Cyber Security Hub‘s top 20 movers and shakers for 2022 profiles leading cyber security professionals from around the world who have worked to innovate within the cyber security space, or have tackled and mitigated cyber security challenges over the past 12 months.
Nominations were open from July to August 2022, allowing cyber security practitioners to share their success stories for consideration.
The team here at Cyber Security Hub compiled our final line up of 20 leaders who have made an impact after assessing all applications and conducting additional research. The 2022 list features leaders from across a range of industries, who have worked to overcome challenges in the cyber security space.
However, there are many more cyber security leaders who have not been featured on this list, which is why the ‘top 20 cyber security movers and shakers’ will return in mid-2023.
For now, on behalf of the entire team here at Cyber Security Hub, thank you to everybody who took the time to submit a nomination and congratulations to all who made this year’s final list.
Sarah Armstrong-Smith, Chief Security Advisor, EMEA at Microsoft
Sarah Armstrong-Smith has been in the IT space for more than 20 years and has worked in a range of areas including data protection and privacy, cyber security and disaster recovery.
In her current role she helps EMEA-based customers and partners enhance and evolve their digital strategies. She is also a non-executive director and independent board advisor, which allows her to share her technology insight and experience with SMEs.
Armstrong-Smith frequently speaks publicly on the human aspects of cyber security and how humans are crucial for executing and upkeeping cyber security. She has a focus on why breaking down silos between departments and being resilient as a whole business in the face of disruption and adverse environments is key to staying ahead of the competition.
Armstrong-Smith has won a number of awards including being named one of the ‘most influential women in UK tech’ in 2021 and 2022 by Computerweekly and one of the ‘top 30 female cybersecurity leaders’ by SC Media.
James Johnson, CISO at John Deere
James Johnson has deployed tactics in his workplace at John Deere to overcome industry challenges including the growing attack surface, technology debt and complexity.
To overcome these challenges, Johnson aligned with industry standards, especially in foundational processes and services like identity management, operations and monitoring, and vulnerability management. He also encouraged investment into employees’ training and development to help them intelligently operate security tools and technology.
His actions allowed employees at John Deere to become proficient in policies and guidelines to understand how to handle data and report issues when needed. Additionally, the environment created, along with insight from HR, allowed employees to operate within a safe and inclusive environment.
Fareedah Shaheed, CEO and founder, Sekuva
Fareedah Shaheed has based her cyber security career around internet safety and protecting children online. She launched Shekuva, a cyber security start-up that supports children as they develop their online and technological skills, while enabling their parents to protect them online.
As a Forbes 30 Under 30 honoree, Shaheed currently serves on the Forbes board for the Under 30 community. Additionally, she has a demonstrated history of mentorship and frequently shares key insights to help parents gain an understanding of cyber security. Shaheed also runs cyber security workshops to help communities better understand online safety.
Amar Singh, CEO and interim CISO, trusted privacy and risk advisor for banks, CPNI, media, police and CERTS at Cyber Management Alliance Limited
Amar Singh is a UK-government certified cyber security trainer and the creator of the UK government’s National Cyber Security Council (NCSC)-certified Cyber Incident Planning and Response (CIPR) course.
Singh is a trusted advisor to a number of institutions including financial services such as banks and insurances, as well as public sector organizations such as the police and the UK’s National Health Service.
Additionally, he shares his insight and experience through mentoring CISOs, as well as guest lecturing at universities and hosting presentations to those in the cyber security industry. His insights have been featured by the BBC, The Financial Times and The Economist’s Intelligence Unit.
Trisha Ventura, CISO – head of cybersecurity, governance, risk and compliance at Coca-Cola beverages, Philippines
Trisha Ventura has been recognized as one of the Top 30 Women in Security in ASEAN 2021 and one of the Top 10 Women in Security, Philippines 2020 by Issuu.
She is a certified Insider Threat Program Manager (ITPM) with expertise on enterprise-wide infrastructure/IT security, cybersecurity, cloud security, security operations, insider threat, proactive threat and intelligence gathering, compliance on information security and data privacy policies, standards, procedures and incident management processes.
Ventura shares her insight and expertise with the cyber security community by appearing and speaking at numerous industry events.
Sharon Barber, CIO of group services and security at Lloyds Banking Group
Sharon Barber has worked in the cyber security field for 10 years and currently holds a position protecting the financial services industry from cyber-attacks. Barber has expertise in a number of areas of threat defense including supply chain compromise, malware and ransomware.
Additionally, Barber was appointed as co-chair of the UK National Cyber Advisory Board (NCAB) in May 2022. In this position, she helps bring perspective, insight and expertise to discussions about cyber security in addition to helping the UK government deliver on its cyber commitments made both in the public sector and within government.
Marlon Sorongon, CISO at Maybank
Marlon Sorogon uses his 20-plus years of experience in the cyber security industry to share key learnings at various industry events and has been named as a Top 100 Global CISO in 2021 by Menlo Security.
He has led and implemented numerous cyber security projects and information security programs for example adopting cloud services at Maybank with the Philippine’s regulatory framework and compliance in mind. He also has an extensive background in network and server security, IT governance, information security management and audit and risk.
Currently, he holds the position of CISO at both Maybank Philippines and Maybank New York, where he works to protect these financial institutions from cyberattacks. In his free time, he is a cyber security advocate and works to educate and mentor future cyber security leaders.
Liz Banbury, CISO at Hiscox
As president of the London Chapter of the International Information System Security Certification Consortium (known as (ISC)²), Liz Banbury’s goal is to share knowledge within the information and cyber security community, allowing trends and opportunities to be openly discussed, effectively driving forward inclusion and innovation within the sector.
Banbury, who has been working in cyber security and technology for financial services for more than 17 years, also has an interest in the human side of cyber security and the impact that peoples’ behavior can have on security holistically.
She has also been named as one of the Top 100 CISOs in 2022 by Menlo Security.
Pooja Shimpi, VP information security officer at Citi Bank
An overall shortage of cybersecurity skills in the financial services industry led Pooja Shimpi to form the Global Mentorship for Cybersecurity program.
Forty people from across the globe participated in the program, meaning 20 individuals were able to benefit from the experience and insight of 20 experienced cyber security mentors.
Shimpi was the main coordinator for the program, which overall helped several individuals obtain roles within the cybersecurity field and allowed others to experience growth within their cyber security career.
Dan Krueger, director of IT, infrastructure and cybersecurity at Blick Art Materials
At Blick Art Materials, Dan Krueger built a small team featuring a cybersecurity technical lead and two analysts to tackle cloud security and on-premises vulnerability management.
Led by Krueger, the team reduced the company’s overall risk score for Azure and AWS by 80 percent, in addition to remediating 95 percent of its critical and server exploitable vulnerabilities with 45- and 60-day service-level agreement (SLA).
The team also created monthly cybersecurity dashboards that demonstrated a 33 percent improvement in reduction of total threats and 40 percent reduction in critical and high alerts within the company’s attack surface.
Ann Mennens, Cyber Aware program manager at the European Commission
Ann Mennens manages the European Commission’s Cyber Aware Program which aims to raise the cyber awareness of the Commission’s staff, highlighting their role in contributing to the safeguarding of the Commission’s assets and systems, while promoting a safe online experience.
Mennes is also in charge of training and communication on cyber security as manager of the network of Local Informatics Security Officers (LISO) in the Commission. She leads the Interinstitutional Task Force on Cyber Awareness raising of the Cybersecurity Subgroup of the Interinstitutional Committee on Digital Transformation, encompassing all EU Institutions, Bodies and Agencies.
She has also been certified as a trainer for Cyber Security Awareness and Culture Manager by the Belgian Cyber Security Coalition. By doing this, Mennes is able to help those from any industry to reskill in cyber security, which she believes is important in increasing diversity and inclusion within the industry.
Fal Ghancha, CISO at DSP Investments
Fal Ghancha overcame a series of challenges in his role as CISO at DSP Investments to provide the company with a 360-degree view that could identify and mitigate upcoming risks and attacks, in addition to 24/7 incident monitoring and response.
The company’s cyber defense center introduced an in-house cyber ‘war room’ allowing Ghancha and his team access to real-time dashboards which displayed critical and actionable metrics. These allowed his team to introduce targeted and effective awareness, which in turn allowed them to increase the volume of security issues and queries closed.
The team Ghancha built was subsequently able to define the process for managing cyber security concerns seamlessly and quickly by collaborating with the company’s technology team.
Soren Olsen, information security manager at Maersk Drilling A/S
Soren Olson has worked in cyber security for 14 years and is currently responsible for information and cyber security across Maersk Drilling. He and his team work to protect both IT and operational technology, focusing on risk management and compliance.
Olsen has been made an Information Systems Audit and Control Association (ISACA) Certified Information Security Manager (CISM) as of May 2022 and an International Society of Automation (ISA) ISA/IEC 62443 Cybersecurity Expert as of August 2022.
Olsen also shares his insight and experience of working in cyber security for the oil and gas industry by speaking at various industry events.
Munish Gupta, president and cyber advisory head at Inspira Enterprise
Before being appointed preseident and cyber advisory head at Inspira Enterprise, Munish Gupta worked as global practice head for enterprise security architecture, cyber resilience and cloud security advisory at Wipro until August 2022.
At Wipro, Gupta faced a challenge in retaining and attracting talent within the cyber security space.
To combat this challenge, Gupta developed a recruitment plan and future growth plan for attracting talent by demonstrating the maturity of the cyber security team at Wipro. By working closely with the recruitment and talent acquisition teams, his team was able to control the rejection rate and improve the conversion rate, reducing the hiring lifecycle and keeping candidates engaged.
Gupta has also introduced a program to cross-skill staff within the cyber security space to navigate the challenges of finding qualified cyber security professionals.
As a result of Gupta’s plan, Wipro was able to navigate the challenge of cyber security skill demand and attract available talent.
Lynn Dhom, executive director at Women in Cybersecurity
As executive director of Women in Cybersecurity (WICyS), Lynn Dhom’s main focus is in supporting the recruitment, retention and advancement of women in cyber security.
To do this, Dhom encourages organizations to engage in gender-neutral resume assessment and hire ‘outside of the box’. She encourages companies to pay attention to who they are hiring and employing and be conscious of their hiring actions.
Dhom also sits on the international judging panel for the IFSEC global Top Influencers and Fire, the advisory board for Women in Cybersecurity – Beyond Borders and is an inaugural member of the International Information System Security Certification Consortium ((ISC)²) Diversity, Equity and Inclusion Task Force.
Manish Madan Mohan, head information security officer at BondEvalue
Manish Madan Mohan came from a legacy infrastructure background and was faced with the challenge of establishing an information security program at BondEvalue.
Mohan adopted a cloud-only policy, implementing a cloud-based IDAM tool, a cloud-based endpoint management tool and a SASE-based DLP protection solution. For its cloud infrastructure, his team implemented a Cloud Security Posture Management tool along with threat detection and SOC capability.
This led the company to effectively manage all endpoints and cloud infrastructure, while remaining a truly on-cloud organization. Mohan effectively managed risk by selecting trustworthy third-party vendors by using a service-level agreement in addition to cyber insurance to ensure protection in the instance of a third-party breach.
Ash Hunt, group head of information security at Sanne Group
Ash Hunt developed and published the UK’s first quantitative framework and actuarial model for information risk. He has also advised on information security and quantitative information risk analysis to FTSE organizations and international governments.
He is an advocate for using analytics and forecasting as key defense mechanisms against the impact of cyber-attack ripple effects that can be triggered by external parties working with organizations.
As these effects are forcing organizations to completely re-engineer perceptions around having a stake in external parties’ security postures, Hunt has introduced a more analytical approach that includes forecasting and exploring where an organization’s greatest vulnerabilities may be.
Robin Smith, head of cyber and information security at Aston Martin Lagonda
Robin Smith is a CISO and expert policy analyst focused on the future of cyber-crime. He has worked within a range of sectors including the nuclear and automotive industries, as well as within UK law enforcement.
Smith has been developing a positive design cyber approach to streamline the onboarding of third parties at Aston Martin. This approach is applicable across all industries and the cyber threat intelligence management (CTIM) model can be used to understand risk intelligence within an organization’s supply chain.
With CTIM, Smith aims to give organizations a better chance of being able to profile their issues, allocate their resources and be more agile in their responses rather than simply being reactive to cyber incidents.
Gaurav Miglani, lead cyber security analyst (director) at Visa
Gaurav Miglani is a seasoned cybersecurity professional and director in Visa with decade of experience in IAM and PAM domains.
He as a specialist and product manager has led multiple large projects to transform SSH/Crypto Key Management, Password Management and Kerberos and Keytab Management in VISA on a global scale.
He has also led multiple merger and acquisition integrations efforts to improve overall IAM security posture of multiple acquisitions of VISA in APAC and EMEA regions.
Eric Vétillard, lead certification expert at European Union Agency for Cybersecurity (ENISA)
Eric Vétillard is a security expert and leader, with a focus on high-security embedded products and the Internet of Things (IoT) and systems.
Currently, he is working with all ENISA stakeholders to define new security certification schemes in the context of the European Cybersecurity Act. Previously, he has helped develop new certification schemes in addition to helping evaluate and develop secure products, security policies and automated policy enforcement tools.
Vétillard has also led technical teams, and been involved in collaborative research, standardization activities and technical communication.