Software companies carry a particular kind of security responsibility. Their platforms hold customer data across thousands of organizations at once, their uptime commitments leave no room for extended outages, and their compliance obligations span every industry their customers operate in, from healthcare to government to financial services. The CISOs in this feature are protecting SaaS platforms, learning management systems, HR technology, and federal technology services used by millions of people, and their programs reflect what enterprise security looks like when the product itself is the software.
Troy Thomas – CISO, Rego Consulting
Troy Thomas has served as CISO at Rego Consulting since October 2025, leading the company to its first ISO 27001 certification and SOC 2 compliance while achieving EU-US Data Privacy Framework compliance for cross border data operations. He aligned security strategy with business objectives supporting more than $30 million in annual revenue, reduced compliance gaps by 50 percent, and oversaw AWS cloud governance and incident response for platforms serving more than 300,000 global users with zero reported breaches. Before Rego, he spent more than two years as SVP of security, SaaS, and customer support at the same company, achieving SOC 2 Type II compliance within twelve months.
His deepest institutional tenure comes from more than ten years at Ultimate Software and its successor UKG following the Ultimate and Kronos merger, where he served as senior director of security, customer trust, and assurance, protecting platforms hosting more than 52 million employee records and contributing to five times revenue growth to more than $1.5 billion. Earlier in his career, he spent nearly six and a half years at Microsoft as a software development manager, where he pioneered the Microsoft UI Automation library, later integrated into Visual Studio and adopted globally, and worked at BlackBerry as a development and operations manager supporting global smartphone platforms.
Daniel Dennis – CISO, NEOGOV
Daniel Dennis joined NEOGOV as CISO in January 2026, leading cybersecurity, compliance, governance, and risk management strategy for a private equity backed software company serving more than 13,000 public sector agencies, government entities, and educational institutions. He has been appointed to the company’s inaugural AI Governance Committee, directed security due diligence for two strategic acquisitions, and maintained continuous compliance with SOC 2, FedRAMP Moderate, GovRAMP, and CJIS requirements while sustaining zero customer losses due to security concerns.
Before NEOGOV, he spent more than three and a half years as SVP and CISO at Hyland, the company’s first CISO, protecting $1.3 billion in revenue and 14,000 customers while managing a $20 million security budget and approximately 75 direct and indirect reports. Before Hyland, he served four years as VP and CISO at Benefitfocus and nearly six years as CISO at IBM’s Talent Management Solutions division. He began that portion of his career as VP of information security and IT at Kenexa, which IBM acquired in 2012 for $1.3 billion. Across his career, he has led security due diligence for 15 acquisitions and two divestitures and describes himself as a four time CISO with more than 25 years of cybersecurity transformation experience.
Okey Obudulu – CISO, Skillsoft
Okey Obudulu has served as CISO at Skillsoft since May 2022, bringing more than two decades of experience protecting critical assets in private industry and government. Before Skillsoft, he spent a year as VP of information security and compliance at Codecademy and more than three and a half years as director and head of security at Justworks. He spent more than ten years at Goldman Sachs as VP of cyber security, building deep institutional depth in financial services security before moving into technology company leadership.
Earlier in his career, he spent more than six years at the Office of the New York State Attorney General, including four years as a criminal forensic investigator working alongside federal, state, and local law enforcement as part of the New York State Organized Crime Task Force, conducting digital forensic examinations and testifying in criminal proceedings. He holds an MBA in finance and information systems from Fordham University’s Gabelli Graduate School of Business and has served on Ithaca College’s Cybersecurity Advisory Board. That path from criminal forensic investigation through Goldman Sachs cyber security to SaaS CISO leadership reflects a career grounded in investigative rigor as much as technical security expertise.
John Genter – CISO, Lightspeed Systems
John Genter has spent nearly twenty one years at Lightspeed Systems, stepping into the CISO role in April 2025 after four years as VP of security and cloud operations. His path to the security seat ran through a long progression of operational leadership roles at the company, including VP of global operations, VP of global operations and customer service, and VP of operations and customer service, reflecting a career built on operational excellence before formal security accountability.
Before Lightspeed Systems, he spent more than six years at Arrival Communications as VP of customer service and support and network operations, and more than five years as CTO and partner at ACN Communications. His career traces back to the mid 1980s with roles at Contel Service Corporation and Daniells Phillips Vaughan and Bock. That two decade arc inside a single K-12 education technology company, moving from operations and customer service into cloud and security leadership, reflects an executive whose security program is built on deep institutional knowledge of the organization and the school districts it serves.
Brandon Gunter – CISO, Speridian Technologies
Brandon Gunter joined Speridian Technologies as CISO in December 2025, leading cybersecurity, risk, and compliance strategy across the company’s multi cloud platforms and global delivery centers. Before Speridian, he spent ten months as VP of information security and CISO at Lamb Weston, overseeing defensive strategies for both operating technology and information technology infrastructure at a major food processing company. Before Lamb Weston, he spent more than four years at Microsoft in security compliance and Azure infrastructure roles, including principal compliance technical program manager for Microsoft Security’s Trust and Compliance organization and director of security assurance for the Microsoft Customer and Partner Solutions division.
Earlier in his career, he spent nearly two years at Oracle as senior security technical program manager for Oracle Cloud Infrastructure, leading FedRAMP Moderate and High readiness programs, and held cyber security consulting roles at Moss Adams and Deloitte. He built deep identity and access management expertise at Deloitte and KPMG, delivering a global IAM platform supporting 197,000 employees and leading IAM implementation programs for tens of thousands of users across multiple industries. His career spans more than 15 years across cloud security, regulatory compliance, and identity management, giving him broad technical depth across the infrastructure layers that modern SaaS security depends on.
John Maguire – CISO, Noblis
John Maguire has spent nearly 26 years at Noblis, serving as CISO since January 2015 while continuing his role as cyber security and IT services manager, a position he has held since 2000. He is a hands on subject matter expert in penetration testing, network and application layer security scanning, database and operating system configuration auditing, security architecture, and incident response, and has managed dedicated information security teams supporting more than 50 federal programs hosted across five distinct cloud and bare metal computing environments over an eight year period.
He invented, developed, patented, and commercialized ScanCenter, a continuous vulnerability monitoring and remediation platform sold both commercially and to the US General Services Administration. He also delivered the world’s first federal IaaS cloud FISMA certification at the FIPS-199 Moderate impact level for Terremark Worldwide’s Federal-POD in 2009. That combination of nearly three decades of institutional tenure and a patented security product reflects a security leader whose technical contributions extend well beyond his own organization into the broader federal cloud security landscape.
Software Security Protects the Infrastructure Behind Everything Else
The companies in this feature build the platforms that public sector agencies, corporations, schools, and federal programs depend on every day. A security failure in any of these environments does not stay contained to one company. It ripples into every customer, every government agency, and every institution relying on that software to function. The leaders in this feature are building programs that treat that responsibility as central to the product itself, not as a feature bolted on afterward.
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.

