Law firms are high-value targets for cyberattacks, handling sensitive client data, intellectual property, and financial information. Leading cybersecurity in this sector are CISOs who balance rigorous risk management with operational efficiency, regulatory compliance, and client trust. From global powerhouse firms to specialized legal practices, these executives are shaping the standards for cybersecurity in legal services.
Kevin Wixted – CISO, DLA Piper
Kevin Wixted leads DLA Piper’s information security program, safeguarding sensitive client data and ensuring compliance with industry regulations. He spearheaded ISO 27001 certification in 2016 and established a framework for ongoing risk management. Kevin manages a third-party vendor risk program covering 120+ vendors and directs responses to client security assessments for major financial, pharmaceutical, and technology clients. He also oversees a firm-wide cyber awareness program featuring quarterly training and internal phishing campaigns. Kevin holds ISO 27001 Lead Auditor certification and has a decade of experience leading legal industry cybersecurity programs.
Arlan McMillan – CISO, Kirkland & Ellis LLP
Arlan McMillan serves as CSO at Kirkland & Ellis LLP, overseeing Cyber Security, Physical Security, and Business Continuity Management across all locations. With over 25 years of IT and security experience, he has built high-performing teams at organizations including United Airlines, the City of Chicago, and ABN Amro Bank. Arlan has contributed to the broader security community as board member of the Aviation ISAC, Transportation Sector Chief for FBI-InfraGard Chicago, and Chair of ChicagoFIRST. He is known for executive-level risk management communication and operational leadership across complex global security environments.
Chris Leather, CISM – Global Director of IT Risk & Security (CISO), Clifford Chance LLP
Chris Leather is a global CISO at Clifford Chance LLP, focused on building high-performing cyber and information security teams and delivering multi-million-pound improvement budgets with senior executive buy-in. He has created new security functions and rapidly matured existing teams across multiple worldwide locations. Chris brings a business-focused approach to cybersecurity, aligning IT risk management and security strategy with organizational objectives while maintaining significant budget oversight. He is a regular speaker at industry conferences and advisory boards.
Mark Heathcote – Global CISO, Norton Rose Fulbright
Mark Heathcote has over 20 years of senior IT and information security experience and has been recognized as a “Top 10 CISO in Europe 2026” by Enterprise Security Magazine. He led the first global ISO 27001 certification for a major law firm and has driven security transformations across five firms within the Swiss Verein structure. Mark specializes in IT leadership transformation, risk reduction, governance, and embedding continual improvement across global operations. His work has measurably reduced information security risk while delivering executive-level influence and business value.
Mark Walmsley – Global CISO, Freshfields Bruckhaus Deringer
Mark Walmsley is a multi-award-winning CISO and five-time Global 100 CISOs recipient, with deep experience in client-facing, strategic, and operational leadership roles. He specializes in managing risk across physical, behavioural, and technical domains, strengthening information security posture, safeguarding brand reputation, and fostering trusted client relationships. Marl serves as a board advisor, community chair, and investor, shaping cybersecurity best practices and leadership standards at both industry and organizational levels.
Deron Grzetich – CISO, Paul Hastings
Deron Grzetich leads cybersecurity at Paul Hastings LLP, with over 24 years of experience across legal, financial services, energy, healthcare, and other sectors. He has advanced expertise in network and information security, risk management, and regulatory compliance. Deron is also active in the community as a NASA Solar System Ambassador and teaches graduate-level courses on information and network security. Outside of work, he coaches youth hockey, reflecting his dedication to mentorship and team development both professionally and personally.
Securing Legal Expertise
These CISOs are safeguarding some of the world’s most sensitive legal information while balancing the operational needs of global law firms. By integrating risk management, regulatory compliance, and strategic security leadership, they ensure that legal organizations remain resilient against evolving cyber threats. Their work not only protects client trust but also sets the standard for cybersecurity excellence across the legal sector.