The oil, gas, and energy sector sits at the heart of critical infrastructure, where cybersecurity failures can have immediate operational, environmental, and national security consequences. Unlike many industries, cyber risk here directly intersects with physical safety, operational continuity, and energy reliability. From refineries and pipelines to LNG facilities and global trading platforms, security leaders must protect complex OT and IT environments while maintaining uptime in highly regulated, geopolitically sensitive conditions.
The CISOs and security executives featured below are shaping how energy organizations approach resilience, governance, and risk at scale. Their leadership spans upstream, midstream, downstream, and energy services, where cybersecurity is inseparable from safe and reliable operations.
Shazad Shafi — OT CISO, ExxonMobil
Shazad Shafi is OT CISO at ExxonMobil, bringing more than 25 years of experience across engineering, manufacturing, refineries, chemical plants, pipelines, midstream operations, and enterprise IT. His career spans both technical and leadership roles, giving him deep insight into the realities of securing operational environments at global scale. At ExxonMobil, Shazad focuses on enhancing cybersecurity resilience to support safe, reliable, and uninterrupted operations. His work centers on protecting critical infrastructure and sensitive operational data while enabling business performance across one of the world’s largest and most complex energy organizations.
Annessa McKenzie — Chief Information Security Officer & Vice President, Enterprise Architecture & Infrastructure, ConocoPhillips
Annessa McKenzie is Chief Information Security Officer and Vice President of Enterprise Architecture and Infrastructure at ConocoPhillips, with broad accountability across cybersecurity, industrial controls, compliance, physical security, business continuity, and risk management. She brings deep expertise across oil and gas, power and utilities, and industrial control environments, including SCADA and OT systems. Annessa has led large, globally distributed teams and is known for translating security strategy into practical, business-focused outcomes. Her leadership emphasizes trusted operations, regulatory alignment, and resilient infrastructure across complex international energy operations.
Mary Rose Martinez — Chief Information Security Officer & Vice President of Infrastructure, Marathon Petroleum Corporation
Mary Rose Martinez is Chief Information Security Officer and Vice President of Infrastructure at Marathon Petroleum Corporation, a Fortune 25 company. With more than 30 years of experience across IT, security, architecture, and operations, she leads global cybersecurity and infrastructure strategy for one of the largest downstream energy organizations in the United States. Mary Rose also serves on industry boards including the Oil and Natural Gas ISAC, contributing to sector-wide collaboration and threat intelligence sharing. Her career spans energy, oilfield services, and technology leadership, with a strong focus on operational resilience, governance, and large-scale transformation.
Michael Morgan — Chief Information Security Officer, Phillips 66
Michael Morgan is Chief Information Security Officer at Phillips 66, where he leads the enterprise information security program protecting corporate, operational, and technology assets. His role encompasses cybersecurity strategy, governance, risk management, security operations, and business resilience. Michael works closely with executive leadership and the board to align cybersecurity investments with business priorities while strengthening detection, response, and recovery capabilities. His leadership focuses on securing complex energy environments, enabling operational continuity, and building a security-aware culture across the organization.
Aaki Adhvaryu — Deputy CISO, Hess Corporation
Aaki Adhvaryu is Deputy CISO at Hess Corporation with more than 24 years of experience building and scaling cybersecurity programs across Fortune 500 organizations. She partners closely with boards, executives, audit committees, and regulators to translate cyber threats into business risk and investment decisions. Known for her strong governance approach paired with pragmatic execution, Aaki has led enterprise GRC, IAM transformation, third-party risk, and OT security initiatives across global energy operations. Her leadership emphasizes resilience, transparency, and developing future security leaders while enabling business velocity in highly regulated environments.
Jay Maher — Chief Information Security Officer, Cheniere Energy, Inc.
Jay Maher is Chief Information Security Officer at Cheniere Energy, where he leads cybersecurity and IT/OT risk management for one of the world’s largest LNG exporters. With more than 20 years of experience, Jay specializes in building security and compliance programs aligned to operational realities and regulatory requirements. His work focuses on protecting critical LNG infrastructure, strengthening cyber resilience, and embedding risk management into business decision-making. Jay is known for aligning cybersecurity initiatives with operational growth while fostering a strong security culture across the organization.
Jobin Matthew — Deputy CISO & Director of Cyber Threat Management, Halliburton
Jobin Matthew serves as Deputy CISO and Director of Cyber Threat Management at Halliburton, bringing deep expertise in cybersecurity operations, incident response, and threat management. He has led initiatives addressing complex and evolving threats across global energy services environments. With a background in management consulting and advanced academic training in cybersecurity, Jobin focuses on building resilient detection and response capabilities while integrating security into operational workflows. His leadership helps Halliburton navigate cyber risk across highly distributed and technology-intensive operations.
Alan Daines — Senior Vice President & Global Chief Information Security Officer, Baker Hughes
Alan Daines is Senior Vice President and Global Chief Information Security Officer at Baker Hughes, where he leads enterprise-wide cybersecurity strategy supporting global energy technology operations. With more than 25 years of experience, Alan has held CISO roles at Dell, EMC, FactSet, and Fortive, bringing extensive expertise in large-scale security transformation and post-merger integration. At Baker Hughes, he focuses on risk management, compliance, and securing complex enterprise and industrial environments. His global perspective and operational depth make him a key figure in advancing cybersecurity maturity across the energy services sector.
Securing the Backbone of Global Energy
Cybersecurity in oil, gas, and energy is no longer a purely technical discipline. It is a foundational element of operational safety, economic stability, and national resilience. The leaders featured here operate at the intersection of cyber risk, physical systems, and executive decision-making, where the stakes extend far beyond data loss.
As energy infrastructure becomes more connected and digitized, CISOs in this sector will continue to play a defining role in protecting the systems that power industries, economies, and communities worldwide.