The UK’s higher education sector faces increasing cyber risk from research data, sensitive student information, and extensive digital infrastructure. Universities require sophisticated cybersecurity leadership to safeguard their operations, research, and reputation. The following CISOs are leading the way in building resilient, innovative, and secure environments across some of the country’s top universities.
Thomas Willson — Chief Information Security Officer, Imperial College London
Thomas Wilson leads the cybersecurity agenda at Imperial College London, overseeing risk management, threat detection, and incident response for one of the UK’s leading research institutions. He brings deep expertise in management, ethical hacking, vulnerability assessment, and Splunk analytics.
Thomas holds a BSc in Computation from the University of Manchester – Institute of Science and Technology. His career has been focused on establishing strong security frameworks in research-intensive environments, combining technical proficiency with strategic leadership to protect critical academic assets.
Alistair Fenemore — Chief Information Security Officer, University of Edinburgh
Alistair Fenemore is a senior information and cyber security practitioner with over 30 years of global experience in the private and military sectors. His expertise spans cyber risk, business resilience consulting, incident management, and physical security.
Alistair is skilled at engaging executives up to the CEO level, providing pragmatic solutions to enhance business operations and manage change. His holistic approach to security integrates cyber, operational, and organisational risk for the University of Edinburgh.
Michael Knight — Chief Information Security Officer, University of Manchester
Michael Knight has extensive experience leading IT and security functions in healthcare and higher education. Before joining the University of Manchester, he held senior technology and security roles at NHS South East London, NHS South, Central and West, and East & North Hertfordshire NHS Trust, including Chief Technology Officer and Programme Director for Informatics.
At Manchester, Michael oversees the university’s cybersecurity strategy, ensuring protection of research data, digital infrastructure, and stakeholder trust, drawing on his background in both operational leadership and enterprise IT management.
Dr Barney Craggs — Chief Information Security Officer, University of Bristol
Dr Barney Craggs combines research expertise with practical cybersecurity leadership. At Bristol, he manages enterprise risk and leads the university’s cybersecurity programs. He also serves as a Cyber Security Lecturer and Senior Research Associate, contributing to the Bristol Cyber Security Group.
His research focuses on human factors in cybersecurity, exploring how technology, policy, and user behaviour intersect to create secure systems. Prior to joining the university, Barney led data and innovation initiatives at Exponere, honing skills in risk assessment and enterprise-level security strategy.
Alun McGlinchey — Chief Information Security Officer, University of Glasgow
Alun McGlinchey is an industry-certified information security professional with over a decade of experience spanning public, private, and financial sectors. He is highly skilled in defensive security technologies, ethical hacking, and regulatory compliance including ISO27001, PCI-DSS, and Data Protection frameworks.
Alun has a track record of delivering cost-effective, risk-based security consultancy, leading small teams, mentoring junior staff, and engaging stakeholders across organisational levels to ensure strategic alignment and operational resilience.
Mark Watts — Associate Director Cyber Security, University of Southampton
Mark Watts has spent over 25 years across defence, technology, and higher education, building security functions that enable organisations to grow while protecting critical assets. At Southampton, he established the university’s cybersecurity capability from a two-person team into a nine-strong function with board-level visibility, a £500k operational budget, and oversight of multi-million-pound investments.
Mark began his career in UK defence research at DERA and QinetiQ, protecting high-value assets in classified environments. He brings this experience into higher education, focusing on building security cultures based on trust and enabling innovation rather than restricting it. He also actively contributes to the broader security community through speaking engagements and mentoring.
Strategic Security Leadership in Higher Education
These UK university CISOs exemplify how cybersecurity can be embedded as a strategic enabler rather than just a technical requirement. By combining deep technical expertise, risk management acumen, and the ability to communicate with executive leadership, they ensure that their institutions can safely navigate a complex and evolving digital landscape. Their work protects not only research and data but also the broader reputation and operational continuity of the universities they serve.