Top Cybersecurity Consulting Experts 2025

A pragmatic leader with experience guiding, building, and scaling cybersecurity and privacy programs across sectors. I formerly led the Information Security program for Udemy an EdTech firm. Implemented company-wide cybersecurity and data privacy governance programs for payment organizations, Led service delivery strategy, audits and penetration testing engagements for Consulting organizations and help company stakeholders understand likely business threats and practical methods to minimize risk.

Dr. Connie McIntosh is a cybersecurity executive, academic, mentor and international speaker. She currently serves as Head of Security at Ericsson. Dr. McIntosh integrates cybersecurity, information security, product security, operational security, and data privacy into business strategy, fostering psychological safety and cultural transformation in traditionally siloed environments. Her background is in National Security and Cyber Defense working in in key Cybersecurity Leadership roles across Defense and Government classified networks, Academia and private enterprise. Her leadership has earned her accolades such as being named among the Top 100 Women in Cybersecurity by US Cyber Defense Magazine and the Black Unicorn Award at Black Hat 2020. In 2025, she was awarded the prestigious Global Recognition Award for Leadership Excellence in cybersecurity underscoring her global recognition and influence along with 2025 Young Leader of the Year - The Fast Mode Awards 2025 recognizing exceptional individuals whose leadership, resilience, and technical depth continue to elevate the global telecom ecosystem. Connie's contributions to cybersecurity have been featured in influential books and magazines, including the groundbreaking Women4Cyber's own "Europe's Top Women in Security, Hacking Gender Barriers", along with "The Rise of Cyber Women Vol 3", "Shining the Spotlight - Stories for Business Success." and others.

Co-Founder of SG6, ITRES and DEV6. Cybersecurity consultant with a deep technical background. More than 20 years of experience in the fields of IT Security, Cybersecurity, Security Research and IT Best Practices. Dozens of acredited CVE vulnerabilities since Y2K. I publish practical offensive/defensive research: vulnerability analysis, exploitation notes, reverse engineering, and hardening/detection takeaways.

Michel Fotsing is a CISSP-certified cybersecurity architect specializing in AI governance for organizations navigating emerging regulations (EU AI Act, NIS2, Quebec Law 25, GDPR). He consults for Quebec's government through Levio and serves on the ISC2 Exam Review Commission, contributing to international cybersecurity certification standards. Author of "L'Architecte Numérique: Orchestrer les intelligences à l'ère de l'IA" (2026, distributed by Hachette), he developed the Three Zones Framework for classifying AI-augmented security decisions. He also created StructureClerk.ca, a free compliance tool covering 169 jurisdictions. Michel can speak to: AI governance and shadow AI risks for businesses, cybersecurity strategy for SMEs, the human-AI decision boundary in critical systems, and data privacy compliance across international frameworks.

Cybersecurity expert with over a decade and a half of deep-dive experience, I bring an unparalleled level of understanding and expertise in strategic Cybersecurity planning, effective risk control, and pioneering product innovation. My career reflects my role as a reliable authority for organizations of all sizes, as well as an effective liaison with different regulatory bodies.

For over 20 years, I've been on the front lines of cybersecurity, working with global organisations to help them answer critical questions like: "How effective are our security measures against a cyber attack?" My passion is empowering companies to identify and fortify their attack surface. I help leadership teams evaluate their security stack's effectiveness and build actionable roadmaps. Some of the topics I cover are Enterprise cybersecurity and strategy, culture and how it impacts cyber resilience. Emerging attacks and attacker innovation in ransomware and increasingly AI security risks. This passion for sharing actionable knowledge is why I also started writing my blog. It's my way of sharing ideas and providing insights for enterprise security defenders and educate the wider community. In my day-to-day role at Pentera, I lead a team of talented security engineers. We partner with leading organisations who are ready to embrace change. As a speaker and mentor, I enjoy challenging the norms, introducing disruptive technologies, and sharing best practices to raise the bar.

Kerem Ozturk is the founder of New Paradigm Security, an Amsterdam-based cybersecurity consultancy focused on helping European organizations protect themselves against cyber risks and achieve regulatory compliance(e.g. NIS2 and DORA). His 20+ year career spans enterprise security roles at major international companies including financial institutions and global technology consultancies like Renault, Coca-Cola, ING, DXC Technology and Cognizant where he led Cybersecurity departments, Security Operation Centers and technical projects like SIEM deployments, vulnerability management programs, and cloud security implementations. He specializes in translating complex EU cybersecurity regulations into practical governance frameworks, with particular expertise in Microsoft Security services, Virtual CISO services, and board-level risk communication.

Seasoned Cybersecurity Professional with over 15 years of experience specializing in Identity and Access Management (IAM), application security, and cryptography (PKI). Demonstrated expertise in designing and implementing robust security architectures and solutions across complex, multi-cloud environments. Known for a strategic approach to security architecture and a deep understanding of key protocols (OIDC, OAuth 2.0, SAML, MFA) and compliance standards, with a focus on enabling secure, scalable user access. With over 8 years of hands-on experience in cloud security and application security design, I have successfully led projects for global enterprises to strengthen their security posture, enhance user authentication, and protect sensitive data. Skilled in collaborating with cross-functional teams to drive security initiatives that align with business objectives and regulatory requirements. Proficient in Java, .NET, and Node.js, with an in-depth technical understanding of security tools such as OKTA CIC, SAP Gigya, PingFederate, and Microsoft Azure AD.

As a Cybersecurity Auditor operating at the intersection of complex digital infrastructures and human systems, my mission is to build resilience in an increasingly volatile world. With over 20 years of experience in Global MNCs, I’ve realized that protecting a network is only half the battle; the ultimate firewall is the clarity and alignment of the professional mind. ​I am a published author of three works that explore the architecture of security and the science of patterns: ​'The Interview': A deep dive into the technical and psychological nuances of Cybersecurity. ​'Cosmic Catalyst' & 'Beyond Constellations': Research into systemic cycles, predictive analytics, and ancient pattern-recognition frameworks. ​ My methodology is unique. By day, I audit global cybersecurity frameworks for US-based clients. Beyond the code, I am a dedicated researcher of Bio-Energetic Systems and Chronobiological Trends. I have successfully applied these 'multidimensional' patterns to predict global events and organizational shifts with high accuracy—bridging the gap between the measurable and the metaphysical. Through my research I offer high-performance philosophy to fellow cybersecurity professionals. My goal is to help leaders navigate 'zero-day' life challenges with the same precision they apply to their digitalecosystem. ​ I believe the future of leadership belongs to those who can traverse both the logical and the intuitive. I am here to help you audit your path to sovereign success.

As an IT Consultant at TechTrone IT Services, I handle technical calls from our clients and ensure 90% resolution at the first point of contact. I plan, design, and implement high-availability networks, administer network security, and provide consulting on risk management, compliance, and vulnerability management. With 18+ years in the IT field, I hold certifications such as CEH, CC, ITIL, CCNA, MCP, and MCSA, and am currently pursuing CISSP and PMP certifications.Previously, I directed the IT Department for an international construction company in Dubai, managing over 1500 endpoints across the Gulf. This role honed my abilities in large-scale IT project management and strategic IT leadership, significantly contributing to business continuity and digital transformation initiatives.

David Santiago (@DavidSecurity) is a Certified Security Professional with over 15 years of operational experience in security management, risk assessment, and physical protection. A U.S. Marine Corps veteran, David’s background includes securing U.S. embassies abroad and leading campus-wide security operations at a State Department-sponsored international school in Tunis, Tunisia, during the Arab Spring. Today, David works as a security consultant helping physical security integrators, SaaS platforms, and risk management firms improve their content marketing, thought leadership, and client engagement strategies. He specializes in creating industry-specific content—such as case studies, technical guides, and white papers—that informs decision-makers and drives growth. Based in Orlando, Florida, David actively follows the latest trends in physical security. He advises clients, contributes to leading industry publications, and regularly participates in conferences as a writer and subject matter expert.

We Expect The Unexpected - Creative Information Security Practices To Protect Your Security Blind Spots BlueSteel Cybersecurity delivers a new approach in intelligent cybersecurity protection, compliance, engineering, and strategy services. We translate the complexity of cybersecurity protection into clear and actionable insights to bridge the widening gap between organizational objectives and critical cybersecurity protection. Our enterprise-level security services are carefully engineered to help our partners prepare for future threats while meeting strict compliance requirements. We are experts in security, data, software, and IT with decades of experience analyzing and communicating complex information upon which critical decisions are made. Our goal is to prove our value – and the value of cybersecurity processes and protections – through innovative solutions that help our clients achieve their information security goals Learn more: www.bluesteelcyber.com.

Alexia P. Idoura is a cybersecurity expert and founder of Security Done Easy, where she helps primarily women-led and lgbtq-led small businesses protect their companies without needing to be technical. She specializes in practical risk prioritization, cyber insurance readiness, phishing and fraud prevention, AI-related security risks, and translating complex cybersecurity concepts into plain English. Alexia is a Stevie Award–winning business blogger, a frequent speaker and educator, and the creator of tools and programs that help founders make confident, informed security decisions.

Franco Velasquez is the CEO and founder of HostBreach, a cybersecurity advisory firm specializing in external cyber intelligence, attack surface analysis, and intelligence-driven advisory for defense contractors and regulated organizations. His work focuses on understanding how attackers identify, prioritize, and compromise targets using publicly available intelligence, often before traditional security controls detect activity. Franco advises organizations on CMMC readiness, CUI exposure, ransomware risk, and pre-incident threat visibility, helping leaders understand real-world risk beyond checklist compliance. He has experience working with OSINT-based reconnaissance, threat actor behavior analysis, and tabletop attack simulations aligned to observed intrusion patterns. He is frequently consulted on topics including ransomware trends, external exposure management, supply chain risk, and how attackers exploit misconfigurations and unpatched systems. Franco emphasizes practical, intelligence-led decision-making that helps organizations reduce risk before incidents occur.

Harman Singh, director at respected consultancy Cyphere, is an experienced security professional consulting public and private sector customers across the globe. He brings over a decade of intensive consulting experience, advising both private and public sector organisations on security matters around offensive and defensive security, particularly SOC operations maturity, CREST pen testing, risk and governance. Harman is recognised for his teaching ability; he is not just a consultant, but an educator of other experts: Black Hat Trainer: He has delivered advanced, practical training sessions at the prestigious Black Hat security conferences. Advanced Hacking: His training focuses on sophisticated techniques for attacking and defending complex digital infrastructure, upskilling security teams worldwide. Corporate Consulting: Beyond training, he possesses extensive experience consulting with corporate security teams, helping them manage threats across traditional networks and cloud-based systems. His insights—covering regulatory compliance, comments and best practices—are frequently featured in publications such as Infosecurity Magazine and Fast Company.

Luke Irwin is a cybersecurity strategist, speaker, and Founder of Aegis Cybersecurity, an Australian consultancy focused on cybersecurity governance, risk, compliance, and strategic advisory. He works with organisations to strengthen cyber resilience through clearer leadership, stronger governance, and practical security programs aligned to business priorities. He is known for helping boards, executives, and business leaders understand cybersecurity as a whole-of-business risk rather than a purely technical issue. His work centres on translating complex security and compliance requirements into commercially grounded decisions that support resilience, accountability, trust, and long-term performance. Luke advises across frameworks and standards including ISO 27001, SOC 2, Essential Eight, NIST, and SMB1001. His experience spans cybersecurity strategy, security maturity uplift, policy and control development, third-party risk, governance improvement, and fractional CISO support, particularly for small to mid-market and regulated organisations. Alongside his advisory work, Luke is a regular speaker and industry commentator on cyber risk, governance, vendor risk, and modern security leadership. He is recognised for his direct, practical perspective and his ability to bridge the gap between technical security expectations and executive decision-making.

I've worked in the cybersecurity industry for the last 20 years consulting for the top financial and legal services firms in the country. I have demonstrated history in design, implementation, and management of security programs to address risks across the cyber kill chain. Skilled in Security Strategy, Awareness, Emerging Security Technologies, Risk Assessments, Red Team Exercises, Governance, and Education. Primary focused on the law and finance sectors but have applicable knowledge to all industries.

Keith Myers is a cybersecurity and AI strategy consultant with 25 years of IT and cybersecurity leadership experience from Fortune 500 environments. He is the founder of Entori (entori.com), a boutique consulting firm that helps small and mid-sized businesses build the governance structures, security frameworks, and AI policies needed to manage technology risk at the executive level. Keith served as SVP of IT at Live Nation Entertainment and VP of International IT at Ticketmaster, where he led enterprise-scale programs across security, compliance, and technology governance. He holds CISSP and CISM certifications and has operated in environments where security, compliance, and operational continuity were daily requirements. His areas of expertise include cybersecurity risk assessment, NIST framework alignment, SOC 2 and ISO 27001 readiness, AI governance and policy development, Microsoft 365 security, and IT management consulting for small and mid-sized businesses. He brings an executive perspective to complex technology risk topics and translates that complexity into language that business leaders and boards can act on. Keith is available to comment on cybersecurity risk management, AI adoption and governance, data privacy and compliance, cyber insurance requirements, and the technology challenges facing small and mid-sized businesses.

Scott Altiparmak is a Senior Information Security Engineer with 8+ years of experience spanning identity and access management, email security, and cloud security, with a focus on building and automating enterprise security programs end to end. He is the creator of Threat Terminal, a live game-based research platform studying how humans detect phishing in the generative AI era, and maintains open-source tools including Enterprise-Zapp and Threat Intelligence Tarot. He serves as Director of Programming for the South Florida ISSA chapter and speaks regularly at industry and academic events including Tech Hub Pulse 2026, PBSC CyberWeek, and the PBSC Cybersecurity Symposium.