Top 10: CISOs in the US

If the modern digital economy was already operating in a highly volatile cyberspace, the current geopolitical unrest and the advent of AI has set it ablaze. 

The frequency and sophistication of cyber attacks continue to escalate at an alarming rate, with threat actors deploying advanced ransomware syndicates, exploiting complex supply chain vulnerabilities and weaponising AI to infiltrate corporate networks.

In this relentless threat landscape, the role of the Chief Information Security Officer (CISO) has fundamentally changed.

A modern security leader must seamlessly balance stringent regulatory compliance, proactive risk management and rapid incident response to ensure absolute business resilience.

They are tasked with protecting sensitive consumer data while simultaneously enabling the process of digital transformation, which is naturally a fine balancing act.

Identifying the professionals who master this complex duality provides invaluable insight into the future of corporate defence.

To recognise these luminaries of today's tech industry, Cyber Magazine has compiled a list of the Top 10 Chief Information Security Officers in the US.

10. Jeff Trudeau

Company: Chime
Headquarters: San Francisco, California
Revenue: US$2.2bn

Jeff Trudeau is the first Chief Information Security Officer for the financial technology firm Chime and he has been instrumental in building a robust defence programme from the ground up.

His responsibility is vast, as the digital banking sector is up against relentless attacks from sophisticated threat actors who constantly seek to exploit financial platforms.

Recognising that member protection is paramount, Jeff has engineered security frameworks that prioritise safety without compromising the user experience.

His dual role as Chief Security Officer and Chief Information Officer allows him to integrate defensive protocols directly into the technological pipeline rather than treating them as an afterthought.

This seamless integration ensures that millions of customers can manage their finances with absolute confidence.

Recently inducted into the 2026 CSO Hall of Fame, his strategic foresight and dedication to safeguarding member data have firmly established him as a vanguard in the modern financial technology landscape.

9. Dustin Wilcox

Company: S&P Global
Headquarters: New York, New York
Revenue: US$15.34bn

Operating at the intersection of global financial intelligence and cyber risk requires meticulous oversight and strategic agility, which is something Dustin Wilcox has in spades.

He currently directs the enterprise-wide cybersecurity operation for S&P Global, but he has an extensive background spanning over three decades in information security. His previous posts include serving as the primary security executive for major healthcare organisations.

At S&P Global, the protection of highly sensitive market data and analytical infrastructure is a fundamental business imperative.

To this end, Dustin employs a rigorously analytical approach to risk management that aligns defensive controls with overarching corporate objectives. His methodology focuses heavily on evaluating the financial impact of AI and managing third-party risks through geostrategic sourcing.

By establishing transparent communication channels with executive boards and implementing measurable security metrics, he ensures that the firm remains resilient against emerging geopolitical threats.

His recent induction into the 2026 CSO Hall of Fame validates his exceptional contributions to the discipline.

8. Shaun Khalfan

Company: PayPal
Headquarters: San Jose, California
Revenue: US$33.17bn

Securing the digital assets of one of the most widely used payment networks on the planet demands relentless vigilance.

Shaun Khalfan shoulder this monumental responsibility with pride as the Senior Vice President and Chief Information Security Officer at PayPal.

Leading the charge against complex global cyber syndicates, he drives an aggressive security engineering strategy that enables business partners while locking down customer data and digital payments.

Drawing on more than two decades of high-stakes experience at leading financial institutions and federal agencies, Shaun is known for executing a proactive defence strategy.

He tackles the rapid evolution of AI head-on by transforming novel machine learning threats into strategic defensive advantages for his security teams.

His forward-thinking tactics ensure that frictionless commerce remains perfectly balanced with impenetrable security architectures.

Celebrating his induction into the 2026 CSO Hall of Fame, he continues to set the benchmark for tactical excellence and operational resilience in the financial technology arena.

7. Gary Harbison

Company: Johnson & Johnson
Headquarters: New Brunswick, New Jersey
Revenue: US$94.2bn

In the highly sensitive realm of global healthcare, protecting patient information is just as vital as developing life-saving medical treatments.

For Gary Harbison, overseeing information security and risk management at Johnson & Johnson is a profound responsibility that touches millions of lives.

He has dedicated nearly thirty years to mastering the art of enterprise defence across the public sector and Fortune 500 companies.

Today, his focus extends beyond securing corporate perimeters to actively driving the cybersecurity transformation of diverse medical products and services.

Recognising the critical importance of a modern data governance programme, he works collaboratively to align data strategy seamlessly with strict regulatory requirements and security objectives.

His dedication to the wider community is equally inspiring as he actively mentors cybersecurity start ups and guides university curriculums to prepare the next generation of defenders.

A 2026 CSO Hall of Fame inductee, his legacy is one of unwavering protection and mentorship.

6. Noopur Davis

Company: Comcast
Headquarters: Philadelphia, Pennsylvania
Revenue: US$123.7bn

The convergence of telecommunications infrastructure and product privacy presents a complex operational matrix that requires profound technical expertise.

Noopur Davis navigates this intricate landscape by leading cloud security, privacy operations and technical fraud prevention for Comcast.

Holding advanced degrees in computer science and electrical engineering, her foundation in rigorous academic research informs her corporate methodologies.

Noopur advocates for the fundamental integration of security protocols directly into the product development lifecycle rather than relying on reactive measures.

Furthermore, her research-driven approach addresses systemic vulnerabilities by prioritising basic cyber hygiene across diverse network components to prevent sophisticated attack scenarios.

Beyond her technical remit, she functions as a dedicated advocate for workforce diversity and actively sponsors initiatives to empower women in technology.

Consistently recognised among top global industry analysts, her comprehensive approach seamlessly bridges the gap between theoretical computer science and practical enterprise resilience.

5. Tomás Maldonado

Company: National Football League
Headquarters: New York, New York
Revenue: ~US$23bn

Imagine having to secure the digital infrastructure of the most watched sporting events in the world while the entire globe is tuning in.

That is exactly what Tomás Maldonado does every day as the CISO for the NFL.

Transitioning from the strict regulatory environment of Wall Street investment banks to the dynamic world of sports entertainment, he brings a unique playbook to the table.

He manages the intricate convergence of physical stadium security and digital broadcast telemetry across 32 independent clubs.

You will also find him actively championing the responsible use of AI by establishing cross-functional governance councils to evaluate privacy and algorithmic bias before any new technology hits the gridiron.

Recently honoured in the 2026 CSO Hall of Fame, his leadership proves that keeping the game safe is a massive team effort requiring ultimate precision and forward-thinking strategy.

4. Deneen DeFiore

Company: United Airlines
Headquarters: Chicago, Illinois
Revenue: US$59bn

Commercial aviation demands an absolute zero-tolerance approach to operational disruption.

As Vice President and Chief Information Security Officer at United Airlines, Deneen DeFiore shows exactly why robust cyber resilience is non-negotiable.

In an industry where legacy flight systems and modern cloud networks must coexist flawlessly, she successfully implements rigorous identity segmentation and monitoring controls without introducing operational fragility.

Leaders across all sectors must look to her strategy of wrapping safety-critical infrastructure with modern defensive parameters as a definitive blueprint for securing complex environments.

Deneen understands that the true differentiator in modern cyber warfare is not simply deploying artificial intelligence but governing it effectively to accelerate threat detection and response times.

Serving as a prominent national expert on critical infrastructure, her authoritative crisis command guarantees that millions of passengers remain safe in the skies and their sensitive data stays firmly protected on the ground.

3. Alan Rosa

Company: CVS Health
Headquarters: Woonsocket, Rhode Island
Revenue: US$402bn

​The stewardship of healthcare data represents one of the most critical risk management challenges within the contemporary corporate sector.

Alan Rosa currently oversees this immense responsibility as the Senior Vice President and Chief Information Security Officer for CVS Health.

His broad executive purview encompasses the strategic direction of the enterprise cybersecurity programme, privacy engineering and comprehensive governance frameworks.

Furthermore, his dual mandate includes heading infrastructure and operations to ensure the seamless delivery of digital workplace services and cloud technologies across all business lines.

Under his leadership, a vast network of dedicated colleagues and contractors works diligently to maintain the health and absolute integrity of the organisational security posture.

By implementing stringent risk mitigation strategies and overseeing complex compliance initiatives, he guarantees that the institution maintains unparalleled resilience.

His meticulous approach effectively safeguards the confidential medical and financial records of countless individuals navigating the modern healthcare system.

2. Amy Herzog

Company: Amazon Web Services
Headquarters: Seattle, Washington
Revenue: ~US$142bn

Securing the hyperscale cloud requires unmatched architectural vision. Amy Herzog delivers exactly that as the Vice President and CISO for AWS.

She leads a massive global organisation of security professionals where protecting customer workloads is the ultimate priority.

Before taking the helm at AWS, she successfully fortified Amazon consumer technology offerings and advertising businesses.

Her deep engineering background drives a relentless focus on foundational primitives and automated reasoning to combat emerging threats.

With AI rapidly reshaping the threat landscape, she actively pushes for continuous behavioural analysis over static perimeter defences.

She strongly cautions that identity management and least privilege protocols must operate flawlessly at machine speed to prevent autonomous errors.

By fostering a proactive security culture that starts directly at the executive level, she ensures the world's most ubiquitous cloud platform remains an impenetrable fortress for enterprise innovation.

1. Jerry Geisler

Company: Walmart
Headquarters: Bentonville, Arkansas
Revenue: US$713.16bn

Defending the largest corporate employer on earth is a monumental feat that requires extraordinary foresight and unyielding dedication.

Operating at the absolute apex of the industry, Jerry Geisler serves as the Executive Vice President and Chief Information Security Officer for Walmart.

For decades, he has meticulously guided the retail titan through an immense digital evolution to ensure that cybersecurity keeps pace with rapid technological advancements.

His visionary approach involves re-architecting the entire global security framework to proactively address the era of hyper-automation.

By championing modern identity protocols and deploying an advanced zero trust architecture, he effectively neutralises the unpredictable risks associated with autonomous machine agents.

He views robust security not as a constraint but as a core enabler of secure digital transformation and global business execution. Inducted into the 2024 CSO hall of fame, his legacy stands as a towering testament to unparalleled enterprise resilience and visionary leadership.