New England’s cybersecurity scene is shaped by leaders who excel not just in technical skills but also in strategic vision, team building, and organizational impact. These CISOs are defining what it means to lead security in today’s complex threat landscape. Their work demonstrates how effective leadership can protect critical data, empower teams, and align security with broader mission and business goals.
Dave Heaney – Mass General Brigham (MGB)
Dave Heaney leads cybersecurity for one of New England’s largest health‑care systems. He joined MGB in 2023 with more than two decades of security experience, including senior roles at EY (Ernst & Young) and TJX Companies. Since his arrival, he has driven a “large-scale IT security strategy and roadmap,” rationalized the tech stack, reduced delays in risk assessments, and strengthened cybersecurity maturity across the enterprise, efforts he says have helped clinicians and researchers focus on core work with greater safety.
Tony Faria – Point32Health
Tony Faria serves as CISO at Point32Health, a health‑insurance provider serving New England. He brings more than 25 years of cybersecurity experience. Under his leadership, Point32Health navigated a ransomware attack in April 2023. Yet the security, IT, and business teams successfully recovered and emerged stronger. His track record in risk management and threat mitigation across industries makes him a trusted veteran in regional cyber leadership.
Gael Frouin – AAA Northeast
As Director of IT Security at AAA Northeast, Gael Frouin describes himself as a “security generalist,” equally comfortable discussing strategy with board members as working alongside IT operations teams. Over nearly two decades in security, he has overseen key initiatives including zero‑trust deployments, web filtering, and file-integrity monitoring.
Perhaps most telling: he highlights mentoring and internal team growth, proudly pointing to a former subordinate who became a Senior Security Engineer after leading key security projects. That combination of technical breadth and leadership development makes him someone to watch for organizational and cultural impact beyond just tools.
Ravi Thatavarthy – Rite Aid
Ravi Thatavarthy currently serves as CISO at Rite Aid, bringing over two decades of experience across retail, healthcare, and regulated industries. In his role, he built the cybersecurity function from the ground up, establishing a “security‑first” culture, modernizing incident‑response capabilities, implementing a FAIR‑based risk register, and instituting a scalable vendor-risk program. Maintaining 100% retention of his core security team, Ravi aligned security strategy with business goals, embedding security into day-to-day decision-making and operations.
Lee Cullivan – Boston Medical Center
Lee Cullivan has served as CISO at Boston Medical Center since August 2017. In his role, he oversees the information security operations for BMC’s multi‑campus hospital system, a critical responsibility given the sensitivity of patient data and the complexity of hospital IT environments.
In past years, he has publicly discussed how deploying scalable, cloud‑based security solutions helped BMC defend against malware, ransomware, phishing, and IoMT‑related risks without disrupting patient care or operational workflows. His ability to balance security and usability keeps him relevant and influential among New England’s healthcare CISOs.
Rich Walzer – Clean Harbors
Rich Walzer is the first-ever CISO at Clean Harbors, a public environmental services company based in Norwell, MA. Before joining Clean Harbors, he spent 21 years at Putnam Investments as their first CISO and began his career at MITRE Corporation. At Clean Harbors, Rich built the cybersecurity program from scratch, not just the technical stack, but also the culture: global team expansion, consistent communication via newsletters and monthly “office hours,” and a dedicated team identity. He emphasizes two‑way communication and partnership across the company, making cybersecurity a shared responsibility.
Tina Basch – Baystate Health
Tina Basch currently serves as VP of IT Security (CISO) at McLaren Health Care, assuming that role in June 2025. Prior to this, she held senior cybersecurity leadership roles at Baystate Health, including VP Infrastructure & Operations and Chief Information Security Officer. Her background spans multiple industries, including insurance and retail. Earlier in her career, she served as Information Security Director at American Family Insurance and held business continuity roles at Kohl’s. With an academic foundation (M.S. in Information Assurance/Cybersecurity), Tina brings a broad cross‑industry perspective to her current job, making her one of the CISOs to watch in healthcare security across state lines.
Debby Briggs – NETSCOUT Systems, Inc.
Debby Briggs leads security at NETSCOUT. According to listings from regional CISO communities, she’s been recognized as a noteworthy security executive in New England. She built the NETSCOUT cybersecurity program from the ground up, recruiting and hiring team members, standing up a Security Operations Center, and adopting a risk‑based approach to company-wide cyber defense. Her ability to build a resilient security posture from a modest organization highlights her strategic leadership and team‑building skills.
Greg McCarthy – City of Boston Department of Innovation & Technology
In 2025, Greg McCarthy was formally appointed as the first Chief Information Security Officer for the City of Boston, marking a major step in strengthening the municipal cybersecurity strategy for a large U.S. city. Since 2010, he has been part of Boston’s Cybersecurity Team and has led the implementation of multiple information‑security solutions, including what became the city’s first Cybersecurity Awareness Program for employees.
As CISO, he now leads efforts to modernize technology, expand partnerships, and institutionalize security training and governance across city departments, a role with high public‑impact stakes.
Eric Jacobsen – Boston University
Eric Jacobsen oversees information security for Boston University, protecting data and systems for students, faculty/staff, and alumni. Over his tenure, he has transformed the security organization by building a program capable of handling identity and access management, compliance, vulnerability management, incident response, and daily security operations across multiple campuses. His work has been foundational in ensuring that an academic institution with diverse stakeholders maintains strong cyber resilience in a complex and open environment.
Defining Cybersecurity Leadership in New England
New England’s cybersecurity landscape is anchored by leaders who combine technical expertise with strategic vision. The CISOs here are defining what it means to lead security today, building resilience, embedding cybersecurity culture, and aligning security strategy with mission and business goals.