Artificial intelligence changes the security conversation because the most valuable assets are no longer limited to applications, infrastructure, and credentials. Data pipelines, models, agents, automation layers, governance frameworks, and customer trust all become part of the risk picture. The leaders in this group sit close to that shift, with backgrounds in cloud security, product security, AI governance, data platforms, vulnerability management, responsible AI, and large-scale security operations.
Sunil Agrawal – CISO, Glean
Sunil Agrawal leads security at Glean, an enterprise search and knowledge management company focused on helping teams improve productivity. His role brings together security for a company working with large language models, enterprise knowledge, GCP, data protection, authentication, authorization, web application security, SOC2, FedRAMP, and cloud environments. Agrawal’s earlier career gives the Glean role a deep product and platform security foundation. At Netflix, he was responsible for the security of Netflix’s Studio in the Cloud. At Armor5, which was acquired by Digital Guardian, he was CTO and founder of a company that built a Zero Touch Cloud Security service designed to protect cloud services and enterprise applications while leaving no data on devices. His earlier work also included security architecture at Motorola Mobility, DRM and security architecture at Adobe, and system architecture at Cranite Systems, where the flagship product used 802.1x authentication, AES-based encryption, Linux kernel bridging and firewall technology, and Mobile IP for persistent connections. Agrawal’s CISO profile is unusually tied to the mechanics of secure access, content protection, cloud controls, and enterprise data movement.
Scott Roberts – CISO, UiPath
Few CISO profiles carry a direct line to Patch Tuesday, the Security Development Lifecycle, Android security, and AI agent security standards. Scott Roberts serves as CISO and Senior Vice President at UiPath, where he owns end-to-end information security, including GRC, product security, security operations, IT security, incident response, field security enablement, and customer-facing security interactions. His role also includes board reporting and close work with legal and finance on cyber security compliance mandates. At UiPath, Roberts works in an AI and automation environment that includes Responsible AI, GenAI security impact, the UiPath AI Trust Layer, product security reviews, automated scans, red team-style penetration tests, independent third-party reviews, and certifications such as ISO/IEC 27001, 27017, 27018, ISO 9001, SOC 2, HIPAA, HITRUST, UK Cyber Essentials, and FedRAMP Moderate. Before UiPath, he served as CISO for Coinbase Cloud, led Android Product Security Assurance at Google, grew AWS EC2 Windows revenue as Head of Product, and held security and product leadership roles at Microsoft. His Microsoft work included roles tied to Patch Tuesday, the Security Development Lifecycle, major incident response events, PlayReady, DirectAccess, IPsec, Windows Firewall, and secure networking. In November 2025, he also became a founding consortium member of AIUC-1, working with other frontier leaders to help define AI agent security standards.
Omar Khawaja – CISO, Databricks
Omar Khawaja’s current work at Databricks is centered on helping executives make the data and AI shift without losing sight of operating models, measurement, and risk. Omar Khawaja serves as CISO, Client at Databricks, where he collaborates with CDOs, CIOs, and board directors on AI adoption and risk management, develops strategic frameworks aligned to organizational goals and risk profiles, and helps executives craft operating models for data and AI. His source material also references the Databricks AI Security Framework 2.0 and his focus on helping CISOs securely shepherd their organizations’ data and AI journeys at scale. Before Databricks, Khawaja was Global CISO at Highmark Health, where he led the information security and risk management program for a $26 billion organization with 14 business units, four Blue Cross Blue Shield plans, 14 hospitals, more than 300 clinics, and a $1 billion tech services firm. That role included a team of 200 people and a budget of more than $45 million. Earlier at Verizon Enterprise Solutions, he led product marketing for a global security portfolio covering data protection, GRC, identity and access management, investigative response, threat management, and vulnerability management, with security consultants in 28 countries and a large breach investigation practice behind it.
Brad Jones – CISO/VP of Information Security, Snowflake
Brad Jones’ CISO role at Snowflake sits inside a company built around data cloud services, secure data sharing, analytics workloads, multiple clouds, and global customer environments. Brad Jones became Chief Information Security Officer at Snowflake in December 2023 after serving as CISO and VP of Information Security at Seagate Technology. His background includes information security leadership in manufacturing, software, and services, with experience building and maturing security programs, managing risk, and improving communication around security change. Before Seagate, Jones held information security and technology leadership roles at SanDisk and Synopsys. At SanDisk, he had global responsibility for information security operations, risk management, policy and compliance, incident response, and architecture. At Synopsys, he led enterprise network services work that included worldwide architecture, implementation, and 24/7 operational responsibility for WAN, LAN, and voice services, support for large data centers with more than 2 petabytes of storage and more than 10,000 compute servers, and participation in IT M&A and BCP/DR efforts. His path into Snowflake combines security leadership with the infrastructure depth needed for environments where data, compute, customers, and cloud operations converge.
Paras Malhotra – CISO, Starburst
Paras Malhotra became CISO at Starburst in March 2026, bringing more than 20 years of security engineering experience into a company focused on data, SaaS, and enterprise trust. In his current role, he leads information security, GRC, and product security for SaaS and on-prem product offerings, with a growing focus on AI and data security as Starburst brings AI-native capabilities to enterprise customers. Malhotra partners with engineering, product, and GTM teams to protect sensitive customer data and position security as part of customer trust. Before Starburst, he was Senior Director of Information Security at Datadog, where he led teams focused on proactive risk management, continuous security monitoring, security operations automation, compliance workflows, privacy and AI governance, customer trust, and continuous infrastructure validation. At AWS, he led Security Assurance engineering strategy and product roadmap work, with teams building tooling and automation to monitor and protect AWS cloud’s internal control environment, identify and remediate security and compliance risks, and reduce manual compliance and security work. Earlier at Deloitte and Dell SecureWorks, his work included security and privacy consulting, IPS/IDS testing, attack scenario testing, and security flaw identification in network devices and services.
AI Security Starts Before the Model
The shared pattern in this group is not simply that each leader works near artificial intelligence. It is that their careers touch the systems AI now depends on: data governance, cloud infrastructure, product security, identity, vulnerability response, compliance automation, customer trust, and board-level risk. Some came through hyperscale cloud and mobile security. Others built careers around data platforms, enterprise assurance, security engineering, or executive frameworks. Together, they reflect a practical reality of AI security: the model matters, but so do the controls around the data, the platform, the product, and the business decisions that bring AI into production.
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.