CSA CxO Trust

A broad-based initiative to elevate the knowledge of cloud computing and cybersecurity among organizational executive teams and governing bodies.
CSA CxO Trust

Our mission is to help Chief Information Security Officers (CISOs) better understand the priorities of their peers within the C-Suite and to also enable CISOs with tools to communicate business risk, governance, and compliance issues of cloud computing and cybersecurity in the proper context to their peers within the C-Suite and their boards of directors. This initiative will be forward looking and innovative in advancing cloud computing and cybersecurity within the C-Suite. If you're interested in learning more, you can read the press release or email the CSA President, Illena Armstrong, at [email protected].

Of organizations in the cloud:

47% are concerned

about their staff lacking cloud expertise.

Over 50% are running

41% or more of their workloads in a public cloud.

41% are unsure

whether they have experienced a cloud-related operational incident in the last 12 months.

Source: State of Cloud Security Concerns | CSA
*This survey was submitted to nearly 1900 IT and security professionals.

Cloud may be the new normal, but numerous organizations:

Are just beginning
their cloud journeys
Have more sophisticated
implementations
Have weaker-than-expected
knowledge of security requirements

Addressing These Challenges

CSA will form a trusted community of CISOs and other C-level stakeholders who will leverage the collective voice of this group to further influence and drive the:

  • Evolution and common understanding of cloud and cloud-driven technologies knowledge;
  • Establishment and advancement of cloud security standards, guidance, research and more;
  • Professional development and continuous education of much-needed cloud experts;
  • Improvements in cloud and cybersecurity services and products;
  • Progression and passage of related and necessary regulations or legislation;
  • Unification of cloud and cybersecurity messaging and knowledge sharing among organizations’ C-suite stakeholders, as well as in the wider industry and beyond.

This group will complement existing CISO and cybersecurity networks. If interested in working with us on ours, which is uniquely positioned given our 12 years as a non-profit helping the industry secure the cloud, please reach out to CSA President Illena Armstrong.

Learn more about CSA CxO Trust.

To gain full access to this group once it’s launched organizations will need to be a CSA Corporate Members. If you're interested in learning more, please email the CSA President, Illena Armstrong, at [email protected].

How to Get Involved

Research Working Group

The CSA CxO Trust Working Group will conduct research consisting of best practices, metrics, surveys, C-level presentations and other tools in support of the overall initiative mission. The working group will be open to professionals and subject-matter experts from both CSA member and non-member organizations. The working group will have its kickoff meeting in Q3 of 2021, interested individuals can informally discuss the issues in our Circle community now.

Along with other projects, this group will regularly update and maintain a document listing the Cloud Priorities for the CxOs. The roadmap of other deliverables for this group will include:

  • Original research publications,
  • Executive summaries of CSA research publications with context for C-Suite readers,
  • Curation of third-party research and data,
  • Joint research with outside groups.

Learn More

Advisory Council

CSA looks to our advisory council to contribute to and advise on the overall strategy and roadmap of this broad-based program’s offerings. In addition to generally advising on the C-Suite Initiative and related offerings, the Council also helps guide our CxO Research Working Group. This council is not only made up of CISOs, but also Chief Information/Chief Technology Officers, Chief Risk Officers, Chief Privacy Officers, Chief Compliance Officers, Chief Operating Officers, Chief Executive Officers and other C-level stakeholders engaged in driving and supporting their organizations’ cloud computing and cloud security programs.

This council is reserved for the participation of C-level executives from our corporate members. If you have any questions you can email the CSA President, Illena Armstrong, at [email protected].

Mike Anderson Headshot
Mike Anderson
Chief Digital and Information Officer
Mike Anderson

Chief Digital and Information Officer

Mike Anderson brings over 20 years of experience to his role as Chief Digital and Information Officer for Netskope, having built and led high-performing teams across a wide range of disciplines, including sales, operations, business development, and information technology. He is considered a thought leader, visionary, and speaker on digital transformation, leadership, and business agility.

Read more

Raj Badhwar Headshot
Raj Badhwar
CISO
Raj Badhwar

CISO

Raj Badhwar has 25+ years of experience within Cybersecurity and IT. He is currently the CISO for Voya Financial and previously held senior Security/IT leadership roles at AIG, BAE Systems, Bank of America, and AOL Time Warner.

Read more

Rolf Becker Headshot
Rolf Becker
Co-Founder and Chair
Rolf Becker

Co-Founder and Chair

Rolf A. Becker is the Co-Founder and Chair of the European User Group Enterprise & Cloud Data Protection. The EuUG has developed a broad range of data protection control and design requirements and is in the process of joining the Cloud Security Alliance as a special interest group.

Read more

Rachel Bierner Headshot
Rachel Bierner
SVP, Cloud Security Leader
Rachel Bierner

SVP, Cloud Security Leader

Rachel Kim Bierner serves as Cloud Security Leader at Wells Fargo, where she is responsible for the development and delivery of the company’s cloud security strategy and control framework. Prior to joining Wells Fargo, she led various cybersecurity and technology functions over 19 years at Bank of America. Rachel started her career as a consultant with Management implementations for clients around the world.

Read more

Fred Budd Headshot
Fred Budd
Vice President, Cloud Security
Fred Budd

Vice President, Cloud Security

Fred Budd is serving as Vice President, Cloud Security for Mastercard. In this role, he is responsible for the protection of Mastercard’s cloud platforms and driving the evolution of security practices. Fred has over 20 years of diverse experience in security architecture, technology strategy and governance, privacy and compliance, identity management, telecommunications, IT operations, and product innovation. In the past decade, he has foc...

Read more

James Cairns Headshot
James Cairns
Security Lead
James Cairns

Security Lead

James Cairns loves the evolving challenges of his career in IT Security. He has spent more than 15 years invested in growing his experience as he implements systems and designs solutions to help students and colleagues learn and work more effectively and efficiently. As Security Lead, Bow Valley College, he has been invited to local and national conversations with CANARIE Joint Security Project, CanSSOC, Cybera AB Secure IT, and most recent...

Read more

Ben Carr Headshot
Ben Carr
Chief Information Security Officer
Ben Carr

Chief Information Security Officer

Ben Carr is the Chief Information Security Officer at Qualys. He is an information security and risk executive with more than 25 years of experience in developing and executing long-term security strategies. Ben has demonstrated global leadership and experience, through executive leadership roles of advanced technology, high risk, and rapid-growth initiatives, at companies such as Aristocrat, Tenable, Visa and Nokia. While at Aristocrat, Be...

Read more

Sean Catlett Headshot
Sean Catlett
Chief Security Officer
Sean Catlett

Chief Security Officer

Sean Catlett is the Chief Security Officer at Slack, where he oversees product security, GRC, and security engineering and operations. Prior to Slack, Sean was the first CISO for Reddit, where he built the company’s dedicated Security and Privacy functions, protecting more than 430 million monthly active users around the world. In addition to executive roles at industry-leading security software companies, Sean has held senior leadership ro...

Read more

Jerry Cochran Headshot
Jerry Cochran
CISO
Jerry Cochran

CISO

Jerry Cochran serves as Pacific Northwest National Laboratory’s (PNNL) Chief Information Security Officer (CISO) and is the Technical Operations and Cybersecurity Division Director. Jerry also leads a 5-year R&D program RD2C

Read more

David Cullinane Headshot
David Cullinane
Founder
David Cullinane

Founder

Dave Cullinane is the Founder of TruSTAR Technology. Prior to TruSTAR, Dave served for 5+ years as the Chief Information Security Officer and VP of Global Fraud, Risk and Security for eBay and its many global businesses (StubHub, InternetAuction.co, GSI Commerce). He has more than 30 years of professional security experience building and managing cyber security and incident response teams.

Read more

Jim De Haas Headshot
Jim De Haas
Cloud Security Expert
Jim De Haas

Cloud Security Expert

Seasoned security professional with a demonstrated history of working on critical, complex and highly available banking applications. A technology enthusiast, who enjoys collaborating with cross-functional teams. A strong communicator who can evangelize security across the organisation. Specialised in Cloud Security (Both AWS and Azure), IT Security, training DevOps engineers in security topics and making security understandable to non-secu...

Read more

Stacey Halota Headshot
Stacey Halota
Vice President–Information Security and Privacy
Stacey Halota

Vice President–Information Security and Privacy

Stacey Halota joined Graham Holdings Company (then The Washington Post Company) in 2003, where she leads the development and implementation of information security and privacy programs, including Sarbanes Oxley, privacy law, Payment Card Industry compliance, and other data protection efforts. Ms. Halota has more than 25 years of experience in the information technology, security, and privacy field. She is a Certified Information Systems Sec...

Read more

Jason Johnson Headshot
Jason Johnson
Lead Information Security Assessor, VP
Jason Johnson

Lead Information Security Assessor, VP

Jason Johnson has had hands-on technical experience in information technology since 2004 and information security since 2015. His work history includes designing and administering traditional call center environments. He also has experience designing, securing, and managing cloud-based SaaS K-12 applications and conducting on-premises and cloud-based information security assessments. His previous roles include desktop support, network admin...

Read more

Suyesh Karki Headshot
Suyesh Karki
Chief Information Security Officer
Suyesh Karki

Chief Information Security Officer

With over 16 years of cybersecurity and risk leadership, strategy, and management experience, Suyesh is responsible for leading Domo’s cloud security, risk, compliance, and security operations. At Domo, Suyesh led Domo through the security and compliance maturity curve, including creating a catalog of security controls, implementing a data classification model, deploying a GRC solution, establishing meaningful security metrics, and creating...

Read more

Anil Karmel Headshot
Anil Karmel
Co-founder and CEO
Anil Karmel

Co-founder and CEO

Anil is co-chair of the CSA Application Containers and Microservices working group and has led the development of multiple research artifacts, building off the work started in the NIST Cloud Security working group. He is president of the CSA DC Metro Area Chapter, which he has transformed from a dormant chapter into one of North America’s most a...

Read more

Andy Kirkland Headshot
Andy Kirkland
Global CISO & VP, Global Cybersecurity Services
Andy Kirkland

Global CISO & VP, Global Cybersecurity Services

Andy Kirkland is the Chief Information Security Officer for Starbucks Coffee Company. In this role, Andy leads global cybersecurity services, including operations, engineering, architecture, identity and access management, as well as Cybersecurity risk and compliance.

With 20 years of experience working in information security and FDA regulatory environments, Andy’s career is rooted in change driven leadership, including roles in tech...

Read more

Ricardo Lafosse Headshot
Ricardo Lafosse
Chief Information Security Officer
Ricardo Lafosse

Chief Information Security Officer

Ricardo Lafosse is the Chief Information Security Officer (CISO) for Kraft Heinz. Lafosse is responsible for IT risk governance, OT security, incident management, technical disaster recovery, and determining enterprise-wide security policies and procedures. Lafosse regularly presents on security topics at global conferences, including MirCon, ISACA CACS, and Secure World.

Read more

V.Jay Larossa Headshot
V.Jay Larossa
Head of Global Trust Assurance
V.Jay Larossa

Head of Global Trust Assurance

As the Head of The Global Trust Assurance organization for TikTok, V.Jay leads the team responsible for the development, alignment, adoption, and efficacy validation of the global cybersecurity & risk control capabilities, aligned to a real-time threat & risk compliance measurement framework in support of our world-class organization, infrastructure, and product delivery platforms across the globe.

Read more

Adrian Ludwig Headshot
Adrian Ludwig
Chief Trust Officer
Adrian Ludwig

Chief Trust Officer

Adrian Ludwig is the Chief Trust Officer at Atlassian. Adrian joined the company in May 2018 and served as the Chief Information Security Officer for three years. Prior to Atlassian, Adrian held a number of security leadership positions at leading technology companies, including building out the security capabilities at Nest, Macromedia, Adobe, and Android (Google). He is also an active cybersecurity advisor and angel investor. As a self-de...

Read more

Mario Maawad Marcos Headshot
Mario Maawad Marcos
Director of Security Innovation & Transformation
Mario Maawad Marcos

Director of Security Innovation & Transformation

Mario Maawad Marcos has been working in the IT field for over 20 years, including the last 16 years in digital security. He has been working at Caixa Bank back since 2004, the first bank in Spain, as the Director of Security Innovation & Transformation.

Mario received a B.S. degree in Computer Science from the Polytechnic University of Catalonia, Barcelona in 1997 and a JD in Law, from the Open University of Catalonia, Barcelona in 20...

Read more

Shehzad Merchant Headshot
Shehzad Merchant
Chief Technology Officer
Shehzad Merchant

Chief Technology Officer

Shehzad Merchant is the Chief Technology Officer at Gigamon. He has over 20 years of experience and background in cybersecurity, networking, and communications. His areas of focus include cyber defense modeling, policy, and security in the world of connected devices. He holds several networking, communications, and security patents and is a speaker and panelist at various industry events.

Read more

Aaron Miller Headshot
Aaron Miller
Chief Information Security Officer
Aaron Miller

Chief Information Security Officer

Aaron Miller has over 18 years of IT and IT Security experience. He is currently the Chief Information Security Officer for the New York State Office of the Attorney General. Prior to joining the NYS Office of the Attorney General, Aaron was the IT Security Practice Manager with JC Jones & Associates, where he developed IT security policies and procedures for various organizations. Before joining JC Jones & Associates, Aaron was Lead Cyber ...

Read more

Gerald Parham Headshot
Gerald Parham
Global Research Leader, Security & CIO
Gerald Parham

Global Research Leader, Security & CIO

Gerald leads the Security and CIO research portfolios within the IBM Institute for Business Value. He advises senior executives and board members on security strategy and cyber value chains, in particular the relationship between strategy, risk, security operations, identity, privacy, and trust. Over the past year, Gerald has authored original research papers on cloud security, cyber risk, business resilience, and zero trust. He has more th...

Read more

Vinay Patel Headshot
Vinay Patel
Chief Information Security Officer
Vinay Patel

Chief Information Security Officer

As Finastra’s CISO, Vinay is responsible for establishing an intelligence-led, threat-focused information security program capable of detecting and protecting against emerging cyberattacks targeting Finastra and/or its clients.

Read more

Edgar Pimenta Headshot
Edgar Pimenta
VP of Information Security
Edgar Pimenta

VP of Information Security

Edgar Pimenta is the VP for Information Security at Talkdesk (a Cloud Contact Center) and is responsible for the governance, risk and compliance of information security at Talkdesk. He manages the team that deals with policies, the security education program, the security risk management processes, and data protection among others.

Read more

Mindy Player Headshot
Mindy Player
Director of Cloud Security
Mindy Player

Director of Cloud Security

Mindy Player is the Director of Cloud Security for Lloyds Banking Group. She has 32 years of work experience, with the last 20 being in cybersecurity. Mindy has led teams accountable for various security disciplines ranging from Identity and Access Management, Investigations and Threat and Vulnerability Management to Security Engineering and Design. More recently, Mindy has been operating in cloud security in the Private Cloud, Adopted Publ...

Read more

Janice Reese Headshot
Janice Reese
CEO
Janice Reese

CEO

Network PDF Cloud Solutions - CEO

Global Marketing Technologist, Healthcare Leader, Advisor, Board Member, BPM+ Health Ambassador, WiCyS TN affiliate V.P. - Nashville Beach Co-Founder

Janice Reese has more than 25 years of technology leadership experience with a specific emphasis on the intersection of information security and business. Janice brings her unique consulting expertise to connect digital transformation to business ...

Read more

Marisa Ruffalo Headshot
Marisa Ruffalo
Cybersecurity R&D Specialist and Distinguished Engineer
Marisa Ruffalo

Cybersecurity R&D Specialist and Distinguished Engineer

Marisa Ruffolo is a Cybersecurity R&D Specialist and Distinguished Engineer at Chevron. She is responsible for researching and evaluating advanced technologies to implement Chevron’s cybersecurity guardrails. Prior to joining Chevron, Marisa worked as a systems engineer for national security research programs at Sandia National Laboratories and a technology architect at Accenture.

Read more

Joe Zacharias Headshot
Joe Zacharias
Deputy CISO for Cybersecurity Risk Management
Joe Zacharias

Deputy CISO for Cybersecurity Risk Management

Joe Zacharias is the Deputy CISO for Cybersecurity Risk Management at Caterpillar in Peoria, IL. He began his career at Caterpillar in 2012 as an Incident Response Manager working in the CSIRT within Enterprise Security, leading large-scale advanced threat response, containment, and remediation activities. His principal areas of security leadership practice currently include Caterpillar Connected Asset Security (IoT) for Caterpillar equipme...

Read more

Related Resources

Event Recordings

Watch recordings from interviews with CISOs and c-level execs as they share their experience securing the cloud.

Watch Recording

Resources

Access the content created by the CxO Working Group and CSA, from papers to blogs, to videos and more.

View Resources