2022 CHICAGO AREA CHIEF INFORMATION SECURITY OFFICER (CISO) OF THE YEAR AWARD WINNERS - Press Release
The Chicago-area Chief Information Security Officer (CISO) of the Year Program, in association with the Chicago chapters of the Association of Information Technology Professionals (AITP), ISACA, FBI-InfraGard, Information Systems Security Association (ISSA), ChicagoFIRST, and the Society for Information Management (SIM), is proud to announce the winners of the 2022 Chicago-area Chief Information Security Officer (CISO) of the Year award:
MIDCAP Category Winner
Walter Lefmann, CISO, Chicago Trading Corporation
ENTERPRISE Category Winner
Mahmood Khan, SVP & CISO, CNA Insurance
The winners were determined over a three-phased process that began with an extensive written submission by the nominees detailing their leadership approach and achievements over the prior year. Over three months, the nominees were then interviewed and scored by a panel of their peers. Two finalists for each category were submitted to program judges, Patrick Blandford (CEO, Green Shield Risk Solutions), Tom Monahan (CEO, DeVry University), and Wells Hutchinson (CEO, Delta Dental Plans Association), for final consideration.
The winners were announced during a breakfast ceremony at the Metropolitan Club of Chicago on October 11th, 2022.
Maintaining strong cyber security and privacy programs has become increasingly apparent in the current business climate. Where the odds of an organization experiencing a data breach is greater than 1 in 41 in 24 months and where the average cost exceeds $3.8 million2, the importance of having robust security leadership has become a business imperative. The Chicago-area CISO of the Year Program recognizes the contributions of Security and Privacy leaders to their organizations, their profession, and the local community.
For additional information, please write to CISOoftheYearChicago@gmail.com.
CISO, Chicago Trading Corporation
Walter Lefmann is currently Director of Security at CTC Trading Group LLC, a capital markets trading firm. That role has included Information Security, Physical Security and Life Safety, Privacy, and BCP/DR.
He has been practicing cybersecurity with varying focus for his entire professional career. The balance has shifted back and forth over time between technology engineering/operations and security over the years, which has led to a well-balanced business-focused approach to security.
The professional journey to CTC came by way Goldman Sachs, Hull Trading Company, and Motorola, from an early career as an experimental physicist at the Fermi National Accelerator Laboratory. Walter holds a PhD, MPhil, and MA in Physics from Columbia University, and a BS in Physics from Stevens Institute of Technology.
While at Columbia University, Walter also served for five years as a volunteer NYC Auxiliary Police Officer and Sergeant. The experience of working closely with the public sector to serve and improve the community was tremendously rewarding and has shaped a lifelong respect for the dedicated people who face the challenges of that service!
Walter participates in many professional and public/private outreach organizations, including FBI InfraGard (currently serving as a Chicago Chapter board member), US Secret Service Cyber Fraud Task Force, Chicago FIRST, FS-ISAC, the National Technology Security Coalition, and ASIS. Walter was a nominee for the 2020 Chicago CISO of the Year award program.
Outside of work, Walter is an avid scuba diver (even diving in Lake Michigan … yes, it’s COLD!), sings tenor in the Harper Festival Chorus community group, and dances with his wife whenever he can!
SVP & CISO, CNA Insurance
Mr. Mahmood Khan is Senior Vice President and Global Chief Information Security Officer at CNA Financial (NYSE: CAN), one of the largest commercial property and casualty insurance companies in the U.S. with $10.8 billion in sales and 5,800 employees.
Mahmood joined CNA in 2020 in his current role, in which he oversees CNA’s global cybersecurity team responsible for the firm’s information security strategy, policy and programs. He developed and implemented a strategy to transform the company’s existing information security program, expanding it from 20 employees and a $20 million budget to an organization with more than 90 employees and a $65 million budget. He led all aspects of the recovery, containment and investigation efforts after a catastrophic ransomware cyberattack on the organization that had significantly affected operations. He also oversaw the creation of a next-generation virtual private network to enable and secure remote work operations during the pandemic.
Before joining CNA, Mahmood held the position of Managing Director of Cybersecurity Operations and Deputy Chief Information Security Officer at United Airlines (Nasdaq: UAL) from 2017 to 2020. He led a global team responsible for programs including industrial network visibility and active monitoring, threat intelligence, risk assessment and vulnerability management, application security, forensics, monitoring, incident response and more. In his first 90 days at the company, he created an intelligence-driven, risk-based adaptive three-year roadmap. He also managed a $25 million operating budget and a $40 million project portfolio.
Previously, he spent 10 years at Bank of America (NYSE: BAC), where he held several information security leadership roles from 2007 to 2017, most recently serving as Senior Vice President of Global Information Security. In this role, he led a global team that managed all aspects of enterprise application security and customer protection strategy. He developed and executed a long-term enterprise security strategy that aligned with Bank of America’s corporate strategic imperatives. Prior to this role, he served as Business Information Security Officer, Senior Manager of Enterprise Security Assessment. He joined Bank of America in 2007 as Head of Infrastructure Assessment.
He serves on the steering committee of the U.S. Secret Service’s Chicago Electronic Crime Task Force (C-ECTF) as well as the board of advisors for several security technology companies.
Mahmood holds a bachelor’s degree in Computer Information Systems from DePaul University and a master’s degree in Cybersecurity from Missouri State University.