CISO of the Year Award
2023 CISO of the Year Program Overview
The CISO of the Year Committee and the Chicago Chapters of AITP, ChicagoFIRST, InfraGard, ISACA, ISSA and SIM invite you to submit exceptional cybersecurity leaders for the Chicago Area CISO of the Year Award.
Click Here Print/Download the 2023 CISO of the Year Program Overview and Nomination Form
All of our events will be in person this year. We will continue to follow all federal, state and local pandemic guidelines should another Covid surge occur.
The current business climate has seen an unprecedented number of cybersecurity related headlines. Hackers to Nation State actors have been shown to be constantly probing organizations defenses with the intent to break in, disrupt operations, monetize information, and steal intellectual property. Between these threats and the increasing regulatory climate, never has the Chief Information Security Officer (CISO) been asked to navigate more difficult terrain.
Originally patterned after the Chief Information Officer (CIO) of the Year Award sponsored by the Association of Information Technology Professionals (AITP Chicago), SIM-Chicago and the Executives' Club of Chicago, this program seeks to recognize outstanding CISOs for the contributions they make to their organizations, the Information Security profession and the local community. The award process is overseen by the Chicago CISO of the Year Program, which is a not-for-profit affiliated with AITP Chicago and managed by local area security leader volunteers.
Starting in 2022 two different awards will be presented – “ENTERPRISE” for CISO’s from organizations with more than $4B USD in revenue and “MID-CAP” for those from organizations with less than $4B in revenue. If a CISO does not have company-wide responsibilities, the combined revenue of the business units under their remit will be used to determine the award for which they’ll be considered.
Nomination is an open process that can be initiated by anyone with direct experience working with the nominee. Submitted nominations are reviewed by the Head of the Judges Committee to ensure that the nominee meets the requirements laid out in the Nomination Form. Nominees demonstrate their competency and achievements through a multi-staged process that includes a detailed written questionnaire, and a series of formal and informal interviews with a panel of industry peer-level judges. The program spans over five months and culminates with a final interview and selection process completed by a panel of local area CEOs. The CISO of the Year winner is announced at an Awards Ceremony held in October of the same year.
NOMINEE EVALUATION PROCESS:
PRIOR CISO OF THE YEAR AWARD WINNERS:
2022 - ENTERPISE, Mahmood Khan, SVP & CISO, CNA Insurance
2022 - MID-CAP, Walter Lefmann, CISO, Chicago Trading Corporation
2021 - Ricardo Lafosse, CISO, Kraft Heinz
2020 – Paige Adams, Global CISO, Zurich Insurance
2019 – Jill Rhodes, CISO, Option Care
2018 – Bradley Schaufenbuel, CISO & VP, Paylocity
2017 – Erik Decker, Chief Security & Privacy Officer, University of Chicago Medicine
2016 – Todd Fitzgerald, CISO, Grant Thornton International Ltd.
2015 – Kevin Novak, CISO and Technology Risk Officer, Northern Trust Bank
2014 – Arlan McMillan, CISO, Department of Innovation and Technology, City of Chicago
2013 – Jason Witty, CISO & SVP, US Bank
PRIOR EXECUTIVE JUDGES:
2022 - ENTERPRISE, Pat Blandford, Founder, CEO, Green Shield Risk Solutions & Tom Monahan, CEO, DeVry University
2022 - MID-CAP, Wells Hutchinson, CEO, Dental Delta Plans Assoc. & Tom Monahan, CEO, DeVry University
2021 – Bradley Alter, CEO, Certified Health Management and Sunil Cutinho, President, CME Clearing
2020 – Bob McGonigle, CEO, Martin Brower and Michael O'Grady, CEO, Northern Trust
2019 – Doug Kofoid, CEO, DialogTech and Tony Lorenz, CEO, PRA and Jo Ann Rooney, Pres., Loyola Univ.
2018 – Sharon O'Keefe, President, UCMC and John Walden, CEO, FTD
2017 – Anders Gustafsson, CEO, Zebra Technologies and Tom Richards, Executive Chairman, CDW
2016 – David Nelms, Discover Financial and Steve Lieber, CEO, HIMSS
2015 – Artur Fridberg, CEO, eboundhost and Dan Yunker, CEO, MCHC/LLH
2014 – Deborah Gage, CEO, Medecision and Rick Waddell, CEO, Northern Trust
2013 – none
On behalf of the Program Committee, prior winners, nominees, partners, sponsors and the CISOs of the Chicago region, thank you for your participation in the Program.
Wayne Johnson, Founder
Timeline - 2023 Dates Available Soon
TKY 2022 PROGRAM EVENT DATES:
> - Nomination Process Opens
> - Mixer #1 : In Person at Gibson's Rosemont, 5-8 PM (Tuesday) Click Here to Register
> 6/21/22 - Mixer #2: In Person at Smith & Wollensky on the River, 5-8 PM (Tuesday) Click Here to Register
> 7/26/22 - Mixer #3: In Person at the Raised Urban Rooftop Bar, 5-8 PM (Tuesday)
> 7/29/22 - Final date for Nominees to submit nominee their Application Forms
> 8/23/22 - Mixer #4 - In Person at The Florentine at the JW Marriott, 151 West Adams, Chicago, IL 60603, 5-8 PM (Tuesday)
> 9/9/22 - Judges announce the names of the two finalists
>10/11/22 - Award Breakfast Ceremony - Event #5: In Person at The Metropolitan Club of Chicago, Oak Room, 67th Floor, Willis Tower, 233 S. Wacker Drive, Chicago. Doors open at 7:30 am and the Ceremony begins promptly at 8:00 ends at 10 AM. Please note that this event happens on Tuesday, the day following Columbus Day.
FOR OUR SPONSORS:
It's a pleasure to offer out sponsors the best opportunity to meet Chicago area Chief Information Security Officers (CISOs) and Senior Information Security Practitioners in multiple settings! As we all realize 2021 was a challenging year, but our plan is to return to all in person events in 2022. You will meet many of the same CISOs multiple times throughout the course of the 6-month Chicago CISO of the Year Program. As we all know, relationships build success. The program is designed for our Sponsors to be able to communicate with CISO’s in great settings and as a way for CISOs to meet their Peers to grow their careers and network.
There are 5 events that make up the program sponsor year. We have averaged about 100 people per event. Significantly more people attend the last events in the program. We are limiting the number of sponsor participation to 11 for 2022. As the year progresses we will be adding a couple more events like baseball games and/or round-tables.
Please Thank Our 2022 Progam Sponsors:
For detailed information on sponsor opportunities, contact:
Wayne Johnson (Founder and Sponsors Contact), email@example.com
FOR OUR PARTNERS:
We have a tremendous group of partners in Infragard, AITP, ISSA, SIM, ISACA and ChicagoFirst. We are very pleased to announce a new partner was added last year.
Given the circumstances this year, we expect to work much more directly with our partners to cross-promote through virtual events and ongoing chapter communications. We will rely more than ever on partners to drive nominations and keep our communities collectively engaged. We are interested in your ideas, so please don’t hesitate to reach out to Wayne Johnson, Arlan McMillan or Sally Martin with any questions or concerns.
While COVID-19 has introduced a world of uncertainty, we on the committee would like to think positively and are dedicated to conducting an In-Person program this year in a way that our nominees, judges, event attendees, sponsors, and partners can do so safely and healthily.
Thank you to everyone who makes this program and the Chicago CISO community great! We look forward to another good year.
About the Program Partners
It is the mission of AITP Chicago to provide superior leadership and education in Information Technology. AITP is dedicated to using synergy of Information Technology partnerships to provide education and benefits to our members and to working with the industry to assist in overall promotion and direction of Information Technology.
Information Systems Security Association (ISSA)
The Information Systems Security Association (ISSA) is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members.
InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely exchange of information and promotes mutual learning opportunities relevant to the protection of Critical Infrastructure. With thousands of vetted members nationally, InfraGard's membership includes business executives, entrepreneurs, military and government officials, computer professionals, academia and state and local law enforcement; each dedicated to contributing industry specific insight and advancing national security.
As an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.
Society of Information Managers (SIM)
SIM brings together IT leaders to share, network and give back to their communities through the collaboration of local chapters. SIM Chicago provides a unique opportunity to interact with thought leaders throughout the technology and business fields. SIM Chicago sponsors regular programs for members to network, hosts social and philanthropic events to enhance the community, and acts as a forum for business and technology leaders in partnership with peer executive organizations in Chicago.
In 2020, the CotY committee announced a new partnership between ChicagoFIRST and the Chicago CISO of the year awards program. ChicagoFIRST is a nonprofit association that provides critical firms a collaborative forum to address private sector resilience and emergency management planning and response with relevant local, regional, and national public sector agencies. We look forward to collaborating with ChicagoFIRST in the years to come.
2022 CISO of the Year Results - Click Here for Press Release
CISO, Chicago Trading Corporation
Walter Lefmann is currently Director of Security at CTC Trading Group LLC, a capital markets trading firm. That role has included Information Security, Physical Security and Life Safety, Privacy, and BCP/DR.
He has been practicing cybersecurity with varying focus for his entire professional career. The balance has shifted back and forth over time between technology engineering/operations and security over the years, which has led to a well-balanced business-focused approach to security.
The professional journey to CTC came by way Goldman Sachs, Hull Trading Company, and Motorola, from an early career as an experimental physicist at the Fermi National Accelerator Laboratory. Walter holds a PhD, MPhil, and MA in Physics from Columbia University, and a BS in Physics from Stevens Institute of Technology.
While at Columbia University, Walter also served for five years as a volunteer NYC Auxiliary Police Officer and Sergeant. The experience of working closely with the public sector to serve and improve the community was tremendously rewarding and has shaped a lifelong respect for the dedicated people who face the challenges of that service!
Walter participates in many professional and public/private outreach organizations, including FBI InfraGard (currently serving as a Chicago Chapter board member), US Secret Service Cyber Fraud Task Force, Chicago FIRST, FS-ISAC, the National Technology Security Coalition, and ASIS. Walter was a nominee for the 2020 Chicago CISO of the Year award program.
Outside of work, Walter is an avid scuba diver (even diving in Lake Michigan … yes, it’s COLD!), sings tenor in the Harper Festival Chorus community group, and dances with his wife whenever he can!
SVP & CISO, CNA Insurance
Mr. Mahmood Khan is Senior Vice President and Global Chief Information Security Officer at CNA Financial (NYSE: CAN), one of the largest commercial property and casualty insurance companies in the U.S. with $10.8 billion in sales and 5,800 employees.
Mahmood joined CNA in 2020 in his current role, in which he oversees CNA’s global cybersecurity team responsible for the firm’s information security strategy, policy and programs. He developed and implemented a strategy to transform the company’s existing information security program, expanding it from 20 employees and a $20 million budget to an organization with more than 90 employees and a $65 million budget. He led all aspects of the recovery, containment and investigation efforts after a catastrophic ransomware cyberattack on the organization that had significantly affected operations. He also oversaw the creation of a next-generation virtual private network to enable and secure remote work operations during the pandemic.
Before joining CNA, Mahmood held the position of Managing Director of Cybersecurity Operations and Deputy Chief Information Security Officer at United Airlines (Nasdaq: UAL) from 2017 to 2020. He led a global team responsible for programs including industrial network visibility and active monitoring, threat intelligence, risk assessment and vulnerability management, application security, forensics, monitoring, incident response and more. In his first 90 days at the company, he created an intelligence-driven, risk-based adaptive three-year roadmap. He also managed a $25 million operating budget and a $40 million project portfolio.
Previously, he spent 10 years at Bank of America (NYSE: BAC), where he held several information security leadership roles from 2007 to 2017, most recently serving as Senior Vice President of Global Information Security. In this role, he led a global team that managed all aspects of enterprise application security and customer protection strategy. He developed and executed a long-term enterprise security strategy that aligned with Bank of America’s corporate strategic imperatives. Prior to this role, he served as Business Information Security Officer, Senior Manager of Enterprise Security Assessment. He joined Bank of America in 2007 as Head of Infrastructure Assessment.
He serves on the steering committee of the U.S. Secret Service’s Chicago Electronic Crime Task Force (C-ECTF) as well as the board of advisors for several security technology companies.
Mahmood holds a bachelor’s degree in Computer Information Systems from DePaul University and a master’s degree in Cybersecurity from Missouri State University.Click Here for Selected Photos from the Awards Ceremony
2021 CISO of the Year Award
Ricardo LaFosse, CISO, Kraft Heinz Company
Mr. Ricardo Lafosse is the Chief Information Security Officer for Kraft Heinz. He is responsible for IT risk governance, OT security, incident management, technical disaster recovery, and determining enterprise-wide security policies and procedures. Ricardo routinely presents on security topics at global conferences, including Defcon, MirCon, ISACA,CACS and Secure World.
Prior to his current role, he was the Chief Information Security Officer for Morningstar, where he was responsible for providing strategic information security leadership, implementation, product security, and governance for the Information Security Program.
Ricardo was the inaugural CISO at Cook County Department of Homeland Security where he was tasked with building an entire security program from the ground up, which was instrumental to the success of the program and continues to be the cornerstone of the security program at Cook County.
Ricardo has more than 18 years of experience in information security for the manufacturing, government, banking, legal, healthcare and education sectors having begun his career in information security consulting in the financial sector. He started through local consulting, securing critical infrastructure at the Army Corp of Engineers, and advancing to his first CISO position for the 2nd largest County in the United States. He holds a Master's in Information Assurance from Iowa State University as well as the Certified Information Security Professional (CISSP) and Certified Information Security Manager (CISM) designations.