Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

CSA CxO Trust

A broad-based initiative to elevate the knowledge of cloud computing and cybersecurity among organizational executive teams and governing bodies.
CSA CxO Trust

Our mission is to help Chief Information Security Officers (CISOs) better understand the priorities of their peers within the C-Suite and to also enable CISOs with tools to communicate business risk, governance, and compliance issues of cloud computing and cybersecurity in the proper context to their peers within the C-Suite and their boards of directors. This initiative will be forward looking and innovative in advancing cloud computing and cybersecurity within the C-Suite. If you're interested in learning more, you can read the press release or email the CSA President, Illena Armstrong, at [email protected].

Latest News for C-Level Executives

The Cybersecurity Tower of Babel Requires Focus on Business Fundamentals: Part 2
The Cybersecurity Tower of Babel Requires Focus on Business Fundamentals: Part 2

July 25, 2024

The Cybersecurity Tower of Babel Requires Focus on Business Fundamentals: Part 1
The Cybersecurity Tower of Babel Requires Focus on Business Fundamentals: Part 1

July 11, 2024

How to Prepare Your Workforce to Secure Your Cloud Infrastructure with Zero Trust
How to Prepare Your Workforce to Secure Your Cloud Infrastructure with Zero Trust

April 24, 2024

CCZT: A Major Milestone on the Zero Trust Journey
CCZT: A Major Milestone on the Zero Trust Journey

CSA CEO Jim Reavis announces...

November 15, 2023

News of Note: Finding Solutions to Cybersecurity Impacts
News of Note: Finding Solutions to Cybersecurity Impacts

CxOs must focus on current...

November 7, 2023

Strategic IoT Security Considerations for CISOs and the C-Suite
Strategic IoT Security Considerations for CISOs and the C-Suite

September 14, 2023

View all announcements

Of organizations in the cloud:

47% are concerned

about their staff lacking cloud expertise.

Over 50% are running

41% or more of their workloads in a public cloud.

41% are unsure

whether they have experienced a cloud-related operational incident in the last 12 months.

Source: State of Cloud Security Concerns | CSA
*This survey was submitted to nearly 1900 IT and security professionals.

Cloud may be the new normal, but numerous organizations:

Are just beginning
their cloud journeys
Have more sophisticated
implementations
Have weaker-than-expected
knowledge of security requirements

Addressing These Challenges

CSA will form a trusted community of CISOs and other C-level stakeholders who will leverage the collective voice of this group to further influence and drive the:

  • Evolution and common understanding of cloud and cloud-driven technologies knowledge;
  • Establishment and advancement of cloud security standards, guidance, research and more;
  • Professional development and continuous education of much-needed cloud experts;
  • Improvements in cloud and cybersecurity services and products;
  • Progression and passage of related and necessary regulations or legislation;
  • Unification of cloud and cybersecurity messaging and knowledge sharing among organizations’ C-suite stakeholders, as well as in the wider industry and beyond.

This group will complement existing CISO and cybersecurity networks. If interested in working with us on ours, which is uniquely positioned given our 12 years as a non-profit helping the industry secure the cloud, please reach out to CSA President Illena Armstrong.

Learn more about CSA CxO Trust.

To gain full access to this group once it’s launched organizations will need to be a CSA Corporate Members. If you're interested in learning more, please email the CSA President, Illena Armstrong, at [email protected].

How to Get Involved

Research Working Group

The CSA CxO Trust Working Group will conduct research consisting of best practices, metrics, surveys, C-level presentations and other tools in support of the overall initiative mission. The working group will be open to professionals and subject-matter experts from both CSA member and non-member organizations. The working group will have its kickoff meeting in Q3 of 2021, interested individuals can informally discuss the issues in our Circle community now.

Along with other projects, this group will regularly update and maintain a document listing the Cloud Priorities for the CxOs. The roadmap of other deliverables for this group will include:

  • Original research publications,
  • Executive summaries of CSA research publications with context for C-Suite readers,
  • Curation of third-party research and data,
  • Joint research with outside groups.

Learn More

Advisory Council

CSA looks to our advisory council to contribute to and advise on the overall strategy and roadmap of this broad-based program’s offerings. In addition to generally advising on the C-Suite Initiative and related offerings, the Council also helps guide our CxO Research Working Group. This council is not only made up of CISOs, but also Chief Information/Chief Technology Officers, Chief Risk Officers, Chief Privacy Officers, Chief Compliance Officers, Chief Operating Officers, Chief Executive Officers and other C-level stakeholders engaged in driving and supporting their organizations’ cloud computing and cloud security programs.

This council is reserved for the participation of C-level executives from our corporate members. If you have any questions you can email the CSA President, Illena Armstrong, at [email protected].

Mike Anderson
Mike Anderson
Chief Digital and Information Officer, Netskope

Mike Anderson

Chief Digital and Information Officer, Netskope

Mike Anderson brings over 20 years of experience to his role as Chief Digital and Information Officer for Netskope, having built and led high-performing teams across a wide range of disciplines, including sales, operations, business development, and information technology. He is considered a thought leader, visionary, and speaker on digital transformation, leadership, and business agility.

Read more

Raj Badhwar
Raj Badhwar
Field Chief Information Security Officer, Oracle

Raj Badhwar

Field Chief Information Security Officer, Oracle

Raj Badhwar has 25+ years of experience within Cybersecurity and IT. He is currently the CISO for Voya Financial and previously held senior Security/IT leadership roles at AIG, BAE Systems, Bank of America, and AOL Time Warner.

Read more

Rolf Becker
Rolf Becker
Co-Founder and Chair at UBS

Rolf Becker

Co-Founder and Chair at UBS

Rolf A. Becker is Head Service Control Governance at UBS, globally responsible for Cloud Governance regarding Risk and Control over the UBS Group Cloud adoption and for outsourcing to external cloud-based 3rd party services. Previous roles have been the management of the Cyber and Information Security Portfolio reporting to the UBS CISO at a global level, and the management of the Client Data Confidentiality Program Unstructured Data Protec...

Read more

Rachel Bierner
Rachel Bierner
Cloud Security Leader, Wells Fargo

Rachel Bierner

Cloud Security Leader, Wells Fargo

Rachel Kim Bierner serves as Cloud Security Leader at Wells Fargo, where she is responsible for the development and delivery of the company’s cloud security strategy and control framework. Prior to joining Wells Fargo, she led various cybersecurity and technology functions over 19 years at Bank of America. Rachel started her career as a consultant with Management implementations for clients around the world.

Read more

Fred Budd
Fred Budd
Vice President, Information Security Engineering, Mastercard

Fred Budd

Vice President, Information Security Engineering, Mastercard

Fred Budd is serving as Vice President, Cloud Security for Mastercard. In this role, he is responsible for the protection of Mastercard’s cloud platforms and driving the evolution of security practices. Fred has over 20 years of diverse experience in security architecture, technology strategy and governance, privacy and compliance, identity management, telecommunications, IT operations, and product innovation. In the past decade, he has foc...

Read more

Alicja Cade
Alicja Cade
Director, Office of the CISO, Financial Services at Google Cloud

Alicja Cade

Director, Office of the CISO, Financial Services at Google Cloud

Alicja Cade, Director, Office of the Chief Information Security Officer (OCISO), Google Cloud, is responsible for shaping cloud security and compliance approaches for financial sector institutions and partnering with GCP clients throughout their security transformation.

Prior to Google Cloud, Alicja was CISO Americas and Global Head of Data Confidentiality Operations at UBS and was CISO for Investment Banking, Group Functions and Amer...

Read more

James Cairns
James Cairns
IT Security Lead, Bow Valley College

James Cairns

IT Security Lead, Bow Valley College

James Cairns loves the evolving challenges of his career in IT Security. He has spent more than 15 years invested in growing his experience as he implements systems and designs solutions to help students and colleagues learn and work more effectively and efficiently. As Security Lead, Bow Valley College, he has been invited to local and national conversations with CANARIE Joint Security Project, CanSSOC, Cybera AB Secure IT, and most recent...

Read more

Peter Campbell
Peter Campbell
Chief Information Security Officer, Cigna

Peter Campbell

Chief Information Security Officer, Cigna

Cloud Security Engineering leader responsible for security engineering and security innovation. Enables new and untried technologies, runs proof of concepts, designs and engineers security configurations and enables the business to leverage new technology safely. Led the creation of Cigna’s security assurance framework which ensures that the security vision is consistently executed. Current research focuses on the domains of sec...

Read more

Jerry Cochran
Jerry Cochran
CISO & Acting CIO, Cybersecurity & Technical Ops Director & RD2C R&D Initiative Leader (NSD), Pacific Northwest National Laboratory (PNNL)

Jerry Cochran

CISO & Acting CIO, Cybersecurity & Technical Ops Director & RD2C R&D Initiative Leader (NSD), Pacific Northwest National Laboratory (PNNL)

A 35-year+ IT industry veteran, Jerry Cochran serves as Pacific Northwest National Laboratory’s Deputy Chief Information Officer (D/CIO) and division director, Cybersecurity & DigitalOps Division in the Computing & IT Directorate. In this role, Jerry oversees enterprise cybersecurity as well as IT engineering, operations, and support. Jerry also leads a 5-year cybersecurity research & development initiative (LDRD) - RD2C for the National S...

Read more

Dave Cullinane
Dave Cullinane
TruSTAR Founder and CSA Chairman

Dave Cullinane

TruSTAR Founder and CSA Chairman

Dave Cullinane is the Founder of TruSTAR Technology. Prior to TruSTAR, Dave served for 5+ years as the Chief Information Security Officer and VP of Global Fraud, Risk and Security for eBay and its many global businesses (StubHub, InternetAuction.co, GSI Commerce). He has more than 30 years of professional security experience building and managing cyber security and incident response teams.

Dave is also the past President and Chair...

Read more

Rick Doten
Rick Doten
VP, Information Security, and Chief Information Security Officer, Healthcare Enterprises, Centene Corporation

Rick Doten

VP, Information Security, and Chief Information Security Officer, Healthcare Enterprises, Centene Corporation

Rick is VP, Information Security at Centene Corporation, and CISO of Carolina Complete Health based in Charlotte, NC. Rick supports both the NC health plan and corporate Centene in a cybersecurity leadership role.

In his prior role, Rick worked as Virtual CISO supporting international companies. Rick also developed the curriculum for a Cybersecurity Master’s degree program for an International University.

Rick is an avid speak...

Read more

Ian Farquhar
Ian Farquhar
Field Chief Technology Officer (Global), Gigamon

Ian Farquhar

Field Chief Technology Officer (Global), Gigamon

Ian Farquhar has worked in information security for over 30 years. Previous employers have included RSA/EMC, Cisco, Sun MicroSystems, Silicon Graphics/Cray Research, and Macquarie University. In his role as Global Field CTO for Gigamon, he is responsible for the tactical and strategic planning around information security, especially in the areas of zero trust architecture, high performance cryptography, and advanced threat detection. He has...

Read more

Stacey Halota
Stacey Halota
Vice President, Information Security and Privacy, Graham Holdings

Stacey Halota

Vice President, Information Security and Privacy, Graham Holdings

Stacey Halota joined Graham Holdings Company (then The Washington Post Company) in 2003, where she leads the development and implementation of information security and privacy programs, including Sarbanes Oxley, privacy law, Payment Card Industry compliance, and other data protection efforts. Ms. Halota has more than 25 years of experience in the information technology, security, and privacy field. She is a Certified Information Systems Sec...

Read more

Ravi Ithal
Ravi Ithal
Chief Technology Officer and Co-Founder, Normalyze

Ravi Ithal

Chief Technology Officer and Co-Founder, Normalyze

Ravi Ithal is the co-founder and CTO of Normalyze. He has an extensive background in enterprise and cloud security. Before Normalyze, Ravi was the co-founder and chief architect of Netskope, a leading provider of cloud-native solutions to businesses for data protection and defense against threats in the cloud. Prior to Netskope, Ravi was one of the founding engineers of Palo Alto Networks (NASDAQ: PANW). Prior to his time at Pal...

Read more

Suyesh Karki
Suyesh Karki
Chief Information Security Officer, Domo

Suyesh Karki

Chief Information Security Officer, Domo

With over 16 years of cybersecurity and risk leadership, strategy, and management experience, Suyesh is responsible for leading Domo’s cloud security, risk, compliance, and security operations. At Domo, Suyesh led Domo through the security and compliance maturity curve, including creating a catalog of security controls, implementing a data classification model, deploying a GRC solution, establishing meaningful security metrics, and creating...

Read more

Anil Karmel
Anil Karmel
CEO, C2 Labs

Anil Karmel

CEO, C2 Labs

Anil Karmel is the Co-Founder and CEO of RegScale, which helps organizations start and stay compliant via the world's first real-time GRC platform. Formerly, Anil served as the National Nuclear Security Administration's (NNSA) Deputy Chief Technology Officer. Karmel began his government career as a Technical Staff Member of Los Alamos National Laboratory (LANL) and was responsible for inventing their cloud and collaboration technologies Kar...

Read more

Ricardo Lafosse
Ricardo Lafosse
Chief Information Security Officer, Kraft Heinz

Ricardo Lafosse

Chief Information Security Officer, Kraft Heinz

Ricardo Lafosse is the Chief Information Security Officer (CISO) for Kraft Heinz. Lafosse is responsible for IT risk governance, OT security, incident management, technical disaster recovery, and determining enterprise-wide security policies and procedures. Lafosse regularly presents on security topics at global conferences, including MirCon, ISACA CACS, and Secure World.

Read more

Adrian Ludwig
Adrian Ludwig
CISO at Atlassian

Adrian Ludwig

CISO at Atlassian

Adrian Ludwig is the Chief Trust Officer at Atlassian. Adrian joined the company in May 2018 and served as the Chief Information Security Officer for three years. Prior to Atlassian, Adrian held a number of security leadership positions at leading technology companies, including building out the security capabilities at Nest, Macromedia, Adobe, and Android (Google). He is also an active cybersecurity advisor and angel investor. As a self-de...

Read more

Ami Luttwak
Ami Luttwak
Chief Technology Officer, Head of Wiz Research, & Co-Founder

Ami Luttwak

Chief Technology Officer, Head of Wiz Research, & Co-Founder

Ami Luttwak is Chief Technology Officer and co-founder of Wiz, where he leads the world-renowned Wiz Research team. This team is responsible for identifying some of the year’s biggest novel cloud vulnerabilities, including the OMIGOD, Chaos DB, and Amazon and Google DNS-as-a-Service vulnerabilities.

Previously, Ami was the CTO of Adallom, a leading Cloud Access Security Broker (CASB), prior to its acquisition by Microsoft i...

Read more

Kavitha Mariappan
Kavitha Mariappan
EVP, Customer Experience and Transformation, Zscaler

Kavitha Mariappan

EVP, Customer Experience and Transformation, Zscaler

Kavitha Mariappan is a seasoned go-to-market executive with a penchant for rapidly translating technology into customer-centric value, mobilizing global teams and operations, and transforming them into high-growth businesses. Over her 20+ year tenure spanning enterprise software and service provider, she has held various high-impact roles spanning marketing, product management, and engineering at industry-leading companies, including Databr...

Read more

Paul Martini
Paul Martini
CEO, iBoss

Paul Martini

CEO, iBoss

Paul Martini holds over 230 patents in cloud cybersecurity and is a trusted expert on Zero Trust, a modern cybersecurity architecture designed to prevent ransomware, breaches and data loss by making all applications private. Paul has been recognized for his leadership and innovation, receiving the Ernst and Young Entrepreneur of the Year award and being named one of Goldman Sachs' 100 Most Intriguing Entrepreneurs. Paul has also been publis...

Read more

Todd Moore
Todd Moore
Global Vice President of Data Encryption Products, Thales

Todd Moore

Global Vice President of Data Encryption Products, Thales

Todd Moore is the Global Vice President of Data Encryption Products at Thales. He is responsible for setting the business line and go to market strategies for an industry leading cybersecurity business. He routinely helps enterprises build solutions for a wide range of complex data security problems and use cases. Todd holds several management and technical degrees from the University of Virginia, Rochester Institute of Technology, Cornell ...

Read more

Oliver Newbury
Oliver Newbury
Chief Information Security Officer, Barclays

Oliver Newbury

Chief Information Security Officer, Barclays

As the Global CISO for Barclays, I am responsible for establishing and maintaining the enterprise vision, strategy, program and operations to ensure information assets and technologies are adequately protected across Barclays Group. Additionally as the deputy CSO, I support continuous development of an integrated approach to effectively manage a wide range of risks facing the bank.
My vision is to ensure Barclays has a truly world class ...

Read more

John Noltensmeyer
John Noltensmeyer
Chief Technology Officer, TokenEx

John Noltensmeyer

Chief Technology Officer, TokenEx

John is a privacy and data security professional with over 20 years of experience in information technology. At TokenEx, a cloud-based data security platform, John has responsibility for helping a global client base meet their data protection and compliance obligations, while optimizing business processes.

Prior to joining TokenEx, John’s career spanned both the financial services sector and federal government. While at BAE Systems, h...

Read more

Gerald Parham
Gerald Parham
Global Research Leader, Security & CIO, IBM

Gerald Parham

Global Research Leader, Security & CIO, IBM

Gerald leads the Security and CIO research portfolios within the IBM Institute for Business Value. He advises senior executives and board members on security strategy and cyber value chains, in particular the relationship between strategy, risk, security operations, identity, privacy, and trust. Over the past year, Gerald has authored original research papers on cloud security, cyber risk, business resilience, and zero trust. He has more th...

Read more

Vinay Patel
Vinay Patel
Chief Information Security Officer, Zendesk

Vinay Patel

Chief Information Security Officer, Zendesk

As Finastra’s CISO, Vinay is responsible for establishing an intelligence-led, threat-focused information security program capable of detecting and protecting against emerging cyberattacks targeting Finastra and/or its clients.

Read more

Mindy Player
Mindy Player
Director, Public Cloud Security, Lloyds Banking

Mindy Player

Director, Public Cloud Security, Lloyds Banking

Mindy Player is the Director of Cloud Security for Lloyds Banking Group. She has 32 years of work experience, with the last 20 being in cybersecurity. Mindy has led teams accountable for various security disciplines ranging from Identity and Access Management, Investigations and Threat and Vulnerability Management to Security Engineering and Design. More recently, Mindy has been operating in cloud security in the Private Cloud, Adopted Publ...

Read more

Janice Reese
Janice Reese
CEO, Network PDF Cloud

Janice Reese

CEO, Network PDF Cloud

Network PDF Cloud Solutions - CEO

Global Marketing Technologist, Healthcare Leader, Advisor, Board Member, BPM+ Health Ambassador, WiCyS TN affiliate V.P. - Nashville Beach Co-Founder

Janice Reese has more than 25 years of technology leadership experience with a specific emphasis on the intersection of information security and business. Janice brings her unique consulting expertise to connect digital transformation to business ...

Read more

Dr. Gordon W Romney
Dr. Gordon W Romney
CISO and HIPAA Security Officer, eVisit Inc.

Dr. Gordon W Romney

CISO and HIPAA Security Officer, eVisit Inc.

Dr. Gordon W. Romney, CISO and HIPAA Security Officer at eVisit Inc., is a computer scientist and Certified Ethical Hacker who helped establish the San Diego region as the Cyber Harbor of the world. eVisit was designated the Forrester Wave 2021 Solo Leader in Virtual Care. His passion is simplifying processes. He joined eVisit following his tenure as Professor and Director of the Center for CyberSecurity Engineering and Technolo...

Read more

Marisa Ruffolo
Marisa Ruffolo
Cybersecurity R&D Specialist, Chevron

Marisa Ruffolo

Cybersecurity R&D Specialist, Chevron

Marisa Ruffolo is a Cybersecurity R&D Specialist and Distinguished Engineer at Chevron. She is responsible for researching and evaluating advanced technologies to implement Chevron’s cybersecurity guardrails. Prior to joining Chevron, Marisa worked as a systems engineer for national security research programs at Sandia National Laboratories and a technology architect at Accenture.

Read more

Bernard Tan
Bernard Tan
Director for Government Cybersecurity Consulting, GovTech

Bernard Tan

Director for Government Cybersecurity Consulting, GovTech

Bernard is a Director in GovTech leading the GovTech Cybersecurity consultancy team to provide risk based consultancy services to architect the cybersecurity of Nationwide and Governmentwide strategic projects.

Through his 16 years in the public sector, he has undertaken various cybersecurity roles and projects in areas of Homeland security. He held key roles such as Chief Information Security Officer (CISO) and Head of Information se...

Read more

Neil Thacker
Neil Thacker
EMEA CISO, Netskope

Neil Thacker

EMEA CISO, Netskope

Neil Thacker is EMEA CISO for Netskope. He holds over 20 years of experience in the information security industry with previous roles at Swiss Re, Deutsche Bank and Camelot Group. He is co-founder and board member to the Security Advisor Alliance (SAA), with the goal to advocate, mentor and support the next generation of cybersecurity professionals. He is also advisory board member to NeuroCyber, a working group to support neurodiversity in...

Read more

Brad Thies
Brad Thies
Founder and President at BARR Advisory

Brad Thies

Founder and President at BARR Advisory

As Founder and President of BARR Advisory, Brad Thies leads all aspects of the organization’s global client service delivery and security assessment services including SOC, ISO, PCI, NIST, HITRUST and HIPAA examinations, and cybersecurity consulting services. Under Brad’s leadership, BARR has become one of the most sought-after third-party assessors and consulting providers in the cloud computing space—serving high-growth startups to Fortun...

Read more

Joe Zacharias
Joe Zacharias
Deputy CISO, Caterpillar

Joe Zacharias

Deputy CISO, Caterpillar

Joe Zacharias is the Deputy CISO for Cybersecurity Risk Management at Caterpillar in Peoria, IL. He began his career at Caterpillar in 2012 as an Incident Response Manager working in the CSIRT within Enterprise Security, leading large-scale advanced threat response, containment, and remediation activities. His principal areas of security leadership practice currently include Caterpillar Connected Asset Security (IoT) for Caterpillar equipme...

Read more

Erkang Zheng
Erkang Zheng
CEO, JupiterOne

Erkang Zheng

CEO, JupiterOne

I envision a world where decisions are made on facts, not fear; teams are fulfilled, not frustrated; breaches are improbable, not inevitable. Security is a basic right. I am a cybersecurity practitioner and founder with 20+ years across IAM, pen testing, IR, data, app, and cloud security. An engineer by trade, an entrepreneur at heart, I am passionate about technology and solving real-world challenges. Former CISO, security leader at IBM an...

Read more

Related Resources

Event Recordings

Watch recordings from interviews with CISOs and c-level execs as they share their experience securing the cloud.

Watch Recording

Resources

Access the content created by the CxO Working Group and CSA, from papers to blogs, to videos and more.

View Resources