The fifty people on this list represent the most important voices in risk management across enterprise risk, governance, compliance, financial risk, operational resilience, and emerging technology risk. They range from pioneering academics whose frameworks now underpin global standards to active practitioners building and rebuilding risk functions inside major organisations right now. As of June 2026, risk management has never been more central to organisational survival.

To recognize the individuals rising to meet these challenges, we're spotlighting 50 CISOs and cybersecurity leaders making a meaningful impact. These professionals stand out not only for their career achievements, but for their influence on the broader cybersecurity community.

SOC 2 audits require organizations to demonstrate logical access controls, but most control mappings address only human users, such as engineers SSHing into servers, developers accessing Kubernetes clusters, or administrators approving access requests. But modern infrastructure now runs on non-human identities like CI/CD pipelines, AI agents, microservices, and automated bots. These entities request credentials, access databases, and move data, but they're frequently excluded from the same auditing rigor applied to human access.

Kayne McGladrey, senior IEEE member and independent cybersecurity advisor, describes what accountability looks like in practice today. "If and when an agent takes the wrong action, responsibility ends up distributed across the vendor, the security team that deployed it, and the owner of the impacted system, but liability is not clearly assigned. Frameworks like the NIST AI RMF and the EU AI Act focus on governance and oversight processes, not incident-level attribution."

Kayne McGladrey, a senior IEEE member, told IT Brew one-on-one conversations can help cyber leaders get a pulse check for how staffers are feeling about them... For leaders who want to foster trust and confidence with staff, McGladrey said transparency is key: “That’s absolutely necessary to build trust with your staff.”

ATLANTA — Travelers planning summer vacations are being warned to watch out for fake rental listings and scam emails pretending to come from booking websites. Cybersecurity expert and IEEE Senior Member Kayne McGladrey said scammers are increasingly using artificial intelligence to make fake listings and messages appear legitimate. “If a luxury rental looks like a magazine cover but it lacks the messy reality of real life, like there are no neighbors for example, it’s probably AI generated,” McGladrey said.

Kayne McGladrey, IEEE Senior Member, previously told VentureBeat that organizations are “defaulting to cloning human user profiles for agents, and permission sprawl starts on day one.” The compliance frameworks enterprises rely on were written for humans. Agent identities don’t appear in any control catalog he’s encountered.

As summer vacation season gets underway, cybersecurity officials are warning of cybercriminals weaponizing generative AI to create look-a-like booking websites and cloned brand messages.

Kayne McGladrey, IEEE Senior Member, framed the organizational failure in business terms. "Anything that seems to have a cybersecurity flavor is generally put into the cybersecurity risk category, which is a complete fiction. They should be focused on business risks, because if it doesn't affect the business, like a financial loss, then nobody's going to pay attention to it, and they will not budget it appropriately, nor will they adequately put in controls to prevent it," McGladrey told VentureBeat. That logic explains why session governance, token lifecycle management, and cross-domain identity correlation fall into a gap between IAM and SecOps. Nobody owns it because nobody has framed it as a business loss.

Kayne McGladrey, IEEE Senior Member, told VentureBeat that the ownership gap is structural. “The CISO doesn’t have the budget. The CISO doesn’t have the staff. And even if they had the budget and the staff, they wouldn’t have the project management and the change management departments reporting to them” to execute identity controls across every business function. The CISO can observe and advise on identity risk, but the business systems where identity fraud occurs belong to other leaders.

Kayne McGladrey, IEEE Senior Member, told VentureBeat that the invisibility is structural. “If you can’t say, ‘if we had a deepfake in our accounts payable process, here is the material loss,’ then you’re not going to get budget for technology to solve the problem, because nobody cares about the problem because it doesn’t cost money.”

As generative and agentic AI systems transition from experimentation to enterprise-scale deployment, executive leaders are redefining how security, governance and innovation intersect. This panel brings together leaders and senior practitioners for a candid discussion on adopting AI security best practices across complex organizations.

Before managing risk, a new leader must establish three basic documents and secure agreements with the other business leaders to write down their decisions. These documents help connect technology directly to revenue streams and operational continuity, and make cybersecurity a business function grounded in reality. Sample document templates are included with this article for readers to adapt for their own needs.

Kayne McGladrey, senior member of the Institute of Electrical and Electronics Engineers (IEEE), echoed the concern about VS Code extensions running with full trust, "which means that they get access to the developer's filesystem, credentials, cloud keys, SSH keys, and environment variables."

Seven surfaces. One group confirmed across at least three of them, with open-sourced tooling enabling copycats across the rest. Kayne McGladrey, IEEE Senior Member, told VentureBeat that organizations are "defaulting to cloning human user profiles for agents, and permission sprawl starts on day one." The compliance frameworks enterprises rely on were written for humans. Agent identities do not appear in any control catalog McGladrey has encountered.

Kayne McGladrey is a globally recognized cybersecurity expert, known for his work in AI governance, risk management, and enterprise security strategy. A senior IEEE member and consistently ranked among the top thought leaders by Thinkers360, Kayne has contributed extensively to the industry through media appearances, webinars, and advisory roles across multiple regions.

Series C startups (and earlier), and firms in less-regulated industries (like a car dealership trying to deal with GLBA), are the best candidates for a vCISO model. These organizations often lack the budget for a six-figure executive but still have compliance mandates that require a designated security leader. A vCISO represents the necessary strategic oversight and audit readiness without the overhead of a full-time salary and benefits.

Independent practitioners confirmed the pattern across RSAC 2026. Kayne McGladrey, an IEEE senior member, told VentureBeat that organizations default to cloning human user profiles for agents, and permission sprawl starts on day one.

Kayne McGladrey, an IEEE senior member who advises enterprises on identity risk, described the same dynamic independently in an interview with VentureBeat. Enterprises are cloning human permission sets onto agentic systems, McGladrey said. The agent does whatever it needs to do to get its job done, and sometimes that means using far more permissions than a human would.

Kayne McGladrey, an IEEE senior member, told VentureBeat that organizations are defaulting to cloning human user profiles for agents, and permission sprawl starts on day one. Carter Rees, VP of AI at Reputation, identified the structural reason. "A significant vulnerability in enterprise AI is broken access control, where the flat authorization plane of an LLM fails to respect user permissions," Rees told VentureBeat.