Ken Pfeil’s Information Technology and Security experience spans over three decades, with experience at companies such as Microsoft, Dell, Capital IQ, Miradiant Global Network, Avaya, and Merrill Lynch. Ken coauthored Microsoft’s “Best Practices for Enterprise Security” white papers and participated on the Information Systems Security Association’s International Privacy Advisory Board covering the initial implementation of GLBA. He reported on security risks and performed vulnerability analysis for Windows IT Pro Magazine’s “Security Administrator” publication for four years, and has been a contributing expert for Information Security, CIO and CSO Magazines, and is a Distinguished Fellow of the Ponemon Institute.
Recently, in an exclusive interview with CIO Magazine, Ken shared insights on the role of artificial intelligence and machine learning in future security solutions, personal hobbies and interests, future plans, words of wisdom, and much more. The following excerpts are taken from the interview.
Hi Ken. What drives your passion for security and risk management?
I love to work with smart people. I am always amazed at what a good team and smart individuals can accomplish. I also love how quickly things change in security and risk management because it keeps things interesting and requires constant learning so you can stay ahead of the curve.
What do you love the most about your current role?
The team at ODGA is unmatched. They are the best team that I have ever worked with. Everyone is so knowledgeable, comes to work with tireless energy to provide new ideas, and a passion to serve Virginians. There is nothing better that I could ask for!
What role do you think artificial intelligence and machine learning will play in future security solutions?
Once irreversible guardrails are set up to ensure the ethical and security safety of AI and Machine learning, they’ll play a valuable role in security solutions. Companies are already beginning to utilize these solutions for a variety of aspects. Most notably, I would love to see AI utilized more and more for threat detection and prevention.
How do you think the security landscape has changed since your book “Hack Proofing Your Network” was published?
The book was published over 20 years ago. Since then, the technical landscape has changed by leaps and bounds. Not everything is an “island and a moat” anymore. We all exist in a much bigger, more connected ecosystem. Back then, we never thought we’d have the cloud solutions that we leverage now.
While the tech has changed considerably over the last 20+ years, we still see some of the same human errors. People still fall for phishing attempts, leave things vulnerable for bad actors, and make errors responding to security incidents.
What were some key takeaways from your experience co-authoring Microsoft’s “Best Practices for Enterprise Security” whitepaper series?
The whitepaper series came out about 25 years ago, and it helped set the baseline for many security programs. Previously, companies may not have had a security program and security was “IT related.” The ways of thinking covered in the whitepapers were thought to be “out of the box” back then. The papers taught better ways to form security programs and implement solutions in a more secure fashion.
Is there a particular person you are grateful for who helped get you to where you are?
Looking back, everyone that I have ever worked with at Microsoft was key to my success. If I had to name one person, Kailash Khannah, who was chief operating officer at my first CSO job about 26 years ago, helped me expand my knowledge and guided me professionally to be the professional I am today.
What are some of your passions outside of work? What do you like to do in your time off?
I like to rock climb and ride my motorcycle. I love exploring the Virginia countryside. It’s a great day when I get to spend more time with my dog, Archie!
How do you approach mentoring and developing the next generation of security professionals?
At ODGA, we emphasize real-world learning. All of our entry-level staff works with senior staff on real projects, with real scenarios. They are a part of conversations with other staff about real challenges facing our department. The best way to learn is to gain the real-world experience of working with a more senior team with their guidance. Additionally, people need meaningful work that they enjoy to push them forward in their workday and career in general.
What is your biggest goal? Where do you see yourself in 5 years from now?
Retired and on a beach!
What advice would you give to organizations looking to improve their incident response planning?
I’d say the most effective incident response planning starts with a mindset shift—from reactive to proactive. Many organizations wait until something goes wrong to assess their readiness, but the key is preparation, regular practice, and cross-functional coordination.
Ensure your incident response plan is not just a document sitting on a shelf. It should be a living framework that evolves with your organization’s technology, and the current threat landscape.
Conduct tabletop exercises and simulated attacks to test how your team performs under pressure. These drills reveal gaps in communication, decision-making, and technical controls that are often overlooked in theory. Doing these tests allows for your team to determine how to improve their incident response plan before there is an attack.
Third, foster collaboration across departments. Incident response isn’t just an IT or security function. Everyone should understand their role before an incident happens, not during.