Bill Brennan is Vice President and Deputy Chief Information Security Officer at Kyndryl, leading cyber governance, risk and compliance, vulnerability management, and third‑party and enterprise security risk, including Business Information Security Officers. Previously, he was VP, Cyber GRC at Leidos and held leadership roles at Lockheed Martin, where he ran a global cybersecurity practice and served as Managing Director for IS&GS Canada and IS&GS Middle East, overseeing multi‑national organizations exceeding $20M in annual revenue. A 22‑year cybersecurity leader, Bill holds an M.S. in Management from Rensselaer Polytechnic Institute and a B.S. from James Madison University. He lives in Virginia with his wife and two sons.
Recently, in an exclusive interview with CIO Magazine, Bill shared insights into his career path as a cybersecurity executive and global business leader. He emphasized the importance of education and awareness in improving cybersecurity outcomes, noting that human risk is the single greatest but most manageable vulnerability. Bill also stressed the need for collaboration in the cybersecurity community and shared his approach to mentorship, encouraging others to discover their passions and build trust. Additionally, he discussed his goals, including changing the perception of cybersecurity from a barrier to a driver of innovation and trust. The following excerpts are taken from the interview.
Hi Bill. Can you walk me through your career path and how you became a cybersecurity executive and global business leader?
Cybersecurity has been my focus from day one. I started at Lockheed Martin in the Information Systems Leadership Development Program, rotating through different roles before becoming a program manager. Later, I built and led Lockheed Martin’s global cybersecurity practice, working with government and commercial clients around the world. When Lockheed Martin’s IT business merged with Leidos, I moved into governance, risk, and compliance at the corporate level.
In 2022, I joined Kyndryl as Vice President and Deputy Chief Information Security Officer, where I lead governance, risk—including enterprise and third-party cybersecurity risk and our Business Information Security Officers—compliance, vulnerability management, and human risk programs to strengthen resilience globally.
What do you love the most about your current role?
What I value most is the opportunity to address some of the most complex and evolving security challenges—particularly those driven by AI—at scale and speed. At Kyndryl, we operate at the heart of mission-critical enterprise technology serving customers around the globe, which means every decision matters. I’m fortunate to lead a world-class team of cybersecurity professionals and to work in an environment that encourages innovation, experimentation, and cultural transformation. This role allows me to shape strategy, strengthen resilience, and influence how the organization thinks about security in a rapidly changing digital landscape.
What are some areas where you think cybersecurity has the potential to make a significant impact in the future?
Cybersecurity is the great enabler when it comes to innovation and the emerging technologies that organizations are now adopting. For example, ensuring your AI ecosystem is secured from first concept through data selection and full lifecycle operations maintains trust from your users and customers. Additionally, as more development is democratized through low-code/no-code capabilities, a cybersecurity smart employee population ensures all security requirements are met, no matter where the new capability comes from.
What role do you think education and awareness play in improving cybersecurity outcomes, and how can organizations promote these?
Education and awareness aren’t just add-ons—they’re the foundation of strong cybersecurity. Human risk is the single greatest vulnerability, and addressing it delivers the highest ROI for any organization. At Kyndryl, we’ve built a culture where cybersecurity is always top of mind through our “Always Available” programs.
We don’t rely on passive training. Instead, we create engaging experiences—game shows, talk shows, even food-review-style videos—all with cybersecurity themes that resonate with employees. Our “Cybersafe Passport” turns secure behavior into a reward system, backed by continuous communication and real-world phishing simulations.
The difference? We measure everything: engagement, resiliency, and impact. These metrics prove that investing in awareness transforms behavior, strengthens culture, and reduces risk. Cybersecurity isn’t just a technical challenge—it’s a people challenge, and organizations that embrace this reality will lead in resilience.
How do you think the cybersecurity community can work together to address common challenges and threats?
One of the best parts of working in cybersecurity is the spirit of collaboration that defines this community. Whether it’s peer-to-peer, government-to-industry, or through professional organizations, open dialogue is what keeps all of us safer. The more we share — especially within common industries or threat landscapes — the stronger and more resilient we become as a collective. Cybersecurity isn’t a competitive advantage; it’s a shared responsibility, and our ability to learn from each other is what ultimately raises the bar for everyone.
What role has mentorship played in your career development, and how do you mentor others?
Mentorship has shaped every part of my career. I wouldn’t be where I am without the mentors who challenged and believed in me early on. In college, I was fortunate to be guided by a brilliant chief technologist who helped open the door to Lockheed Martin — and who taught me one of the most important lessons of my career: real growth only happens when you’re uncomfortable.
When I mentor others, I try to meet them where they are. For those exploring cybersecurity, I often suggest they start with The Cuckoo’s Egg by Cliff Stoll. If that story sparks something in you — the curiosity, the persistence, the sense of purpose — then you’ll thrive in this field. Mentorship, at its best, is about helping people discover what truly drives them.
Congratulations on being honored as a DC100 Award winner. Our readers would love to know the secret mantra behind your success.
Thank you — I’ve been fortunate to work with incredible people in organizational cultures that value excellence and curiosity. Any success I’ve had comes from being surrounded by teams and leaders who push boundaries and care deeply about what they do.
If there’s a mantra behind it, it’s this: build trust, empower talented people, and stay humble enough to keep learning. When you get those things right, the rest tends to follow.
What are some of your passions outside of work? What do you like to do in your time off?
Most of my time outside of work is focused on my family. We love to travel and have been fortunate to explore much of Europe and, most recently, Alaska together. Those experiences keep me grounded and remind me of what all the hard work is for. I’m also an avid reader and a big fan of podcasts; they’re a great way to keep learning and gain new perspectives, even outside the office.
What is your biggest goal? Where do you see yourself in 5 years from now?
My biggest goal is to help people see cybersecurity differently — not as a barrier, but as something that builds confidence and trust in what we create. I’ve seen how the right culture and clarity can turn security from a compliance exercise into a real driver of innovation. That’s what motivates me every day.
In five years, I see myself leading as a CISO, shaping a team and a culture that brings out the best in people — technically, ethically, and creatively. I want to leave a legacy of leaders who see security as a way to enable possibility, not restrict it.
What advice would you give to someone looking to start a career in cybersecurity?
I’d tell them to stay curious and start anywhere — the field is far broader than people realize. Cybersecurity isn’t just about technology; it’s about understanding people, risk, and how organizations work. Learn the fundamentals, but focus just as much on communication, problem-solving, and the people.
Don’t chase titles — chase knowledge. The best cybersecurity professionals I’ve seen are the ones who keep asking why and who can connect the technical to the human. If you can do that, you’ll always be relevant, no matter how fast the field changes.