re not alone. To start, have some real conversations with your staff, and don’t forget to focus on yourself and your own well-being.

A small, private college in Ohio, Cedarville University implemented its Caring Well, Staying Well plan to help students return to campus safely amid the COVID-19 pandemic. In addition to mandating masks, coordinating outdoor and virtual worship services and other initiatives, Cedarville University deployed Wi-Fi based occupancy sensors to help students and staff reduce crowds and maintain social distancing at its on-campus dining facilities.

Campus police and security teams are tasked with not only providing a professional and measured response to volatile and politically charged issues, but must still maintain traditional, expected and valuable services, all within budgets that, for many campus security teams, will probably not be increasing. Let’s take a look at practical security practices campus safety leaders can implement.

While Ira Winkler’s tenure as CISO within Skyline Tech Solutions has been short, he has made a significant impact. In October 2020, he took over a security department that lacked leadership, as it grew organically out of a successful network and IT services operations.

Spencer Wilcox first started his career in cybersecurity while in law enforcement in the Commonwealth of Virginia. With training in computer forensics and cyber investigations from the Federal Bureau of Investigation (FBI), Wilcox transitioned to the energy industry at Constellation Energy as a DFIR (Digital Forensics and Incident Response) investigator and has held positions in cyber and physical security leadership ever since.

At Safelite Group, an American provider of vehicle glass repair, replacement and recalibration services, headquartered in Columbus, Ohio, Grant Sewell has built the security team from the ground up.

As Director of Information Security responsible for cybersecurity strategy, engagement and architecture at Starbucks, Shawn Harris leads a team of 10 security professionals comprised of principal level architects, security program and management professionals.

In addition to his role as a cybersecurity lawyer, Roy E. Hadley Jr. is well-versed in the operational and technical aspects of cybersecurity. At Adams and Reese LLP, he assists clients with response and recovery efforts in the event of an attack and assists clients with hardening their enterprises against cyberattacks.

As the Global Chief Auditor for Technology at Citi, Theresa Grafenstine oversees a staff of approximately 250 technology auditors – all of whom are required to incorporate a standardized testing program that covers basic principles of information security. Grafenstine also manages a team of more than 30 auditors who specialize in cybersecurity and conduct technical cyber reviews of Citi’s systems globally.

Heather Gantt-Evans was recently appointed the Chief Information Security Officer (CISO) at SailPoint. Previously, she was Senior Director of Security Operations and Cyber Resilience at the Home Depot, where she was responsible for leading security engineering, application security, vulnerability management, network security and the security operations center.

Since joining Chipotle in 2019, Dave Estlick has had a significant impact in the company’s cybersecurity posture. Upon starting his new role, he initiated a period of discovery, taking inventory of the brand’s infrastructure. He saw an opportunity to drive significant change across the organization which was equally open to prioritizing security.

Chuck Davis, MSIA, CISSP-ISSAP, is Senior Director of Cybersecurity at Hikvision, a global company with more than 40,000 employees and 59 branch offices and subsidiaries around the world. Based in the U.S., Davis leads the global cybersecurity team and, under his leadership, Hikvision has achieved several cybersecurity milestones to include the establishment of the Source Code Transparency Center at Hikvision USA’s Los Angeles headquarters, where government and law enforcement officials may examine the source code for Hikvision’s cameras and NVRs.

Edna Conway is globally recognized as an innovative and empowering executive who forecasts the future of business and creates clear strategies to get ahead of burgeoning trends. Her expertise and insight span the expanding arena of third-party risk, changing global government cybersecurity demands and consumer privacy expectations.

Jason Albuquerque is Chief Information Officer (CIO) and Chief Security Officer (CSO) at Carousel Industries, Inc. Headquartered in Exeter, R.I., Carousel Industries is a provider of managed services, including cloud, data center and security, as well as communication and network technologies.

When Derrick A. Butts first started his role as Chief Information and Cybersecurity Officer at Truth Initiative, a large non-profit public health organization dedicated to making tobacco use and nicotine addiction a thing of the past, he had an 18-month plan dedicated to increasing cybersecurity confidence, IT members’ skillsets, and overall security posture within the organization while rebranding the IT department as a positive security and technology resource.

There has been no shortage of ransomware reports and data breaches affecting companies from all sectors all over the world, accelerated, in part, during 2020 as the COVID-19 pandemic caused a mass move to remote work and many organizations raced to accommodate the new normal.

Executive protection is a profession that has an extensive history. This tradecraft began back in late B.C. to 312 A.D., with Roman protection groups that guarded emperors.

Unfortunately, diversity is still underrepresented in security. Our profession continues to struggle to attract and/or advance diverse candidates into leadership ranks in numbers that accurately represent a cross section of the working population.

Humor is tricky business in the security world, however. Briefing staff on warning signs of workplace violence, precursors of terrorist attacks, contingency plans for natural disasters, and methods of corporate espionage doesn’t exactly lend themselves to one-liners. Dealing with most security incidents isn’t a laughing matter.

Someone of a cynical persuasion may think it was only a matter of time until ‘outsourcing’ came to the cybercrime business. While this inevitability may be debatable, the early success of the model certainly isn’t.