Software security now sits close to revenue, customer trust, AI adoption, product delivery, and board-level risk. The CISOs in this group lead programs for SaaS platforms, hospitality technology, energy software, AI healthcare systems, collaboration tools, and mission-driven cloud products. Their work moves through product security, GRC, AI governance, secure development, incident response, customer assurance, and the operating models that help software companies grow without losing control of risk.
David Ehn – CISO, Agilysys
David Ehn oversees a globally dispersed cyber team at Agilysys, where his work centers on transforming the cybersecurity program for a company with more than 20 SaaS products in multi-region cloud environments. As CISO, he has restructured the security organization around critical risk mitigation, built multi-year cyber strategies and roadmaps, and established a GRC program supporting PCI, SOX, and SOC 2 audits for more than 30 products annually. His role also includes board-level engagement through quarterly reviews with the Board of Directors and Cyber Risk Subcommittee. Ehn has led the Executive AI Steering Committee, established enterprise AI governance, implemented controls for model, data, and regulatory risk, and developed AI use cases for cyber operations to solve business problems at lower cost. His background combines security leadership, operations management, cloud hosting, product security, governance, architecture, data protection, privacy, and large-scale project delivery for geographically dispersed teams.
Zeb Qadri – CISO, Quorum Software
At Quorum Software, Zeb Qadri leads the transformation of a global cybersecurity program tied to business growth, operational resilience, and enterprise risk management. His work includes strengthening security operations, incident response, vulnerability management, and detection capabilities while establishing an enterprise risk framework to prioritize control gaps, technical debt, and security risks. Qadri is also driving product security maturity assessments and building application security and secure development programs that embed security into the software development lifecycle. The AI dimension is explicit in his role. He leads AI governance initiatives, develops the security roadmap for AI and agentic technologies, and advances governance frameworks for responsible AI adoption aligned with ISO 42001 and AI risk management practices. His current responsibilities also include SOC 2, ISO 27001, GDPR, NIS2 readiness, identity and access management, privileged access controls, NIST alignment, CIS Controls, board communication, customer trust, and security investment planning.
Jeremy Lynch – CISO, RhythmX AI
Security at RhythmX AI starts with regulated-environment readiness, not just product growth. Jeremy Lynch serves as CISO for an AI-enabled healthcare SaaS platform, where he leads enterprise security, governance, and risk management for a separate legal entity and business unit within the same parent-backed portfolio as Get Well. His role covers the security foundation needed to support secure growth, customer trust, responsible AI adoption, and readiness for regulated environments. Lynch partners with Product, Engineering, Legal, and business leadership to embed security, privacy, and AI risk controls into the platform and operating model. His responsibilities include SOC 2 Type II and FedRAMP Moderate readiness, control framework design, enterprise risk visibility, third-party risk, secure-by-design product development, and AI governance aligned to the NIST AI RMF. His broader background includes board and audit committee engagement, risk appetite, risk acceptance, continuous assurance, 24/7 SOC and NOC coverage, incident command, crisis communications, Secure SDLC, DevSecOps, CI/CD security gates, vulnerability remediation governance, BCP/DR, and M&A work covering five acquisitions.
Doug Kersten – CISO, Appfire
Doug Kersten brings more than 20 years of information security and cybersecurity leadership to Appfire, where he has served as CISO since December 2021. His work focuses on reducing friction, increasing value delivery, improving efficiency, and building security programs that support business performance in fast-paced software environments. Kersten’s accomplishments include building information security organizations that cover security engineering, security operations, embedded and test engineering, and GRC, as well as leading security due diligence and integration for more than 25 local and international acquisitions. His program work includes SOC 2, ISO 27001, ISO 27701, GDPR, NIST, FedRAMP Readiness, incident response, policy development, SDLC security, CI/CD pipeline security, procurement security, vendor alignment, cloud security, business continuity, disaster recovery, and layered security controls such as CSPM, SIEM, IDS/IPS, DLP, vulnerability management, configuration management, penetration testing, logging, alerting, and ransomware controls. He was named the 2024 CISO of the Year ORBIE Award winner.
Charles Miller – CISO, Blackbaud
Post-breach response and regulatory negotiations are central parts of Charles Miller’s cybersecurity profile. As CISO at Blackbaud since March 2022, he brings more than 25 years of experience in critical infrastructure protection, cybersecurity leadership, technology risk, and business disruption management. His work is tied to strengthening organizational trust, protecting brand integrity, and managing risk while integrating technical and business priorities. Miller also participates in several security leadership and advisory communities. He is a member of the Domestic Security Alliance Council, a public-private partnership offered by the FBI’s Office of Private Sector and the Department of Homeland Security’s Office of Intelligence and Analysis to support the exchange of security and intelligence information between government and the private sector. He also serves on customer or CISO advisory boards for CrowdStrike, Zscaler, Rubrik, and GeorgiaCISO, where he is a founding member and advisory board member.
Software Security Has Become a Business System
The common thread in these profiles is that software security is no longer limited to protecting code after release. It now affects customer trust, sales cycles, AI governance, product architecture, regulatory readiness, M&A integration, board communication, and the operating cadence of the business itself. These CISOs show different ways that work gets done, from secure development and cloud governance to customer assurance, product security, incident response, AI risk management, and executive reporting. In software companies, security is not just a control layer. It is part of how the company earns and keeps trust.
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.