Industrial automation security lives where cyber risk meets physical process. Uptime, safety, product integrity, and operational continuity are all on the line in ways that enterprise IT security programs rarely have to account for. The leaders in this feature work across operational technology, grid automation, manufacturing systems, product security, and critical infrastructure protection, and their programs have to protect both the digital systems and the physical operations those systems control.
Joe Doetzl — CISO, Hitachi Energy
Joe Doetzl has served as head of cybersecurity and CISO at Hitachi Energy since February 2020, with global responsibility for IT, OT, and product security across a company whose grid and energy infrastructure footprint spans dozens of countries. His work covers crisis management, security governance, critical infrastructure protection, OT security, and regulatory compliance. Before Hitachi Energy, he held cybersecurity leadership roles at ABB as head of cyber security for ABB Enterprise Software and cyber security practice leader for Grid Automation, and before that spent nearly three years at Corporate Risk Solutions consulting on NERC compliance and security for the electricity sector. Earlier at KCP&L, he designed and implemented a corporate information security program, built programs for asset classification, vulnerability management, patch management, incident response, and risk assessment, developed a risk-based methodology for identifying critical cyber assets, and represented investor-owned utilities on North American cybersecurity working groups. His career is closely aligned with the regulations, operating pressures, and consequence environments that define power and industrial security.
Jason Waits — CISO, Inductive Automation
Digital forensics, threat hunting, and penetration testing sit close to the foundation of Jason Waits’s path to the CISO role at Inductive Automation. He became CISO in August 2022 after serving as director of cyber security and network security administrator at the company, where he led security engineering, threat hunting, digital forensics and incident response, and penetration testing. As CISO, he owns the overall security vision, strategy, and policies while managing a team covering data protection, network security, vulnerability and risk management, detection and response, incident management, and cloud security. Before Inductive Automation, he worked as a network administrator at Sunflower Natural Foods. He is a SANS Lethal Forensicator coin holder and won the US Cyber Challenge in 2017. His background reflects a practitioner who built security expertise from the technical ground up before stepping into the strategic leadership role.
Chris Johnson — CISO, 3D Systems Corporation
Chris Johnson became VP of cybersecurity at 3D Systems in October 2022, having previously served as director of cybersecurity at the same company. His career reflects a steady progression through information security governance, risk management, compliance, privacy, incident management, eDiscovery, forensics, and security awareness. At Curvature, he led and implemented a global information security and risk management program. At SMS Systems Maintenance Services, he provided leadership across governance, compliance, threat and vulnerability management, and business continuity. A decade at Delhaize America added hands-on GRC and identity experience spanning Archer GRC, security awareness, policy management, access provisioning, and audit remediation. That governance and risk discipline now sits inside a company whose additive manufacturing and industrial technology products have security implications that extend from the enterprise network into the manufacturing process itself.
Stephen Ford — CISO, Rockwell Automation
Stephen Ford became VP and CISO at Rockwell Automation in March 2024, where he is responsible for developing and executing a cybersecurity strategy that protects the company, its infrastructure, its products, and its customers. Before Rockwell, he spent more than eleven years at McKesson in VP roles covering information security and risk management, infrastructure engineering and operations, and practice and provider technology services, leading teams across cybersecurity operations, offensive security, incident response, security engineering, architecture, and access management. His earlier career includes global IT infrastructure leadership at HP and twelve years as director of information security and compliance at Baylor College of Medicine. More than thirty years of security and technology experience, built across healthcare, enterprise infrastructure, and risk management, now informs how he approaches security governance at one of the most recognizable names in industrial automation.
David Ginn — CISO, Johnson Controls
David Ginn became CISO at Johnson Controls in November 2023, following earlier roles inside the same company in enterprise data, IT planning, architecture, and strategy leadership. Before Johnson Controls, he was director of IT and business partner at Bell Flight and held IT architecture, service delivery, and midrange systems roles at Textron. Earlier at AAI Corporation, he managed application and infrastructure services and served as network security engineer. His foundation also includes seven years at Baptist Health as an infrastructure and security engineer responsible for server, network, firewall, VPN, internet security, Active Directory, and end-user services. That progression from hands-on infrastructure and security engineering through architecture leadership to enterprise CISO reflects a career that moved deliberately from the technical layer upward, giving him an operational grounding that shapes how he approaches security in a complex global building technology company.
Ian Shute — CIO & CISO, GLORY
Ian Shute holds the combined CIO and CISO role at GLORY, integrating information security, data protection, infrastructure, and technology leadership into a single executive mandate. He stepped into the dual role in April 2024 after serving as GLORY’s director of information security and data protection. He holds CCISO, CISSP, CIPP/E, CISM, and PCI-QSA certifications. Before GLORY, he was head of information security and data protection officer at The AA, and before that spent more than twelve years at BlackBerry as senior manager of global information security and IT regional manager for EMEA. Earlier network specialist roles at Alcatel, British Airways, Sainsbury’s, and others give his security leadership a long technical base in networking and infrastructure that informs how he now governs a combined IT and security remit across a global cash technology and automation company.
Industrial Security Has to Work in the Real World
The common thread across this feature is consequence. Security programs in industrial automation have to account for products, plants, grids, infrastructure, cloud services, customer environments, and operational systems that do not pause for a cyber risk assessment. These leaders reflect different sides of that work: OT security, product security, governance and risk, identity, infrastructure, forensics, and data protection. Together, they show why industrial cybersecurity is not just about defending networks. It is about protecting the systems that keep physical operations running.
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.