Recognized Risk Assessment Leaders 2025

Josh Fleming is the Risk Advisory & GRC practice lead at Echelon Risk + Cyber, where he helps organizations strengthen resilience against today’s most complex cyber and physical threats. He brings a unique ability to bridge technical expertise with executive strategy, enabling leaders to make confident, informed decisions during both preparation and crisis. With extensive experience across industries such as healthcare, manufacturing, financial services, and energy, Josh has partnered with organizations to identify risks, fortify defenses, and implement effective governance strategies. His work spans from building incident prevention programs to leading executive tabletop exercises, risk assessments, and crisis response planning. Josh regularly advises executive teams, C-suites, and boards on incident response readiness and strategic risk management. He is known for developing actionable frameworks and clear decision-making playbooks that reduce risk exposure, accelerate response, and build stakeholder trust. As an industry thought leader, Josh is committed to advancing the conversation around governance, risk, and compliance. He stays at the forefront of emerging trends and regulations, particularly in areas such as AI governance and cybersecurity resilience, to ensure his clients and partners are not only compliant, but future-ready. Above all, Josh is recognized as a trusted advisor who combines technical depth, business acumen, and a client-centric approach to deliver lasting value. His mission is to help organizations move beyond compliance to achieve true resilience and competitive advantage in an evolving risk landscape.

I am a former Chief Risk Officer and today an industry-leading risk management authority, strategy advisor and author. I created the 52 Risks® management framework (www.52Risks.com) over a decade ago to guide board directors, executives and managers in the identification and management of business risks. Today it is used all over the world, across all industries. I like to describe it as the equivalent of the Balanced Scorecard for risk management. I was awarded Australian Banking & Finance magazine’s Chief Risk Officer of the Year award in 2014, 2015, 2016 and 2018. I am a regular contributor to a range of strategy, risk and finance publications including Company Director Magazine (Australia), Director Today (India), FINSIA (Australia) and The Asian Banker (Singapore). You can read more about my talks and presentations here: https://notwithoutrisk.com/2025-presentations-and-papers/ I am also co-founder of the tech startup, Shelf Labs and Non-Executive Director of the equities trading platform Trade for Good. I am also an advisory board member for several technology and start-up companies. In December 2024, I released the book, Startup Toolkit: A Step-by-Step Guide for Founders (www.goruworld) to inspire the next generation of entrepreneurs.

My professional journey has taken me through various roles where I've sharpened my skills in risk assessment, financial analysis, and building enduring client relationships.Achieving success for me goes beyond the immediate task at hand. It’s about seeing the bigger picture and making a tangible impact in the long term success of the organization. I’m passionate about developing new frameworks that create sustainable and repeatable outcomes within my work. I also believe in the power of collaboration and shared insights to drive progress for each member of my team.I welcome connections from fellow professionals and anyone interested in discussing the future of finance and the potential for innovation within our field. Together, let’s explore the possibilities.

CISSP-certified cybersecurity and technology executive with more than 20 years of progressive leadership across the renewable energy and critical infrastructure sectors. My work sits at the intersection of four disciplines usually held by different specialists: enterprise information security, operational technology (OT/SCADA) security in regulated energy environments, federal regulatory compliance, and the responsible governance of artificial intelligence in critical infrastructure. I serve as Director of Enterprise AI and Risk for a renewable power operator, accountable for the cybersecurity, regulatory, and AI governance posture of a North American fleet exceeding 1,800 distributed solar assets — operations within the U.S. bulk electric system and under federal critical infrastructure regulation. My contributions rest on three programs I have personally designed and led. First, I established secure architecture and OT/SCADA refresh standards securing utility-scale wind and solar operations, advancing the cybersecurity of U.S. critical energy infrastructure. Second, I authored the enterprise data privacy program harmonizing multiple U.S. state privacy laws (CCPA, CPRA, VCDPA, CPA, CTDPA, UCPA) under a NIST 800-53 control architecture, and built upon it the enterprise Data Security Program required for the DOJ rule under 28 CFR Part 202 (EO 14117). Third, I authored the enterprise AI governance program aligned to the NIST AI Risk Management Framework, operationalizing responsible deployment of generative and agentic AI in a regulated, OT-heavy environment. I lead integrated programs across the DOJ Data Security Program, multi-state privacy law, and the NIST AI RMF — translating unsettled federal regulation into board-ready strategy. CISSP. ISC2 peer judge. Forbes Technology Council member.

Seasoned technologist with global experience in successfully overseeing and managing complex IT infrastructure (LAN/WAN/Data Centre) and managing build-out projects, cybersecurity initiatives, and application development projects. Skilled in various project management methodologies, including agile, Scaled Agile Framework (SAFe), and waterfall, to drive project success and achieve desired outcomes. Demonstrated expertise in leading cross-functional teams across diverse geographical locations, delivering projects within budget and timeline constraints, and aligning technology solutions with strategic business objectives. Excellent communication, stakeholder management, and technical skills to drive project success and achieve desired outcomes. Adept at leveraging industry best practices, methodologies, and global standards to ensure efficient project execution, optimize resource utilization, and maximize value for organizations.

Warren Pulley brings 40 years of threat assessment and crisis management expertise across military, law enforcement, diplomatic, corporate, and educational environments. As founder of CrisisWire, he provides professional threat assessment services to organizations throughout Hawaii, Nationally and Internationally. Credentials: BTAM (Behavioral Threat Assessment & Management) trained - University of Hawaii West Oahu 20+ FEMA certifications (IS-906, IS-907, IS-915, complete ICS/NIMS) Former LAPD Veteran Police Officer (12 years) 6+ years U.S. Embassy Baghdad security operations (zero incidents under daily threat) Former Director of Campus Safety, Chaminade University Former California Private Investigator 7 years U.S. Air Force (nuclear security & paralegal) Published Authority: Author of five books on threat assessment: The Prepared Leader, Threat Assessment Handbook, Campus Under Siege, Locked Down: The Access Control Playbook, and Uniformed Silence. Published researcher with 9+ peer-reviewed papers on threat assessment, workplace violence, and crisis management. Media-Ready Expertise: Available for expert commentary on threat assessment, school safety, workplace violence prevention, crisis management, executive protection, insider threats, and emergency preparedness. Find CrisisWire online at https://rypulmedia.wixsite.com/crisiswire

Govind Balachandran is the founder of Continuuiti, a climate and operational risk intelligence platform that helps enterprises quantify physical climate risk at the asset level. The platform delivers hazard assessments across 12 physical climate perils, flood depth modelling, and financial loss estimation using peer reviewed damage curve methodologies, enabling banks, insurers, and corporates to translate climate exposure into monetary terms. Previously, Govind founded SignalX, a leading AI-based third-party risk management and due diligence platform that he built over seven years into a 600+ customer business serving all Big Four consulting firms, major enterprises with global supply chains, and private equity houses. He raised venture capital from marquee funds, grew the business to profitability, and currently serves as Board Observer, supporting the board and leadership through a GenAI transformation of the business. He brings deep expertise in enterprise risk management, climate risk quantification, physical risk modelling, and building B2B SaaS platforms for regulated industries. Areas of expertise: Physical climate risk assessment, climate value at risk (CVaR), flood risk modelling, climate stress testing for financial institutions, operational resilience, enterprise risk management, third-party risk management, due diligence, supply chain resilience, climate risk for real estate and infrastructure portfolios, B2B SaaS for regulated industries.

Dr. Philip D. Mann is an aviation safety and AI governance specialist who spent seventeen years inside the Federal Aviation Administration before founding Vector Strategic Consulting LLC. He rose from field technician to business analyst to instructor and training program manager at the FAA Academy, the agency's training center for the workforce that keeps the National Airspace System running. That path lets him speak about outages, controller staffing, and stalled modernization programs from inside the operation rather than from a press release. His commentary centers on three areas: aviation safety and National Airspace System infrastructure; the governance of artificial intelligence in critical systems where failure carries physical consequences; and the organizational risk, leadership, and human factors that decide whether a safety program holds under pressure. A single argument runs through the work: institutions tend to govern by disaster, writing rules only after the wreckage forces the issue, when they could govern by design and move accountability upstream of the failure. He is the author of The SCAR Framework: A Systematic Approach to AI Decision-Making in Critical Systems, a structured method for deciding when to trust automated systems where a wrong call can cost lives, built on four dimensions: Safety, Complexity, Accountability, and Resilience. His analysis has reached more than 35 million people worldwide across outlets including the Associated Press, USA Today, New Scientist, NewsNation, LiveNOW from Fox, LBC Radio in London, and Deutsche Welle. He works comfortably in print, on camera, and on live radio, holding a technical point in plain language for a general audience or speaking at full depth with a trade or policy reporter. Dr. Mann holds a PhD in Organization and Management, an MBA, an MPA, and a BS in Business Management, with PMP and PMI-RMP certifications. He responds quickly to deadlines and supports every claim with primary sources: FAA orders, NTSB findings, court records, and agency rulemakings.

As a Cybersecurity Auditor operating at the intersection of complex digital infrastructures and human systems, my mission is to build resilience in an increasingly volatile world. With over 20 years of experience in Global MNCs, I’ve realized that protecting a network is only half the battle; the ultimate firewall is the clarity and alignment of the professional mind. ​I am a published author of three works that explore the architecture of security and the science of patterns: ​'The Interview': A deep dive into the technical and psychological nuances of Cybersecurity. ​'Cosmic Catalyst' & 'Beyond Constellations': Research into systemic cycles, predictive analytics, and ancient pattern-recognition frameworks. ​ My methodology is unique. By day, I audit global cybersecurity frameworks for US-based clients. Beyond the code, I am a dedicated researcher of Bio-Energetic Systems and Chronobiological Trends. I have successfully applied these 'multidimensional' patterns to predict global events and organizational shifts with high accuracy—bridging the gap between the measurable and the metaphysical. Through my research I offer high-performance philosophy to fellow cybersecurity professionals. My goal is to help leaders navigate 'zero-day' life challenges with the same precision they apply to their digitalecosystem. ​ I believe the future of leadership belongs to those who can traverse both the logical and the intuitive. I am here to help you audit your path to sovereign success.

Karthikeyan Ramdass a seasoned cybersecurity professional with over 18 years of experience securing mission-critical systems for leading Fortune 500 companies across industries including aviation, finance, automotive, and technology. I have played a pivotal role in protecting organizations such as Southwest Airlines, Wells Fargo, Morgan Stanley, Toyota Motors North America, AIG, Cognizant, Salesforce, and Deluxe Corporation. Specializing in application security, vulnerability management, secure architecture, and supply chain defense, led the design and implementation of enterprise-scale security frameworks, CI/CD pipelines, and advanced security testing solutions. Extensive experience in SAST, DAST, SCA, zero-day vulnerability management, and penetration testing, ensuring compliance with global standards such as NIST CSF, PCI DSS, and OWASP Top 10.

Behavioral threat assessment and workplace violence prevention expert with 35+ years in public safety, consulting, and criminal justice education.

Luke Irwin is a cybersecurity strategist, speaker, and Founder of Aegis Cybersecurity, an Australian consultancy focused on cybersecurity governance, risk, compliance, and strategic advisory. He works with organisations to strengthen cyber resilience through clearer leadership, stronger governance, and practical security programs aligned to business priorities. He is known for helping boards, executives, and business leaders understand cybersecurity as a whole-of-business risk rather than a purely technical issue. His work centres on translating complex security and compliance requirements into commercially grounded decisions that support resilience, accountability, trust, and long-term performance. Luke advises across frameworks and standards including ISO 27001, SOC 2, Essential Eight, NIST, and SMB1001. His experience spans cybersecurity strategy, security maturity uplift, policy and control development, third-party risk, governance improvement, and fractional CISO support, particularly for small to mid-market and regulated organisations. Alongside his advisory work, Luke is a regular speaker and industry commentator on cyber risk, governance, vendor risk, and modern security leadership. He is recognised for his direct, practical perspective and his ability to bridge the gap between technical security expectations and executive decision-making.

Mark Lynd is the Head of Executive Advisory & Strategy at Netsync, one of the nation's leading value-added resellers, where he works daily with C-Suite executives on AI, cybersecurity strategy, and digital transformation. A 5x CIO/CISO, author, thought leader and keynote speaker with decades of hands-on operational experience, Mark brings a rare combination of boardroom perspective and practitioner depth to every engagement. Ranked as a Top 5 Global Thought Leader in both AI and Cybersecurity by Thinkers360, Mark has facilitated over 150 incident response tabletop exercises across school districts, Fortune 500 enterprises, healthcare systems, government agencies, and mid-market manufacturers. His original research from these exercises represents the most comprehensive tabletop dataset published by a single practitioner. Mark has delivered more than 100 keynotes at marquee events including RSA Conference, Oracle CloudWorld, Cisco Partner Summit, Dell Technologies World, IBM Think, and Gartner Security & Risk Management Summit. His speaking topics span AI generative strategy, AI infrastructure, cybersecurity operations, ransomware preparedness, incident response, and business continuity. He holds a Bachelor of Science degree from the University of Tulsa and attended The Wharton School. Mark served honorably in the United States Army's 3rd Ranger battalion, and 82d Airborne. My Newsletters: - Cybervizer: Weekly strategic briefings for 10k+ professionals. (www.cybervizer.com) - AI Bursts: Cutting through the noise of AI adoption. (www.aibursts.com) My Published Books: Books available on Amazon, Barnes & Noble, Apple Books, and many other outlets: - Cyber War: One Scenario – A guide to infrastructure resilience. - A Leader’s Playbook to Cyber Insurance – Managing the financial ROI of risk. - Cybersecurity Life Skills for Teens – My passion project for digital safety.

Accomplished program manager focusing on physical security (PS), information security (INFOSEC), continuity of operations (COOP), exercises and experiments, and knowledge management (KM) programs and projects for military, Federal/state government agencies, and private sector clients. Work for small-to-large size engineering, logistics or consulting firms includes security, continuity and analysis project management for Departments of Defense, Justice, Agriculture, Interior, Energy and Homeland Security (DoD, DoJ, USDA, DoI, DoE and DHS) client organizations, and global commercial enterprises.

Cyber Security Consultant and Tech Enthusiast with 10+ years of experience helping businesses strengthen digital security, optimize technology strategies, and drive innovation across the Cyber Security, Business Consulting, Technology, and SaaS industries. Skilled in identifying security risks, implementing resilient solutions, and advising organizations on secure digital transformation initiatives. Passionate about emerging technologies, PKI, cloud security, SaaS ecosystems, and helping startups and enterprises build scalable, secure, and future-ready systems. Known for combining technical expertise with business insight to deliver practical solutions that enhance operational efficiency, compliance, and cybersecurity resilience.

European lawyer admitted to the Spanish Bar (ICATF nº 5961) with 10+ years of legal practice across EU jurisdictions, based in New York City. Founder of Lexara Advisory LLC, an AI governance consulting firm advising US and global companies on EU AI Act compliance. Uniquely positioned at the intersection of European legal expertise and the American regulatory landscape. My work covers extraterritorial scope and cross-border reach, Annex III high-risk classification across employment, education, critical infrastructure, and law enforcement contexts, provider versus deployer determination, human oversight design under Article 14, and liability exposure across the full provider and deployer chain. Author of Guilty Algorithm, structured legal analysis of AI regulation in criminal justice and immigration law built against primary sources. Regular commentator on extraterritorial AI regulation, Annex III risk classification, and post-Omnibus compliance timelines. Recently quoted in UNLEASH on EU AI Act compliance for HR teams.

Senior cybersecurity and AI leader with over 20 years of experience across three continents (United States, South Africa, India). Currently Vice President of DevSecOps Engineering at a major financial institution. Proven track record of building high trust teams, mentoring future leaders, and driving innovation that measurably improves software supply chain security. Recognized by a UN leader, an AWS Principal Specialist, and invited to the Forbes Technology Council. Dedicated to advancing the cybersecurity & AI profession through service as IEEE Symposium on Security and Privacy (IEEE S&P) Artifact Evaluation Committee member, PEARC'26 Program Committee member, judge, peer reviewer, and mentor.

Matt Lindley is the Chief Innovation & Information Security Officer at NINJIO, a leading cybersecurity awareness training and human risk management platform. Matt leads NINJIO’s cybersecurity team and AI innovation projects. Previously, he was the CEO and Principal Consultant at REIN Cybersecurity, which focused on governance, risk management, and compliance (GRC). He has also served as the Director of Security Services at Cal Net Technology Group and the virtual CIO at Convergence Networks. Matt is an authority on IT, cybersecurity, GRC, and operational maturity whose expert insights have been published in media outlets spanning cybersecurity and many other relevant verticals. His byline has appeared in a wide range of cybersecurity and tech publications, including Dark Reading, Cyber Defense Magazine, Innovation & Tech Today, Spiceworks, Security Magazine, Cybersecurity Insiders, Security Boulevard, U.S. Cybersecurity Magazine, Information Week, and Cyber Protection Magazine. Matt has also published extensively in outlets serving specific industry verticals, such as InsuranceNewsNet, Business Traveler, Manufacturing.net, and Carrier Management. He is considered a leading security analyst whose research and expertise cover AI strategy and transformation, emerging cyberthreats, behavioral psychology, social engineering, and organizational resilience. Matt has over a decade and a half of experience as both a practitioner and a thought leader in cybersecurity, and he is particularly focused on human risk management—a core pillar of cybersecurity at a time when the human element is implicated in the majority of breaches.

A pragmatic leader with experience guiding, building, and scaling cybersecurity and privacy programs across sectors. I formerly led the Information Security program for Udemy an EdTech firm. Implemented company-wide cybersecurity and data privacy governance programs for payment organizations, Led service delivery strategy, audits and penetration testing engagements for Consulting organizations and help company stakeholders understand likely business threats and practical methods to minimize risk.

Ashish Garg is a Principal Product Manager with 15+ years scaling AI/ML products and product operations at Fortune 100 firms. He works at the intersection of Product Ops, enterprise planning, and applied AI, focused on the "front door" of delivery: intake, triage, prioritization, and the rituals that turn strategy into shipped outcomes. In his enterprise planning work, he architected a centralized planning platform that institutionalized Continuous Planning and reduced PM coordination time by 40%. He also leads GenAI initiatives for product teams, including custom assistants and agentic workflows built on RAG and multi-contextual prompting architectures. His earlier work in Financial Planning and Supply Chain Finance delivered measurable operational impact through ML products spanning productivity, forecasting, and churn prediction. Ashish believes the failure mode in complex organizations isn't effort but unclear ownership, hidden dependencies, and decisions that can't be defended later. He designs AI-assisted workflows where humans stay in control, outputs are grounded in evidence, and decision trails are explainable to leadership. He's a recognized thought leader on enterprise AI productization, frequently speaking at industry conferences on his frameworks for scalable, trustworthy AI delivery.