March 2021

Security eMagazines

shulz / E+ via Getty Images

By Maria Henriquez, Associate Editor

Nominated by their colleagues and associates, these top cybersecurity executives are changing the cybersecurity landscape for the better.

The 2021 Top Cybersecurity Leaders

Special Report

Product, Rectangle, Font
Rectangle, Font
Facial expression, Material property, Rectangle, Font

Security magazine is pleased to present our inaugural Top Cybersecurity Leaders for 2021. Security partnered with (ISC)², the world’s leading cybersecurity professional organization, to find enterprise information security executives who have made and continue to make significant contributions in the cybersecurity space to their organizations and the security profession. They were nominated by their colleagues and associates, and were chosen based upon their leadership qualities and the overall positive impact that their cybersecurity projects, programs or departments have had on their shareholders, organizations, colleagues and the general public.

This year’s Top Cybersecurity Leaders are:

Jason Albuquerque, CIO and CSO, Carousel Industries

Derrick A. Butts, Chief Information and Cybersecurity Officer, Truth Initiative

Edna Conway, Vice President, Chief Security & Resiliency Officer, Azure, Microsoft

Chuck Davis, Senior Director of Cybersecurity, Hikvision

Dave Estlick, CISO, Chipotle

Heather Gantt-Evans, CISO, SailPoint

Theresa Grafenstine, Global Chief Auditor, Technology, Citi

Roy E. Hadley Jr., Special Counsel, Adams and Reese LLP

Shawn Harris, Director, Information Security – Strategy, Engagement, and Architecture, Starbucks Coffee Company

Grant Sewell, Head of Information Security and Privacy, Safelite Group

Spencer Wilcox, Executive Director, Technology and Chief Security Officer, PNM Resources

Ira Winkler, CISO, Skyline Technology Solutions

Nominations for the 2022 Top Cybersecurity Leaders program will open in September and close in December 2021. Visit for more information.

Read Our 2021 Top Cybersecurity Leaders Profiles

Top Cybersecurity Leaders
Jason Albuquerque
CIO and CSO, Carousel Industries
Jason Albuquerque is Chief Information Officer (CIO) and Chief Security Officer (CSO) at Carousel Industries, Inc. Headquartered in Exeter, R.I., Carousel Industries is a provider of managed services, including cloud, data center and security, as well as communication and network technologies. A Carousel leader since 2012, Albuquerque is recognized as an Information Technology, Information Security and Enterprise Risk and Compliance expert for one of the largest and fastest-growing privately-held IT services firms in the U.S.
Derrick A. Butts
CISSP, ITILv3, Chief Information and Cybersecurity Officer at Truth Initiative
When Derrick A. Butts first started his role as Chief Information and Cybersecurity Officer at Truth Initiative, a large non-profit public health organization dedicated to making tobacco use and nicotine addiction a thing of the past, he had an 18-month plan dedicated to increasing cybersecurity confidence, IT members’ skillsets, and overall security posture within the organization while rebranding the IT department as a positive security and technology resource.
Edna Conway
Vice President, Chief Security & Resiliency Officer, Azure, Microsoft
Edna Conway is globally recognized as an innovative and empowering executive who forecasts the future of business and creates clear strategies to get ahead of burgeoning trends. Her expertise and insight spans the expanding arena of third party risk, changing global government cybersecurity demands and consumer privacy expectations.
Chuck Davis
Senior Director of Cybersecurity, Hikvision
Chuck Davis, MSIA, CISSP-ISSAP, is Senior Director of Cybersecurity at Hikvision, a global company with more than 40,000 employees and 59 branch offices and subsidiaries around the world. Based in the U.S., Davis leads the global cybersecurity team, and, under his leadership, Hikvision has achieved several cybersecurity milestones, to include the establishment of the Source Code Transparency Center at Hikvision USA’s Los Angeles headquarters, where government and law enforcement officials may examine the source code for Hikvision’s cameras and NVRs.
Dave Estlick
CISO, Chipotle
Since joining Chipotle in 2019, Dave Estlick has had a significant impact in the company’s cybersecurity posture. Upon starting his new role, he initiated a period of discovery, taking inventory of the brand’s infrastructure. He saw an opportunity to drive significant change across the organization which was equally open to prioritizing security.
Heather Gantt-Evans
CISO, SailPoint
Heather Gantt-Evans was recently appointed the Chief Information Security Officer at SailPoint. Previously, she was Senior Director of Security Operations and Cyber Resilience at the Home Depot, where she was responsible for leading security engineering, application security, vulnerability management, network security, and the security operations center.
Theresa Grafenstine
Global Chief Auditor, Technology, Citi
As the Global Chief Auditor for Technology at Citi, Theresa Grafenstine oversees a staff of approximately 250 technology auditors – all of whom are required to incorporate a standardized testing program that covers basic principles of information security. Grafenstine also manages a team of more than 30 auditors who specialize in cybersecurity and conduct technical cyber reviews of Citi’s systems globally.
Roy E. Hadley Jr.
Special Counsel, Adams and Reese LLP
In addition to his role as a cybersecurity lawyer, Roy E. Hadley Jr. is well-versed in the operational and technical aspects of cybersecurity. At Adams and Reese LLP, he assists clients with response and recovery efforts in the event of an attack and assists clients with hardening their enterprises against cyberattacks.
Shawn Harris
Director, Information Security – Strategy Engagement and Architecture, Starbucks
As Director of Information Security responsible for cybersecurity strategy, engagement and architecture at Starbucks, Shawn Harris leads a team of 10 security professionals comprised of principal level architects, security program and management professionals.
Grant Sewell
Head of Cybersecurity, Safelite Group
At Safelite Group, an American provider of vehicle glass repair, replacement, and recalibration services, headquartered in Columbus, Ohio, Grant Sewell has built the security team from the ground up.
Spencer Wilcox
Executive Director, Technology and Chief Security Officer, PNM Resources
Spencer Wilcox first started his career in cybersecurity while in law enforcement in the Commonwealth of Virginia. With training in computer forensics and cyber investigations from the Federal Bureau of Investigation (FBI), Wilcox transitioned to the energy industry at Constellation Energy as a DFIR (Digital Forensics and Incident Response) investigator and has held positions in cyber and physical leadership ever since.
Ira Winkler
CISO, Skyline
While Ira Winkler’s tenure as CISO within Skyline Tech Solutions has been short, he has made a significant impact. In October 2020, he took over a security department that lacked leadership, as it grew organically out of a successful network and IT services operations.
Inside Back to TOC
Font, Text