Each year, Security magazine honors top cybersecurity executives who are positively impacting the security industry, their enterprise, their colleagues and their peers. In this annual report, learn how these cybersecurity leaders climbed the ranks to provide an overall positive impact that their security projects, programs or departments have on their shareholders, organizations, colleagues and the general public. Nominated by their colleagues and associates, these top cybersecurity executives are changing the cybersecurity landscape for the better.
Security magazine is pleased to present our inaugural Top Cybersecurity Leaders for 2021. Security partnered with (ISC)², the world’s leading cybersecurity professional organization, to find enterprise information security executives who have made and continue to make significant contributions in the cybersecurity space to their organizations and the security profession. They were nominated by their colleagues and associates, and were chosen based upon their leadership qualities and the overall positive impact that their cybersecurity projects, programs or departments have had on their shareholders, organizations, colleagues and the general public.
While Ira Winkler’s tenure as CISO within Skyline Tech Solutions has been short, he has made a significant impact. In October 2020, he took over a security department that lacked leadership, as it grew organically out of a successful network and IT services operations.
Spencer Wilcox first started his career in cybersecurity while in law enforcement in the Commonwealth of Virginia. With training in computer forensics and cyber investigations from the Federal Bureau of Investigation (FBI), Wilcox transitioned to the energy industry at Constellation Energy as a DFIR (Digital Forensics and Incident Response) investigator and has held positions in cyber and physical security leadership ever since.
As Director of Information Security responsible for cybersecurity strategy, engagement and architecture at Starbucks, Shawn Harris leads a team of 10 security professionals comprised of principal level architects, security program and management professionals.
As the Global Chief Auditor for Technology at Citi, Theresa Grafenstine oversees a staff of approximately 250 technology auditors – all of whom are required to incorporate a standardized testing program that covers basic principles of information security. Grafenstine also manages a team of more than 30 auditors who specialize in cybersecurity and conduct technical cyber reviews of Citi’s systems globally.
Heather Gantt-Evans was recently appointed the Chief Information Security Officer (CISO) at SailPoint. Previously, she was Senior Director of Security Operations and Cyber Resilience at the Home Depot, where she was responsible for leading security engineering, application security, vulnerability management, network security and the security operations center.
Since joining Chipotle in 2019, Dave Estlick has had a significant impact in the company’s cybersecurity posture. Upon starting his new role, he initiated a period of discovery, taking inventory of the brand’s infrastructure. He saw an opportunity to drive significant change across the organization which was equally open to prioritizing security.
Chuck Davis, MSIA, CISSP-ISSAP, is Senior Director of Cybersecurity at Hikvision, a global company with more than 40,000 employees and 59 branch offices and subsidiaries around the world. Based in the U.S., Davis leads the global cybersecurity team and, under his leadership, Hikvision has achieved several cybersecurity milestones to include the establishment of the Source Code Transparency Center at Hikvision USA’s Los Angeles headquarters, where government and law enforcement officials may examine the source code for Hikvision’s cameras and NVRs.
Edna Conway is globally recognized as an innovative and empowering executive who forecasts the future of business and creates clear strategies to get ahead of burgeoning trends. Her expertise and insight span the expanding arena of third-party risk, changing global government cybersecurity demands and consumer privacy expectations.