Recognized Cybersecurity Law Leaders 2025

Co-Founder of SG6, ITRES and DEV6. Cybersecurity consultant with a deep technical background. More than 20 years of experience in the fields of IT Security, Cybersecurity, Security Research and IT Best Practices. Dozens of acredited CVE vulnerabilities since Y2K. I publish practical offensive/defensive research: vulnerability analysis, exploitation notes, reverse engineering, and hardening/detection takeaways.

I've worked in the cybersecurity industry for the last 20 years consulting for the top financial and legal services firms in the country. I have demonstrated history in design, implementation, and management of security programs to address risks across the cyber kill chain. Skilled in Security Strategy, Awareness, Emerging Security Technologies, Risk Assessments, Red Team Exercises, Governance, and Education. Primary focused on the law and finance sectors but have applicable knowledge to all industries.

As the Director of Cybersecurity at Fortra, I lead a distinguished team of cybersecurity experts in delivering Managed Security Programs to global clients. With over a decade of experience in the field, I bring a wealth of expertise in data protection, threat hunting, incident response, cybersecurity policy, IT solutions, and security systems.My mission is to empower organizations to safeguard their most sensitive data and assets against cyber threats while aligning with business objectives and regulatory standards. I thrive on sharing insights and knowledge through publications on diverse cybersecurity topics, ranging from the role of cyber executives to best practices in data security. As a strong advocate for AI and ML technology, I believe in the imperative need for organizations to mature and embrace these innovations. I actively collaborate with professionals and stakeholders to drive innovation and enhance industry standards.

Cybersecurity Expert | Cyberwarfare Strategist | Founder, Centuria Labs Research With over 25 years of specialized experience, Giovanni Battista Caria is a prominent figure in the European cybersecurity landscape. As the head of Centuria Labs Research, he has dedicated his career to advanced research in digital crime prevention and the development of impenetrable defensive architectures. His work bridges the gap between technical innovation and strategic analysis, making him a sought-after speaker at major international forums, including the International Security & Digital Council. Literary Contribution & Strategic Insight Caria’s extensive research has culminated in a series of influential works that address the evolving nature of digital threats from both a technical and legal perspective: The Black Book of Cybersecurity (Il Libro Nero della Cybersecurity): A deep dive into the structural flaws of modern digital infrastructure and the methodologies of high-level cyber attacks. The Invisible Front (Cybersecurity & Cyberwarfare): Co-authored as a comprehensive guide to the convergence of law, technology, and national security, this work serves as a manual for understanding state-sponsored digital conflict. The Architects of Shadow (PsyOps & Information Warfare): An analytical exploration of psychological operations and social engineering, detailing how digital influence can compromise national stability and institutional trust. Innovation in Defensive Systems Throughout his two-decade-long career, Caria has focused on creating innovative defensive frameworks designed to be mathematically and structurally resilient. His approach at Centuria Labs emphasizes proactive threat hunting and the implementation of security layers that go beyond traditional firewalls, focusing instead on system-level integrity and zero-trust principles. Strategic Vision A recognized expert in the legal and technical facets of the GDPR and cyber-law, Caria integrates regulatory compliance with hard-core technical defense. His philosophy is rooted in the belief that true cybersecurity requires a holistic understanding of the "invisible front"—the space where software engineering, international law, and geopolitical interests collide. "Cyber defense is not a static wall, but a dynamic architecture of constant anticipation and research." — Giovanni Battista Caria

Cybersecurity expert with over a decade and a half of deep-dive experience, I bring an unparalleled level of understanding and expertise in strategic Cybersecurity planning, effective risk control, and pioneering product innovation. My career reflects my role as a reliable authority for organizations of all sizes, as well as an effective liaison with different regulatory bodies.

Seasoned content writer with more than a decade of experience.Wrote hundreds of blogs, ebooks, newsletters, social media content, news articles.Worked with numerous tech start-ups, digital marketing agencies, and media publications.Focused mostly on B2B tech, cybersecurity, blockchain, and AI. Capable of covering virtually any topic.Experienced in journalistic writing.

Ryan Johnson is a Fellow of Information Privacy and recognized subject matter expert in data protection, cybersecurity, and AI governance. With over 25 years of experience at the intersection of technology and law, he serves as a fractional Chief Privacy Officer, outside counsel, and consultant to clients in the FinTech, insurance, and technology sectors. Ryan also contributes to public policy as a member of the Arizona Governor’s AI Steering Committee, where he helps shape the state’s framework for responsible AI adoption.

I’m Eric Garcia, the CEO of SentrIQ Labs. I have over 15 years of experience in cybersecurity, working across federal, defense, and cloud environments to help organizations design, implement, and defend security programs in highly regulated spaces. My background includes hands-on involvement with authorization processes, security control assessments, policy development, and executive-level risk advisory, with a strong focus on cybersecurity frameworks. Before founding SentrIQ Labs, I worked with organizations ranging from early-stage SaaS companies to large defense contractors, helping them navigate compliance demands without losing sight of operational reality. I have spent years inside the authorization process, working directly with engineers, compliance teams, and leadership to translate dense regulatory requirements into security controls that can actually be implemented and sustained. At SentrIQ Labs, my focus is on applying AI to reduce friction in cybersecurity compliance and audit readiness. That includes automating evidence collection, control mapping, and documentation workflows while preserving human judgment where it matters most. I am particularly interested in how AI changes the future of GRC, the risks introduced by poorly governed AI systems, and how companies can adopt automation without increasing their attack surface. I regularly share insights on cybersecurity compliance, AI development, and the evolving threat landscape, with an emphasis on practical, defensible security programs that align with real business risk rather than checkbox compliance.

A pragmatic leader with experience guiding, building, and scaling cybersecurity and privacy programs across sectors. I formerly led the Information Security program for Udemy an EdTech firm. Implemented company-wide cybersecurity and data privacy governance programs for payment organizations, Led service delivery strategy, audits and penetration testing engagements for Consulting organizations and help company stakeholders understand likely business threats and practical methods to minimize risk.

Shawn is a seasoned lawyer with an entrepreneurial spirit & is experienced working with technology-focused organizations at varying stages, including as General Counsel for an international health tech company. Shawn works closely with clients as a valued & trusted advisor, providing business ready solutions to resolve issues revolving around incident response (breach coach), strategic risk, crisis, data privacy & cybersecurity.Shawn Ford provides strategic risk advisory services that span a comprehensive spectrum, encompassing strategic communications, investigations, due diligence, supply chain analysis, intelligence research & a range of specialized services. He provides guidance on issues related to kidnap, extortion, blackmail & product contamination, rendering invaluable support to High Net Worth Individuals & Families in need of protection & emergency response. He focuses on providing executive-level strategies to plan for, prevent, & respond to crises throughout the pre-, intra-, & post-crisis stages.Shawn values aiding clients to develop & build upon their understanding of strategic risk, compliance, privacy & cyber obligations. As such, he realizes first-hand the challenges that organizations face when trying to balance their compliance obligations while innovating & developing new products & services. Shawn helps companies turn their obligations into opportunities, to build trust & advance their business goals.Shawn assists multinational institutions to understand & operationalize their risk, privacy & cyber requirements. He works closely with the executives, CISOs & legal counsel to create enterprise-wide strategic risk programs, third party risk programs & incident response capabilities. He frequently works with privacy officers to implement their privacy program & to understand their data.As Co-Founder & President of IronGate Protection, Shawn leads the business as it provides executive & close protection, security operations, private investigation, bodyguard, residential security, threat assessment, & international operation management.Shawn states that his mission is “to take a 360° approach to understand your organization’s position & ability to leverage strategic risk, data security, privacy & technology best practices to build brand trust & resiliency.”__The content shared is for general informational purposes only & should not be construed as legal advice.Do not provide confidential information via LinkedIn as it may not be treated as confidential, privileged, or protected.Prior results do not guarantee similar outcome.

Dr. Connie McIntosh is a cybersecurity executive, academic, mentor and international speaker. She currently serves as Head of Security at Ericsson. Dr. McIntosh integrates cybersecurity, information security, product security, operational security, and data privacy into business strategy, fostering psychological safety and cultural transformation in traditionally siloed environments. Her background is in National Security and Cyber Defense working in in key Cybersecurity Leadership roles across Defense and Government classified networks, Academia and private enterprise. Her leadership has earned her accolades such as being named among the Top 100 Women in Cybersecurity by US Cyber Defense Magazine and the Black Unicorn Award at Black Hat 2020. In 2025, she was awarded the prestigious Global Recognition Award for Leadership Excellence in cybersecurity underscoring her global recognition and influence along with 2025 Young Leader of the Year - The Fast Mode Awards 2025 recognizing exceptional individuals whose leadership, resilience, and technical depth continue to elevate the global telecom ecosystem. Connie's contributions to cybersecurity have been featured in influential books and magazines, including the groundbreaking Women4Cyber's own "Europe's Top Women in Security, Hacking Gender Barriers", along with "The Rise of Cyber Women Vol 3", "Shining the Spotlight - Stories for Business Success." and others.

For over 20 years, I've been on the front lines of cybersecurity, working with global organisations to help them answer critical questions like: "How effective are our security measures against a cyber attack?" My passion is empowering companies to identify and fortify their attack surface. I help leadership teams evaluate their security stack's effectiveness and build actionable roadmaps. Some of the topics I cover are Enterprise cybersecurity and strategy, culture and how it impacts cyber resilience. Emerging attacks and attacker innovation in ransomware and increasingly AI security risks. This passion for sharing actionable knowledge is why I also started writing my blog. It's my way of sharing ideas and providing insights for enterprise security defenders and educate the wider community. In my day-to-day role at Pentera, I lead a team of talented security engineers. We partner with leading organisations who are ready to embrace change. As a speaker and mentor, I enjoy challenging the norms, introducing disruptive technologies, and sharing best practices to raise the bar.

I am a cybersecurity professional with over 18 years of experience in offensive security, penetration testing, and cyber defense. I focus on deeply understanding complex security challenges and developing practical, real-world solutions that strengthen organizations against evolving threats. I enjoy working across various security domains and approaching problems with a hands-on, analytical mindset. My colleagues and clients describe me as a hardworking, disciplined professional who remains calm and solution-oriented when handling high-risk incidents and challenging environments. My areas of expertise include vulnerability assessment, exploit development, incident response, network security architecture, and enterprise systems administration. I hold industry-recognized certifications such as OSCP, OSCE, GWAPT, GCIH, CCNA, and RHCE, which demonstrate my commitment to continuous learning and technical excellence.

Michel Fotsing is a CISSP-certified cybersecurity architect specializing in AI governance for organizations navigating emerging regulations (EU AI Act, NIS2, Quebec Law 25, GDPR). He consults for Quebec's government through Levio and serves on the ISC2 Exam Review Commission, contributing to international cybersecurity certification standards. Author of "L'Architecte Numérique: Orchestrer les intelligences à l'ère de l'IA" (2026, distributed by Hachette), he developed the Three Zones Framework for classifying AI-augmented security decisions. He also created StructureClerk.ca, a free compliance tool covering 169 jurisdictions. Michel can speak to: AI governance and shadow AI risks for businesses, cybersecurity strategy for SMEs, the human-AI decision boundary in critical systems, and data privacy compliance across international frameworks.

Don Warden is a seasoned cybersecurity executive and author with over 30 years of experience securing complex environments across diverse industries. His expertise spans digital forensics, cyber threat intelligence, and incident response, where he has led high-stakes investigations into ransomware attacks, insider threats, and cyber extortion. As a trusted advisor, Don has guided organizations and high-profile individuals through threat mitigation, resilience planning, and post-incident recovery. Holding advanced certifications, including Certified Ethical Hacker (CEH) and Certified Cyber Security Analyst (CCSA), along with a Master’s in Cybersecurity and Information Assurance, Don combines technical depth with strategic vision. His passion for ethical hacking and proactive defense drives his approach to strengthening security postures in an evolving digital landscape. Beyond cybersecurity, Don enjoys traveling with his family to remote destinations and is deeply committed to philanthropic efforts that make a meaningful impact on people’s lives.

CISO and advisor helping FinTechs turn DORA/NIS2/PSD2, PCI DSS, ISO 27001, and GDPR into practical resilience and business value. 20+ years across architecture, incident response, and program build-out. I prioritise KPIs, clear board communication, and continuous improvement, not checkbox compliance. Highlights: led DORA/NIS2 readiness for cross-border teams (faster audits; 30%+ lower regulatory risk), stood up vCISO/vDPO programs with cloud-native controls, vendor risk, and privacy automation. Community: OWASP Riga and Cloud Security Alliance Chapter Lead. Need to get regulator-ready? Let’s connect.

Alexia P. Idoura is a cybersecurity expert and founder of Security Done Easy, where she helps primarily women-led and lgbtq-led small businesses protect their companies without needing to be technical. She specializes in practical risk prioritization, cyber insurance readiness, phishing and fraud prevention, AI-related security risks, and translating complex cybersecurity concepts into plain English. Alexia is a Stevie Award–winning business blogger, a frequent speaker and educator, and the creator of tools and programs that help founders make confident, informed security decisions.

Matt Lindley is the Chief Innovation & Information Security Officer at NINJIO, a leading cybersecurity awareness training and human risk management platform. Matt leads NINJIO’s cybersecurity team and AI innovation projects. Previously, he was the CEO and Principal Consultant at REIN Cybersecurity, which focused on governance, risk management, and compliance (GRC). He has also served as the Director of Security Services at Cal Net Technology Group and the virtual CIO at Convergence Networks. Matt is an authority on IT, cybersecurity, GRC, and operational maturity whose expert insights have been published in media outlets spanning cybersecurity and many other relevant verticals. His byline has appeared in a wide range of cybersecurity and tech publications, including Dark Reading, Cyber Defense Magazine, Innovation & Tech Today, Spiceworks, Security Magazine, Cybersecurity Insiders, Security Boulevard, U.S. Cybersecurity Magazine, Information Week, and Cyber Protection Magazine. Matt has also published extensively in outlets serving specific industry verticals, such as InsuranceNewsNet, Business Traveler, Manufacturing.net, and Carrier Management. He is considered a leading security analyst whose research and expertise cover AI strategy and transformation, emerging cyberthreats, behavioral psychology, social engineering, and organizational resilience. Matt has over a decade and a half of experience as both a practitioner and a thought leader in cybersecurity, and he is particularly focused on human risk management—a core pillar of cybersecurity at a time when the human element is implicated in the majority of breaches.

Harman Singh, director at respected consultancy Cyphere, is an experienced security professional consulting public and private sector customers across the globe. He brings over a decade of intensive consulting experience, advising both private and public sector organisations on security matters around offensive and defensive security, particularly SOC operations maturity, CREST pen testing, risk and governance. Harman is recognised for his teaching ability; he is not just a consultant, but an educator of other experts: Black Hat Trainer: He has delivered advanced, practical training sessions at the prestigious Black Hat security conferences. Advanced Hacking: His training focuses on sophisticated techniques for attacking and defending complex digital infrastructure, upskilling security teams worldwide. Corporate Consulting: Beyond training, he possesses extensive experience consulting with corporate security teams, helping them manage threats across traditional networks and cloud-based systems. His insights—covering regulatory compliance, comments and best practices—are frequently featured in publications such as Infosecurity Magazine and Fast Company.

My path to security leadership came through offensive security testing, software engineering, and product management. I've written code, designed and built security products, created and sold managed security services, and served as both GM and CISO for organizations ranging from early-stage startups to multi-billion-dollar enterprises. That background shapes how I approach security: I understand the trade-offs engineering teams face, I know what's actually feasible to implement and operate, and I prioritize controls that reduce real risk over ones that just satisfy auditors. I stay hands-on with cloud architecture, application security, AI, and emerging threats. At IOmergent, my co-founder Brett Wilson and I work with growing companies that need real security leadership but aren't ready for a full-time CISO. We provide fractional CISO (vCISO) services, managed cloud security, and practical assessments that tell you where you actually stand. Our focus is on building security into engineering culture and operations, as well as with executive teams. We work extensively with SaaS companies, healthcare and fintech organizations, and AI startups navigating their first enterprise customers, dealing with incidents or near misses, or trying to figure out what "good enough" security actually looks like for their stage. If you're a founder or technical leader looking to mature your security posture, preparing for your first compliance audit, or navigating an incident and need experienced support, I'm always happy to connect. And if you just want to talk through a security challenge with someone who's been there, reach out.