ISA Board

Meet the Internet Security Alliance Board of Directors

ISA sponsors represent some of the largest companies in the world. They’re primarily chief information security officers of Fortune 100 firms, executives whose day job is one the front lines of cybersecurity. Their insight and vision underpin everything the ISA does.

The board meets four times a year, twice via conference call and twice in Washington, DC, where we have a packed agenda with members of Congress and U.S. Government leaders. In the Washington meetings, we engage in a Salon Dinner during which our members have the opportunity to dine with leaders in the D.C. cybersecurity scene—members of Congress, senior governmental officials, journalists and others.

Michael Higgins

Vice President and Chief Information Security Officer

L3 Harris

Michael Higgins

Vice President and Chief Information Security Officer

Michael Higgins is the Vice President and Chief Information Security Officer (CISO) for L3Harris Technologies. In this role, he is responsible for enterprise-wide cybersecurity, which involves establishing and managing IT security architecture, the L3Harris Security Operations Center, promoting best practices in support of securing L3Harris assets across the supply base, and directing risk mitigation actions andcompliance initiatives. Collaborating extensively with business allies, various functional organizatoins, and industry cybersecurity experts, Higgins is dedicated to identifying and neutralizing potential cyber threats that could impact the organization's systems and networks. His focus is on preserving the company's proprietary information while ensuring optimal IT service, with superior performance and efficiency. In over 25 years with L3Harris, Higgins has held positions of increasing responsibility. Most recently, he was Director of Communications Assurance for Harris IT Services, where he was responsible for delivering secure network and telecommunications services to internal and external customers. Michael Higgins Vice President and Chief Information Security Officer Previously, he served as the Chief Systems Engineer for the FAA Telecommunications Infrastructure Program (FTI), and prior to that as the IS Manager of Network Engineering at Harris corporate headquarters. Higgins is a member of the Internet Security Alliance, NSA Enduring Security Framework (ESF), RSA Executive Action Forum, AIA Cyber Security Committee, Bain Capital Ventures Advisory Committee, National Defense ISAC (NDISAC) and the Defense Industrial Base Sector Coordinating Council (DIB SCC). Higgins holds a Bachelor of Engineering degree in electrical engineering from SUNY–Stony Brook University, in addition to numerous certifications in the areas of engineering, cybersecurity, telecommunications and IT service management.

Kris Lovejoy

Global Practice Leader

Kyndryl

Kris Lovejoy

Global Practice Leader

Kris Lovejoy, an internationally recognized leader in the field of cybersecurity and privacy, is the Kyndryl Global Practice Leader for Security and Resiliency. Kris comes to Kyndryl from EY, one of the world’s leading professional services organizations, where she was the global consulting cybersecurity leader and responsible for the organization’s multi-billion-dollar security practice. Prior, she was the founder and CEO of BluVector Inc., an AI-powered sense and respond platform that was acquired by Comcast in 2019. Kris was also general manager of IBM’s Security Services division, where she led teams that built end-to-end security programs for IBM’s global clients. She also served as co-chair of IBM’s Women’s Diversity Committee. Kris holds U.S. and EU patents in areas around Risk Management; named one of "The 10 Most Iconic Leaders in Enterprise Security, 2022" by CIOLook, received the Change-Maker Award by The Cyber Guild, and the Cyber Express named Kris #4 on “The Top 10 Guardians of Cyberspace for 2022”. Prior, Kris was named the Consulting Report’s “Top Consulting Leader” for 2021, Consulting Magazine’s “Top Woman Technology Leader” in 2020; and has served as a member of the World Economic Forum’s cybersecurity committee.

Brad Maiorino

Corporate Vice President and Chief Information Security Officer

RTX

Brad Maiorino

Corporate Vice President and Chief Information Security Officer

Brad is responsible for all aspects of global information security and technology risk for RTX. He has 25+ years of experience building and leading cyber and risk management teams across global organizations. Previously, he was EVP and Chief Strategy Officer at FireEye; CISO at General Electric, General Motors, Target, and Thomson Reuters; and EVP at Booz Allen Hamilton. Brad serves on the board of NETGEAR (NTGR); he is a member of the audit committee and chair of the cyber risk committee.

Patrick Hynes

Principal, Consulting Cybersecurity

Patrick Hynes

Principal, Consulting Cybersecurity

Patrick Hynes is a Principal in the Consulting Services practice of Ernst & Young LLP. Patrick is Ernst & Young’s Cyber leader for the west region of the US and is the national Cyber lead for assurance and attest shadow incident response. Patrick’s team is dedicated to providing PCI, attack and penetration, incident response and threat detection and response services for EY clients. In his role Patrick is responsible for scoping and delivery of Cyber services. With more than 25 years of information security and forensic investigation experience, Patrick is a frequent speaker to boards and at industry and professional conferences and events and is widely consulted and quoted in media (Orange County Register, Chicago Tribune, Chicago Sun-Times, Irish Times, NPR, etc.). He has been integral in the development of EY’s cyber shadow methodology and has supported over 100 EY audit teams and audit clients in mapping the impact of cyber incidents to financial systems and overall control environments. Patrick also helped co-develop and teach EY’s popular “eXtreme Hacking – Defending your Site” class and was a contributing author to the joint EY / ISACA book “Responding to Targeted Cyberattacks”. Patrick is a member of the University of Southern California Information Technology Program Advisory Board and holds memberships in the High Technology Crime Investigation Association, Information Systems Security Association, Association of Certified Fraud Examiners and Information Systems Audit and Control Association.

Mike Woods

VP, Cyber Security

GE Vernova

Mike Woods

VP, Cyber Security

Mike Woods is a results-oriented leader in cybersecurity with two decades of experience, adept at harmonizing cybersecurity with business objectives through clear and risk-centric strategies. His extensive expertise encompasses regulatory compliance, incident response, vulnerability management, cloud security, network security, application security, and data security. As the Vice President of Cybersecurity at GE Vernova, Mike oversees cyber strategy, transition management, Cyber M&A, and the implementation of a Lean operating model for cybersecurity, while also fulfilling the role of CISO Chief of Staff. In his capacity as an Advisory Board Member for the Internet Security Alliance, Michael contributed to the development of the Ransomware Toolkit, featured in the 2023 National Association of Corporate Directors (NACD) cyber-risk handbook. Before his current position, he held multiple senior leadership roles at GE, including Executive & Corporate Functions CISO. His career also includes significant contributions to large-scale U.S. government and Department of Defense initiatives with prominent organizations like Northrop Grumman and Lockheed Martin. Outside of work, he enjoys quality time with his family and traveling.

Tim McKnight

Chief Security Officer

UnitedHealth Group

Tim McKnight

Chief Security Officer

Tim McKnight is the Chief Security Officer (CSO) for UnitedHealth Group where he overseas security policy, corporate security operations, cyber defense, cyber security engineering, information security, enterprise resilience, and supports the organization in driving a security first culture. Tim joins UHG from SYN Ventures, where he led a dedicated cyber seed fund. Tim brings over 30 years of experience as a security professional and business executive in both the public and private sectors. Prior to SYN Ventures, Tim was the EVP and Chief Security Officer at SAP. He also held positions as CISO at Thomson Reuters, Chief Information & Product Security Officer at General Electric, and Executive Vice President for Information Security and Technology Risk at Fidelity Investments. In addition, he has held senior IT security leadership roles at Northrop Grumman and Cisco Systems. Tim’s career began at the Federal Bureau of Investigation (FBI), where he was a lead special agent at the National Infrastructure Protection Center, specializing in high-tech crimes, corporate espionage, foreign counterintelligence, and telecommunications fraud. In addition to his professional roles, Tim has served as Chairman of the Internet Security Alliance and has taught digital forensics as an adjunct professor at Georgetown University. He served on the Board of Security Advisors for Google Cloud, Amazon Web Services (AWS), and Tenable. Tim currently sits on the NSA’s Cybersecurity Advisory Board.

Jon Brickey

Senior Vice President, Cybersecurity Evangelist

Mastercard Technology

Jon Brickey

Senior Vice President, Cybersecurity Evangelist

Dr. Jon Brickey is Senior Vice President, Cybersecurity Evangelist, for Mastercard Technology. In this role, he leads the development of cybersecurity strategy, research, innovation, outreach, education & awareness, and technology scouting. Jon supports Corporate Security’s mission of delivering safety and security at the speed of business. He also serves as a Board Member for the Internet Security Alliance. Before joining Mastercard, Dr. Brickey served in the Army on active duty for over 26 years and retired as a Colonel, holding a variety of leadership and technical roles in information systems management and cyberspace operations. In his last position, he served as the Army Cyber Institute Partner Relations Director for the National Capital Region. Previously, Jon held leadership positions in Cyber-related programs at the National Security Agency, U.S. Cyber Command, Army Cyber Command, U.S. Northern Command, and the U.S. Military Academy at West Point. Dr. Brickey earned his bachelor’s degree in Political Science from the United States Military Academy at West Point, a master’s degree in Science in Information Technology Management from the Naval Postgraduate School, and a Ph.D. in Computer Science and Information Systems from the University of Colorado Denver. He also holds several industry certifications, including the CISSP, and is a graduate of the Washington University in St. Louis Executive Cybersecurity Leadership Program.

Deneen Defiore

Vice President & Chief Information Security Officer

United Airlines

Deneen Defiore

Vice President & Chief Information Security Officer

Deneen is an accomplished technology and risk management executive with experience across multiple critical infrastructure sectors. She has expertise in advising global companies and their most senior executives on technology, cybersecurity, compliance, and digital risk decisions related to products, services, and operations. Deneen currently serves as Vice President and Chief Information Security Officer at United Airlines. She is responsible for leading the cybersecurity and digital risk organization to ensure the company is prepared to prevent, detect, and respond to evolving cyber threats. She leads initiatives on commercial aviation cyber safety risk, improving cyber resilience, and represents United working with international partners to reduce cyber safety risk worldwide across the aviation ecosystem. Deneen is on the board of both the Internet Security Alliance and the Aviation Information Sharing Analysis Center, and a member of the Airlines for America (A4A) Cybersecurity Committee. She serves as an independent director on the board of directors at Blackbaud software and is the Chairperson the Risk Committee. In 2022, she was appointed to serve on the President’s National Infrastructure Advisory Council (NIAC), advising the White House on how to reduce physical and cyber risks and improve the security and resilience of the nation’s critical infrastructure sectors. A dedicated advocate for fostering talent and inclusivity in technology Deneen actively participates in mentorship programs and women-led organizations to inspire and empower the next generation of leaders in STEM. She is deeply committed to creating opportunities for women in the field, supporting their professional growth, and driving meaningful change within the tech industry. Follow her on X @deneendefiore Short version: Deneen is an accomplished technology and risk management executive with expertise in advising global companies on technology, cybersecurity, compliance, and digital risk. As Vice President and Chief Information Security Officer at United Airlines, she leads the cybersecurity and digital risk organization, focusing on cyber resilience and aviation safety worldwide. Deneen serves on the boards of the Internet Security Alliance and the Aviation Information Sharing Analysis Center, is a member of the Airlines for America (A4A) Cybersecurity Committee, and an independent director and Chairperson of the Risk Committee at Blackbaud software. In 2022, she was appointed to the President’s National Infrastructure Advisory Council (NIAC), advising the White House on securing critical infrastructure. Passionate about fostering inclusivity in STEM, Deneen mentors and supports women and talent from diverse backgrounds, driving growth and innovation in the tech industry. Follow her on X @deneendefiore

Tracie Grella

Global Head of Cyber Insurance

AIG

Tracie Grella

Global Head of Cyber Insurance

As the Global Head of Cyber Insurance at AIG, Tracie Grella is responsible for the strategic direction of the company’s cyber insurance portfolio and for managing cyber insurance risk across all of AIG’s property and casualty lines. Tracie has more than 25 years of experience in cyber insurance, effectively navigating the complex intersection of technology and risk management. Known for her visionary approach to risk assessment and mitigation, Tracie has played a pivotal role in shaping the industry’s response to the constantly changing cyber threat landscape and is an influential figure in safeguarding businesses and organizations against this key peril of the modern digital era. Committed to strengthening cybersecurity awareness and resiliency globally, Tracie is a sought-after speaker and a trusted advisor to organizations, think-tanks, associations, and government officials seeking to improve cybersecurity awareness, best practices, and legislation. Commonly called upon as an industry expert by insurance trade and mainstream publications on cyber liability and professional liability issues, Tracie has appeared on Squawkbox and Fast Money, and has been named an Executive to Watch by Risk & Insurance magazine and a Woman to Watch by Business Insurance. Tracie is a co-creator of a patented process for underwriting cyber risk and holds a B.S. in finance from Rutgers University.

Gregory J. Touhill

Director

CERT Division

Gregory J. Touhill

Director

Gregory J. Touhill is director of the SEI’s world-renowned CERT Division, where he leads a diverse group of researchers, software engineers, security analysts, and digital intelligence specialists working together to research security vulnerabilities in software products, contribute to long-term changes in networked systems, and develop cutting-edge information and training to improve the practice of cybersecurity. Touhill was appointed by former President Barack Obama to be the first chief information security officer (CISO) of the United States government. Previously, he served in the Department of Homeland Security (DHS) as deputy assistant secretary in the Office of Cybersecurity and Communications. Before joining the Software Engineering Institute, he was president of Appgate Federal, a provider of cybersecurity products and services to civilian government and defense agencies. Touhill is a 30-year veteran of the U.S. Air Force where he was an operational commander at the squadron, group, and wing levels. He served as a senior leader of military cybersecurity and information technology programs, culminating as the chief information officer of the United States Transportation Command, one of the nation’s 10 combatant commands. A combat veteran, he is the recipient of numerous awards and decorations including the Bronze Star medal and the Air Force Science and Engineering Award. He retired from the Air Force with the rank of brigadier general. Touhill received his bachelor’s degree in political science (minor in engineering) from the Pennsylvania State University, a master’s degree in systems management from the University of Southern California, a master’s degree in strategic studies from the Air War College, and a certificate from the Harvard Kennedy School. He maintains both the CISSP and CISM certifications. He is an adjunct faculty member of the CMU Heinz College of Information Systems and Public Policy and the Deakin University (Australia) Centre for Cybersecurity Research and Innovation. A member of many organizational boards and committees and recipient of many awards, Touhill was recognized by Security Magazine as one of its Most Influential People in Security and by Federal Computer Week in the Federal 100. He is the co-author of the books Cybersecurity for Executives: A Practical Guide and Commercialization of Innovative Technologies.

JR Williamson

Senior Vice President and Chief Information Security Officer

Leidos

JR Williamson

Senior Vice President and Chief Information Security Officer

JR Williamson is the Senior Vice President and Chief Information Security Officer of Leidos. In that role, he is accountable for all aspects of information security strategy, governance, risk, and full lifecycle cybersecurity operations for the corporation. Specific duties include the governance and defense of the corporation’s computing environments: protection of unclassified and classified intellectual and digital assets against existing and emerging cybersecurity threats; developing and implementing effective risk-based security policies, procedures, and operating practices; executing cyber risk assessments and designing appropriate remediation plans; development and retention of our global cybersecurity workforce, and the evolution of our global information security technology and innovation processes. Mr. Williamson is a Certified Information Systems Security Professional and a Six Sigma Black Belt. He chairs the Leidos Security Council, is a member of the Executive Security Action Forum, the Microsoft Chief Security Officer Council, the Security 50, the Gartner Advisory Board, the Defense Industrial Base Sector Coordinating Council, a member of the NSA Enduring Security Framework team, the Palo Alto Customer Advisory Board, the F5 Customer Advisory Board, the Crowdstrike Customer Advisory Board, and is the Chairman of the Board of Directors for the Internet Security Alliance. He also chairs the Washington Exec CISO Council. Mr. Williamson is frequent public speaker on cybersecurity matters and is a co-author of four books including Cybersecurity for Business (2023), Fixing American Cybersecurity (2023), the National Association of Corporate Directors Cyber Risk Handbook (2022, 4th edition), and the Cybersecurity Social Contract (2016). Mr. Williamson is blessed with a wonderful family of five and spends his free time with them and engaging in all things soccer (he is a professional soccer coach with a US Soccer National C license and a senior certified referee, and referee instructor and mentor).

Niall P. Brennan

VP, Global Head of External Engagement

SAP Global Security

Niall P. Brennan

VP, Global Head of External Engagement

Niall P. Brennan joined SAP in June 2020, as the Global Head of External Engagement for the security organization. In this capacity, he leads relationships with government security services, legislative and regulatory bodies, public-private partnerships, industry trade councils, non-governmental organizations, academia, industry partners and customers to address issues related to security and resilience, threat mitigation, regulatory compliance and enforcement. He has over 30 years of experience in a variety of legal, advisory, security, and investigative roles in both the public and private sectors. An attorney by education and training, Niall began his professional life as a commercial litigator in private practice. In 1996, he joined the FBI, where he spent 22-years in multiple operational and managerial capacities across all investigative and investigative support programs, including transnational organized crime, counterterrorism, counterintelligence, cyber and intelligence. Through his service, he gained extensive experience in complex investigation, information collection and management, crisis management and international diplomacy. In his last position with the FBI, Niall led the office in the U.S. Embassy in Paris, France for over 5 years. He retired from the FBI in 2018 and joined PwC as a Director in the Cybersecurity & Privacy practice where he led client engagements focused on cyber incident response and mitigation, resiliency-building and organizational transformation. Niall is married and resides in New York City with his wife and four children.

Nicola (NICK) Sanna

President/CEO

RiskLens

Nicola (NICK) Sanna

President/CEO

Nicola (Nick) Sanna is President and CEO of RiskLens, where he is responsible for the definition and the execution of the company strategy that established RiskLens as the market leader in cyber risk quantification.

Patrick Reidy

Senior Executive, Chief Information Security Officer

GE Aerospace

Patrick Reidy

Senior Executive, Chief Information Security Officer

Patrick Reidy is the Chief Information Security Officer at the Federal Bureau of Investigation.

Dimi Stratakis

Chief Technology Risk Officer

Bank of New York Mellon

Dimi Stratakis

Chief Technology Risk Officer

Dimi Stratakis is the Chief Technology Risk Officer at BNY Mellon. He is responsible for enterprise oversight and risk management across technology, information /cyber security, data and resiliency. He joined BNY Mellon in September 2021. Dimi is a technology, cyber security and operational risk leader with strong transformation track record and extensive experience in managing large scale, complex programs, with 25 years of experience in financial services globally. He previously served as the Global Head of Technology Risk Management at Wells Fargo, where he was responsible for the design framework of technology and information security controls. Prior to Wells Fargo, Dimi spent 16 years with UBS, where he held a number of senior leadership roles including Global Head of Cyber Risk and Operational Resilience and Chief Risk Officer for Technology and Operations. Dimi servers at the board of the Internet Security Alliance, and he is also a board advisor to Obrela Security Industries, a Gartner recognized MDR company. Dimi holds a bachelor’s degree in computing engineering from Imperial College (University of London) and a master’s in information security from Royal Holloway (University of London).

Ted Webster

Senior Vice President, VP, Security Governance, Risk and Compliance

Centene Corporation

Ted Webster

Senior Vice President, VP, Security Governance, Risk and Compliance

Highly effective, versatile, business and solutions-oriented Information Security Leader with direct security program building experience and a diverse background in network and security architecture,implementation, and operations.

Mike Gordon

Senior Vice President, Chief Information Security Officer

McDonald’s Corporation

Mike Gordon

Senior Vice President, Chief Information Security Officer

As Senior Vice President, Chief Information Security Officer, Mike Gordon leads the McDonald’s Global Cyber Security organization, overseeing risk management, product and service security, and brand protection across all global corporate functions and over 110 markets. Mike and his team are enabling McDonald’s to innovate and grow in a secure environment by embedding cybersecurity into every functional area. He leads the efforts to strengthen the system against cyber threats through proactive defense, relentless innovation, and strategic collaboration with stakeholders across the system. Prior to McDonald’s, Mike served as the Vice President, Technology Delivery and IT Operations at Lockheed Martin. He previously served as their Chief Information Security Officer, where he had oversight of the company’s information security strategy, policy, security engineering, operations, cyber threat detection, and response. In this capacity, Mike led a globally recognized team of cyber security professionals that manage the company’s end-to-end enterprise security infrastructure, develop world-class capabilities to defend against advanced persistent threats, enable open collaboration and information sharing with Lockheed Martin’s government and industry partners. Mr. Gordon is a founder and member of the Board of Directors for the National Defense Information Sharing and Analysis Center (ND-ISAC). He also serves as the chairman of the Defense Industrial Base Sector Coordinating Council (DIB-SCC) partnering with the Departments of Defense and Homeland Security for the protection of critical national infrastructures. Mr. Gordon holds a Bachelor of Science degree in engineering physics, a Master’s degree in technical management from Embry-Riddle Aeronautical University, an MBA and a Master’s degree in information assurance from the University of Dallas. Outside of work Mike serves on the Shriners Hospital for Children - Philadelphia Board of Governors.

ISA Board

Meet the Internet Security Alliance Board of Directors

Michael Higgins

Kris Lovejoy

Brad Maiorino

Patrick Hynes

Mike Woods

Tim McKnight

Jon Brickey

Deneen Defiore

Tracie Grella

Gregory J. Touhill

JR Williamson

Niall P. Brennan

Nicola (NICK) Sanna

Patrick Reidy

Dimi Stratakis

Ted Webster

Mike Gordon

Contact

Helpful Links

Distributions