Top IT Governance Experts 2025

Ganesh Ariyur is a global enterprise technology executive and a Top 100 Digital Adoption Leader for 2025. He is known for delivering more than $500M in measurable enterprise value through large-scale digital transformation, enterprise systems modernization, cloud strategy, artificial intelligence adoption, data governance, & enterprise architecture leadership. His work spans more than 90 countries across Fortune 500 organizations, private-equity owned companies, and highly regulated industries. Ganesh serves as the Global Head of Enterprise Technology Strategy and Transformation at Gainwell Technologies, a $3B healthcare technology organization. He directs modernization programs across SAP S/4HANA, Oracle Cloud ERP, PeopleSoft, cloud platforms on AWS and Azure, enterprise applications, reporting and analytics, generative AI, intelligent automation, enterprise architecture, IT governance, and cybersecurity, aligned with operating models. His programs have delivered multi-million-dollar cost savings. He has directed enterprise portfolios valued at more than $1B. He has unified 450-plus legacy systems, led technology programs supporting more than $30B in M&A value, and guided organizations through complex TSA exits and carve-outs. Ganesh brings deep expertise in artificial intelligence-enabled operating models, multi-ERP modernization including SAP S/4 HANA, Oracle Cloud, & Workday, cloud strategy and FinOps, enterprise architecture, data, infrastructure, cybersecurity improvement, data quality & analytics modernization, robotic process automation & intelligent automation, shared services/global business services, organizational design, and long-term value creation. His people-process-technology approach led to his being named a Global Top 100 Digital Adoption Leader. He is a Certified AI Business Transformation Practitioner & a Certified Technology Innovation Practitioner. He is also a member of the Forbes Technology Council. He was publicly recognized for global transformation leadership when he was featured on billboards across Germany during a major enterprise program at Bayer. Ganesh is known for partnering with boards, CEOs, CFOs, & private equity operating teams. He aligns technology strategy with growth objectives, cost discipline, compliance needs, & long-term enterprise value. Based in Atlanta, he is regarded as a CIO leader who turns complexity into clarity and who consistently converts technology investment into measurable business outcomes.

David Viney, Fractional CIO & Board Advisor on AI Governance. Works with UK mid-market businesses on EU AI Act readiness ahead of August 2026 deadline. Available for comment on AI governance failures (Deloitte case), SM&CR implications, and what SMEs actually need to do before the August deadline.

Michel Fotsing is a CISSP-certified cybersecurity architect specializing in AI governance for organizations navigating emerging regulations (EU AI Act, NIS2, Quebec Law 25, GDPR). He consults for Quebec's government through Levio and serves on the ISC2 Exam Review Commission, contributing to international cybersecurity certification standards. Author of "L'Architecte Numérique: Orchestrer les intelligences à l'ère de l'IA" (2026, distributed by Hachette), he developed the Three Zones Framework for classifying AI-augmented security decisions. He also created StructureClerk.ca, a free compliance tool covering 169 jurisdictions. Michel can speak to: AI governance and shadow AI risks for businesses, cybersecurity strategy for SMEs, the human-AI decision boundary in critical systems, and data privacy compliance across international frameworks.

As a Cybersecurity Auditor operating at the intersection of complex digital infrastructures and human systems, my mission is to build resilience in an increasingly volatile world. With over 20 years of experience in Global MNCs, I’ve realized that protecting a network is only half the battle; the ultimate firewall is the clarity and alignment of the professional mind. ​I am a published author of three works that explore the architecture of security and the science of patterns: ​'The Interview': A deep dive into the technical and psychological nuances of Cybersecurity. ​'Cosmic Catalyst' & 'Beyond Constellations': Research into systemic cycles, predictive analytics, and ancient pattern-recognition frameworks. ​ My methodology is unique. By day, I audit global cybersecurity frameworks for US-based clients. Beyond the code, I am a dedicated researcher of Bio-Energetic Systems and Chronobiological Trends. I have successfully applied these 'multidimensional' patterns to predict global events and organizational shifts with high accuracy—bridging the gap between the measurable and the metaphysical. Through my research I offer high-performance philosophy to fellow cybersecurity professionals. My goal is to help leaders navigate 'zero-day' life challenges with the same precision they apply to their digitalecosystem. ​ I believe the future of leadership belongs to those who can traverse both the logical and the intuitive. I am here to help you audit your path to sovereign success.

Cyber Security Consultant and Tech Enthusiast with 10+ years of experience helping businesses strengthen digital security, optimize technology strategies, and drive innovation across the Cyber Security, Business Consulting, Technology, and SaaS industries. Skilled in identifying security risks, implementing resilient solutions, and advising organizations on secure digital transformation initiatives. Passionate about emerging technologies, PKI, cloud security, SaaS ecosystems, and helping startups and enterprises build scalable, secure, and future-ready systems. Known for combining technical expertise with business insight to deliver practical solutions that enhance operational efficiency, compliance, and cybersecurity resilience.

Mark Lynd is the Head of Executive Advisory & Strategy at Netsync, one of the nation's leading value-added resellers, where he works daily with C-Suite executives on AI, cybersecurity strategy, and digital transformation. A 5x CIO/CISO, author, thought leader and keynote speaker with decades of hands-on operational experience, Mark brings a rare combination of boardroom perspective and practitioner depth to every engagement. Ranked as a Top 5 Global Thought Leader in both AI and Cybersecurity by Thinkers360, Mark has facilitated over 150 incident response tabletop exercises across school districts, Fortune 500 enterprises, healthcare systems, government agencies, and mid-market manufacturers. His original research from these exercises represents the most comprehensive tabletop dataset published by a single practitioner. Mark has delivered more than 100 keynotes at marquee events including RSA Conference, Oracle CloudWorld, Cisco Partner Summit, Dell Technologies World, IBM Think, and Gartner Security & Risk Management Summit. His speaking topics span AI generative strategy, AI infrastructure, cybersecurity operations, ransomware preparedness, incident response, and business continuity. He holds a Bachelor of Science degree from the University of Tulsa and attended The Wharton School. Mark served honorably in the United States Army's 3rd Ranger battalion, and 82d Airborne. My Newsletters: - Cybervizer: Weekly strategic briefings for 10k+ professionals. (www.cybervizer.com) - AI Bursts: Cutting through the noise of AI adoption. (www.aibursts.com) My Published Books: Books available on Amazon, Barnes & Noble, Apple Books, and many other outlets: - Cyber War: One Scenario – A guide to infrastructure resilience. - A Leader’s Playbook to Cyber Insurance – Managing the financial ROI of risk. - Cybersecurity Life Skills for Teens – My passion project for digital safety.

Ra'ad Siraj is a senior technology executive and investment leader specializing in responsible AI governance at enterprise scale. Most recently, he led AI and privacy governance for a Fortune 10 technology company, building frameworks that reduced review cycle times by 80% while managing risk across global operations in regulated environments. Currently, Ra'ad is developing international AI investment strategies, including pioneering work on cross-border technology corridors that connect established AI ecosystems with emerging markets. This work focuses on responsible AI deployment frameworks that can scale across diverse regulatory environments and cultural contexts. Notable Achievements: -Governed thousands of AI/ML use cases across multinational workforce operations -Reduced AI governance review cycles by 80% while maintaining regulatory compliance -Established enterprise-wide responsible AI programs at Fortune 500 financial services company -Led technology transformations as CIO/CTO at multiple leading financial institutions -Harvard MS Computer Science graduate and frequent technology conference speaker Key Areas of Expertise: Artificial Intelligence • AI Governance • Machine Learning • Data Governance • Enterprise Risk Management • Regulatory Compliance • Financial Services Technology • Digital Transformation • CIO Leadership • Technology Strategy • Privacy Engineering • Cross-border Investment • International Business Development • Board Advisory • Startup Governance • PropTech • FinTech • InsurTech • Enterprise Architecture • Cloud Strategy • Cybersecurity • Data Analytics • Change Management • Team Leadership • Venture Capital • Private Equity • Technology Due Diligence • Responsible AI • AI Ethics • Global Technology Partnerships Ra'ad is available for expert commentary on AI governance, global technology investment, enterprise AI leadership, and the intersection of innovation, regulation, and international business development.

I am an AI governance strategist, former CISO and DPO executive, and founder of [Yunique AI](https://www.yuniqueai.com?utm_source=chatgpt.com), where I help organizations adopt AI responsibly through practical governance, privacy, security, and risk alignment. My work focuses on closing the gap between rapid AI adoption and operational accountability. I specialize in helping organizations move beyond “checkbox compliance” to build AI programs that are legally defensible, operationally responsible, and aligned with evolving regulatory expectations. I have led global privacy, security, and governance initiatives across the U.S., UK, EMEA, and APAC, with experience aligning enterprise programs to frameworks and regulations including GDPR, HIPAA, CCPA, ISO standards, and emerging AI governance requirements. I am the creator of the CLEAR™ Framework, an AI governance operating model designed to help organizations establish visibility into AI use, clarify ownership and accountability, align AI initiatives with legal and risk obligations, and operationalize responsible AI execution. My work also extends into AI literacy and public education. I created the VOICE™ Framework to help students, educators, parents, and communities better understand how AI impacts decision-making, privacy, bias, and critical thinking. I am also the author of *The App Is Not My Friend*, an AI literacy book designed to help young people navigate AI responsibly. In addition to consulting and advisory work, I speak and write on topics including AI governance, shadow AI, privacy risk, AI accountability, defensible AI operations, and the intersection of law, security, and emerging technology. My approach emphasizes practical governance systems that organizations can actually operationalize — not just policies that exist on paper.

Dr. Philip D. Mann is an aviation safety and AI governance specialist who spent seventeen years inside the Federal Aviation Administration before founding Vector Strategic Consulting LLC. He rose from field technician to business analyst to instructor and training program manager at the FAA Academy, the agency's training center for the workforce that keeps the National Airspace System running. That path lets him speak about outages, controller staffing, and stalled modernization programs from inside the operation rather than from a press release. His commentary centers on three areas: aviation safety and National Airspace System infrastructure; the governance of artificial intelligence in critical systems where failure carries physical consequences; and the organizational risk, leadership, and human factors that decide whether a safety program holds under pressure. A single argument runs through the work: institutions tend to govern by disaster, writing rules only after the wreckage forces the issue, when they could govern by design and move accountability upstream of the failure. He is the author of The SCAR Framework: A Systematic Approach to AI Decision-Making in Critical Systems, a structured method for deciding when to trust automated systems where a wrong call can cost lives, built on four dimensions: Safety, Complexity, Accountability, and Resilience. His analysis has reached more than 35 million people worldwide across outlets including the Associated Press, USA Today, New Scientist, NewsNation, LiveNOW from Fox, LBC Radio in London, and Deutsche Welle. He works comfortably in print, on camera, and on live radio, holding a technical point in plain language for a general audience or speaking at full depth with a trade or policy reporter. Dr. Mann holds a PhD in Organization and Management, an MBA, an MPA, and a BS in Business Management, with PMP and PMI-RMP certifications. He responds quickly to deadlines and supports every claim with primary sources: FAA orders, NTSB findings, court records, and agency rulemakings.

With 20+ years' of experience in risk management and IT security, I excel at crafting secure, compliant, and efficient frameworks for businesses navigating complex regulatory landscapes. My expertise lies in developing Information Security Management Systems (ISMS) that achieve ISO 27001 certification, achieving up to 80% cost reduction in security implementations compared to traditional approaches. As an EC-Council subject matter expert for the CEH certification, my knowledge in ethical hacking and cybersecurity is both deep and broad. I take pride in the iO-GRCF , my proprietary framework designed to streamline and simplify cross-compliance. My goal is to foster partnerships within the industry to address governance, risk, and compliance challenges, while offering IT companies lucrative compliance, gap assessment, and penetration testing solutions.Professional Goals:* Forge partnerships with industry leaders to collaboratively tackle governance, risk, and compliance challenges.* Generate leads with IT companies to offer streamlined compliance, gap assessment, and penetration testing solutions, providing them with new revenue streams.Interests:Follow and engage with industry leaders and organizations that are at the forefront of cybersecurity, compliance standards, and IT innovations.

I'm an AI governance strategist and emerging tech founder with 11+ years at the intersection of technology law, cloud security, and artificial intelligence. As founder of NosisTech LLC, I help organizations navigate the risks and opportunities of AI adoption — from governance frameworks to agentic AI systems. I'm currently building AI-powered tools for the emerging markets, with a focus on making advanced AI infrastructure accessible and governable. I speak to AI governance, agentic AI systems, cloud risk, and the real-world implications of deploying AI at the enterprise level.

I am a cybersecurity and cloud infrastructure expert with a career built across Nokia Siemens Networks, Oracle, PayPal, Microsoft, and Ford Motor Company - five organizations that collectively shape global technology, finance, and industry. Over the past decade, I have designed and secured large-scale cloud systems protecting millions of users, led high-stakes infrastructure programs across enterprise and industrial environments, and invented patented solutions in cybersecurity and cloud architecture. My work spans the full spectrum — from hardening financial platforms against sophisticated threats at PayPal, to driving cloud modernization at Microsoft, to reimagining connected vehicle security at Ford. I hold patents in cybersecurity and cloud systems and have contributed research to recognized professional publications, giving me a grounded perspective that bridges cutting-edge innovation with real-world deployment at scale. Journalists and editors reach out to me for expert commentary on: Cloud security architecture and zero-trust frameworks Enterprise cybersecurity strategy and risk AI and automation in threat detection Digital transformation in automotive and industrial sectors Big Tech infrastructure trends and cloud migration I bring clarity to complex technical topics — translating what happens inside enterprise security and cloud systems into insight that matters to business leaders, policymakers, and the public.

Rahul Mewawalla has held leadership roles with technology companies across global Fortune 500 companies and Silicon Valley startups, such as Yahoo!, General Electric Company, and Nokia Corporation. He has also served as CEO, President, and Chairman across Nasdaq-listed public companies. Other operating roles include head of platforms and technology businesses, amongst other business and technology leadership roles, and as a public company board director. His experience spans industry-leading platforms, products, and infrastructure across transformative and growth enterprise and consumer businesses. Rahul has extensive technology, business, and innovation expertise and served as an Advisor to Stanford University’s Persuasive Technology Lab, Senior Advisor to the San Francisco Mayor’s Office on Innovation, Chair of Venture Capital Task Force Committee on Services and Systems, and advised the MIT-Stanford Venture Lab. He has received several awards and honors for technology, innovation, and business such as “Silicon Valley’s Top 50 Innovators,” “Top 40 under 40 Leaders” and “Future Mobile Gold Award”. He also led the U.S.’s first digital, technology, and innovation program in Silicon Valley in collaboration with the White House. He has been a speaker and judge at numerous business and technology institutions such as Harvard, MIT, Stanford, Wharton, Yale, University of California and at events such as the Red Herring CEO Conference, Federal Labs Consortium World’s Best Technologies, and the Intel Capital CEO Summit. Rahul has been featured in publications such as Wall Street Journal, CNBC, Harvard Business Review, Financial Times, Bloomberg Businessweek, Newsweek, MIT Technology Review, Fast Company, TechCrunch, VentureBeat, CNN, ABC, FOX, CBS News and Reuters. He has authored numerous business and technology articles and frequently published in publications such as Forbes and Fast Company. He has also served on the boards of six NASDAQ-listed public companies, including as audit committee chair, compensation committee chair, nomination and governance committee, strategic transactions, and M&A committees. He has also served as Chairman of NASDAQ-listed public companies. He is a SEC-qualified and board-deemed audit committee financial expert (ACFE) and also has technology and cybersecurity expertise. He has also served on advisory boards such as at Cisco, Stanford, Yale-Goldman Sachs Foundation, and on philanthropic boards such as Nobel Prize nominee SOS Children’s Villages USA. He holds an MBA from the Kellogg School of Management at Northwestern University, and completed executive education programs at Stanford University and Harvard University.

Cybersecurity expert with over a decade and a half of deep-dive experience, I bring an unparalleled level of understanding and expertise in strategic Cybersecurity planning, effective risk control, and pioneering product innovation. My career reflects my role as a reliable authority for organizations of all sizes, as well as an effective liaison with different regulatory bodies.

Matt Lindley is the Chief Innovation & Information Security Officer at NINJIO, a leading cybersecurity awareness training and human risk management platform. Matt leads NINJIO’s cybersecurity team and AI innovation projects. Previously, he was the CEO and Principal Consultant at REIN Cybersecurity, which focused on governance, risk management, and compliance (GRC). He has also served as the Director of Security Services at Cal Net Technology Group and the virtual CIO at Convergence Networks. Matt is an authority on IT, cybersecurity, GRC, and operational maturity whose expert insights have been published in media outlets spanning cybersecurity and many other relevant verticals. His byline has appeared in a wide range of cybersecurity and tech publications, including Dark Reading, Cyber Defense Magazine, Innovation & Tech Today, Spiceworks, Security Magazine, Cybersecurity Insiders, Security Boulevard, U.S. Cybersecurity Magazine, Information Week, and Cyber Protection Magazine. Matt has also published extensively in outlets serving specific industry verticals, such as InsuranceNewsNet, Business Traveler, Manufacturing.net, and Carrier Management. He is considered a leading security analyst whose research and expertise cover AI strategy and transformation, emerging cyberthreats, behavioral psychology, social engineering, and organizational resilience. Matt has over a decade and a half of experience as both a practitioner and a thought leader in cybersecurity, and he is particularly focused on human risk management—a core pillar of cybersecurity at a time when the human element is implicated in the majority of breaches.

CISO and advisor helping FinTechs turn DORA/NIS2/PSD2, PCI DSS, ISO 27001, and GDPR into practical resilience and business value. 20+ years across architecture, incident response, and program build-out. I prioritise KPIs, clear board communication, and continuous improvement, not checkbox compliance. Highlights: led DORA/NIS2 readiness for cross-border teams (faster audits; 30%+ lower regulatory risk), stood up vCISO/vDPO programs with cloud-native controls, vendor risk, and privacy automation. Community: OWASP Riga and Cloud Security Alliance Chapter Lead. Need to get regulator-ready? Let’s connect.

Josh Fleming is the Risk Advisory & GRC practice lead at Echelon Risk + Cyber, where he helps organizations strengthen resilience against today’s most complex cyber and physical threats. He brings a unique ability to bridge technical expertise with executive strategy, enabling leaders to make confident, informed decisions during both preparation and crisis. With extensive experience across industries such as healthcare, manufacturing, financial services, and energy, Josh has partnered with organizations to identify risks, fortify defenses, and implement effective governance strategies. His work spans from building incident prevention programs to leading executive tabletop exercises, risk assessments, and crisis response planning. Josh regularly advises executive teams, C-suites, and boards on incident response readiness and strategic risk management. He is known for developing actionable frameworks and clear decision-making playbooks that reduce risk exposure, accelerate response, and build stakeholder trust. As an industry thought leader, Josh is committed to advancing the conversation around governance, risk, and compliance. He stays at the forefront of emerging trends and regulations, particularly in areas such as AI governance and cybersecurity resilience, to ensure his clients and partners are not only compliant, but future-ready. Above all, Josh is recognized as a trusted advisor who combines technical depth, business acumen, and a client-centric approach to deliver lasting value. His mission is to help organizations move beyond compliance to achieve true resilience and competitive advantage in an evolving risk landscape.

I’m Eric Garcia, the CEO of SentrIQ Labs. I have over 15 years of experience in cybersecurity, working across federal, defense, and cloud environments to help organizations design, implement, and defend security programs in highly regulated spaces. My background includes hands-on involvement with authorization processes, security control assessments, policy development, and executive-level risk advisory, with a strong focus on cybersecurity frameworks. Before founding SentrIQ Labs, I worked with organizations ranging from early-stage SaaS companies to large defense contractors, helping them navigate compliance demands without losing sight of operational reality. I have spent years inside the authorization process, working directly with engineers, compliance teams, and leadership to translate dense regulatory requirements into security controls that can actually be implemented and sustained. At SentrIQ Labs, my focus is on applying AI to reduce friction in cybersecurity compliance and audit readiness. That includes automating evidence collection, control mapping, and documentation workflows while preserving human judgment where it matters most. I am particularly interested in how AI changes the future of GRC, the risks introduced by poorly governed AI systems, and how companies can adopt automation without increasing their attack surface. I regularly share insights on cybersecurity compliance, AI development, and the evolving threat landscape, with an emphasis on practical, defensible security programs that align with real business risk rather than checkbox compliance.

Keith Myers is a cybersecurity and AI strategy consultant with 25 years of IT and cybersecurity leadership experience from Fortune 500 environments. He is the founder of Entori (entori.com), a boutique consulting firm that helps small and mid-sized businesses build the governance structures, security frameworks, and AI policies needed to manage technology risk at the executive level. Keith served as SVP of IT at Live Nation Entertainment and VP of International IT at Ticketmaster, where he led enterprise-scale programs across security, compliance, and technology governance. He holds CISSP and CISM certifications and has operated in environments where security, compliance, and operational continuity were daily requirements. His areas of expertise include cybersecurity risk assessment, NIST framework alignment, SOC 2 and ISO 27001 readiness, AI governance and policy development, Microsoft 365 security, and IT management consulting for small and mid-sized businesses. He brings an executive perspective to complex technology risk topics and translates that complexity into language that business leaders and boards can act on. Keith is available to comment on cybersecurity risk management, AI adoption and governance, data privacy and compliance, cyber insurance requirements, and the technology challenges facing small and mid-sized businesses.

Luke Irwin is a cybersecurity strategist, speaker, and Founder of Aegis Cybersecurity, an Australian consultancy focused on cybersecurity governance, risk, compliance, and strategic advisory. He works with organisations to strengthen cyber resilience through clearer leadership, stronger governance, and practical security programs aligned to business priorities. He is known for helping boards, executives, and business leaders understand cybersecurity as a whole-of-business risk rather than a purely technical issue. His work centres on translating complex security and compliance requirements into commercially grounded decisions that support resilience, accountability, trust, and long-term performance. Luke advises across frameworks and standards including ISO 27001, SOC 2, Essential Eight, NIST, and SMB1001. His experience spans cybersecurity strategy, security maturity uplift, policy and control development, third-party risk, governance improvement, and fractional CISO support, particularly for small to mid-market and regulated organisations. Alongside his advisory work, Luke is a regular speaker and industry commentator on cyber risk, governance, vendor risk, and modern security leadership. He is recognised for his direct, practical perspective and his ability to bridge the gap between technical security expectations and executive decision-making.