The Consulting Report is pleased to announce The Top 25 Cybersecurity Consultants and Leaders of 2024. As cyber threats grow in both frequency and sophistication, the need for expert guidance in safeguarding digital assets has never been greater. Businesses, governments, and institutions alike are increasingly relying on cybersecurity experts to strengthen their defenses and adapt to rapidly evolving security challenges. These leaders have demonstrated exceptional capability in helping both large and small organizations navigate the evolving cyber risk landscape, with expertise spanning industries like finance, healthcare, defense, and technology.

This year’s awardees are at the forefront of efforts to advance cybersecurity strategies, embracing both traditional practices and innovative solutions like cloud-based and AI-enabled security systems to tackle real-world challenges. They have led initiatives that not only improve risk management and bolster infrastructure resilience, but also respond to large-scale cyber incidents with agility and precision. As the global cybersecurity consulting market is projected to grow from $9.8 billion in 2023 to $51.3 billion by 2033, these leaders are driving the innovations that will shape the future of cybersecurity.

Among this year’s awardees, Robert Olsen, Senior Managing Director at Ankura Consulting, is recognized for his expertise in developing and managing complex cybersecurity and risk management programs across a diverse range of industries. Andrew Borene, Executive Director of International Markets and Global Security at Flashpoint National Security Solutions, stands out for his work in leveraging cyber threat intelligence to support critical decision-making for global enterprises. Kelly Rozumalski, Senior Vice President at Booz Allen Hamilton, has led pioneering efforts in national cyber defense, focusing on safeguarding critical infrastructure and improving cybersecurity across sectors like defense and healthcare.

This year’s awardees were selected through a methodical nomination process and careful consideration of each candidate’s career track record and industry contributions. Please join us in celebrating The Top 25 Cybersecurity Consultants and Leaders of 2024.

 

1. Rex Thexton
Firm: Accenture
Title: Senior Managing Director

Rex Thexton is a Senior Managing Director and Global Practice lead for Accenture's Global Digital Identity business, including strategic advisory services, technology implementation, and security outsourcing. Accenture is a leading global professional services company that helps the world’s leading businesses, governments and other organizations build their digital core, optimize their operations, accelerate revenue growth, and enhance citizen services. Thexton brings more than 15 years of experience in identity and access management technologies. 

In his more than 25 years in technology services, Thexton has served as an effective practice leader, company founder, and trusted industry advisor. He helps solve management and technology challenges related to security, infrastructure, and digital identity strategy for Accenture’s clients. Prior to Accenture, Rex led PwC’s Identity and Access Management business for eight years. Before that, he was the Chief Technology Officer at Entology, which PwC acquired.

 

2. Ida Kristensen
Firm: McKinsey and Company
Title: Senior Partner

Ida Kristensen is a Senior Partner at McKinsey and Company, a global management consulting firm. She serves as the global co-convener and North American lead for the Risk and Resilience practice, and leads the firm's Cybersecurity practice. Kristensen advises clients on a broad spectrum of risk and regulatory issues, including cybersecurity, operational risk, compliance, capital management, and enterprise risk management strategy, as well as regulatory transformation efforts.

 

3. Nicole Koopman
Firm: EY
Title: Managing Director

Nicole Koopman is a Managing Director at EY, where she leads the Cyber Alliance Ecosystem, driving cyber partnerships and fostering global connections. With over 15 years of experience in the field, Koopman plays a key role in aligning technology with business needs and shaping strategic initiatives that enhance EY's capabilities.

 

4. Mark Leggate
Firm: Bain and Company
Title: Partner

Mark Leggate is a Partner at Bain and Company, where he is an expert in the firm’s enterprise technology, cybersecurity and financial services practices. With over 15 years' experience across a range of industries, Leggate has deep expertise in IT transformation strategy, IT operating model and cybersecurity.

 

5. Karen Schuler
Firm: BDO USA
Title: Principal, Head of Global Privacy and Data

Karen Schuler is a Principal at BDO USA, and leads the U.S. and Global Privacy and Data Protection business line. BDO professionals provide assurance, tax and advisory services for a diverse range of clients across the U.S. and in over 160 countries. With over 30 years of experience, Schuler has built and managed organizations specializing in investigations and data protection services.

 

6. Julio San Jose
Firm: Alvarez and Marsal
Title: Managing Director, Digital Transformation and Cybersecurity

Julio San Jose is a Managing Director with Alvarez and Marsal Global Cyber Risk Services in Madrid. Alvarez and Marsal specializes in advisory services focused on turnaround management, corporate restructuring, and performance improvement for high-profile businesses and their stakeholders.

 

7. Lucas Sy
Firm: Strategy&
Title: Partner

Lucas Sy is a Partner at Strategy&, where he advises on strategic transformation projects, with a focus on cybersecurity and cloud resilience. His experience in management consulting spans cyber, cloud, and sovereign digital transformation initiatives, particularly for the public sector. Sy’s work centers on bridging the gap between digital transformation efforts and corresponding cybersecurity strategies. Through PwC's integrated network, he provides comprehensive support across the cyber value chain, from strategy development to security management.

With 10 years of consulting experience, Lucas has worked with clients in government, defense, and intelligence organizations. Prior to his consulting career, he served for 12 years in the German Armed Forces, specializing in strategic communication. Lucas holds an MBA and graduated from the London School of Economics and from the University of New South Wales Canberra.

 

8. Gérôme Billois
Firm: Wavestone
Title: Partner, Cybersecurity and Operational Resilience

Gérôme Billois is a cybersecurity Partner at Wavestone, where he has spent the past 20 years shaping the cybersecurity strategies of global organizations. Gérôme is a trusted advisor to CISOs, particularly during large-scale cyberattacks, where his guidance helps organizations navigate crises with precision and resilience.

Known for his ability to translate complex cybersecurity challenges into actionable strategies, Gérôme works closely with executive committees and boards to drive effective change. His current focus is on securing AI systems, playing a key role in global projects that address high-impact use cases.

Gérôme actively contributes to innovation ecosystems, nonprofit initiatives, and professional communities in the cybersecurity field. He is recognized for his thought leadership through publications like the CISO Radar and AI Cyber Startup Radar, and more recently, a pioneering methodology for cyber sustainability. Gérôme is also an accomplished author, with several books meant to serve as resources for both cybersecurity professionals and newcomers.

 

9. Tom Teixeira
Firm: Arthur D. Little
Title: Partner

Tom Teixeira is a Partner at Arthur D. Little, based in the firm's London office, where he is responsible for enhancing and expanding the Risk practice’s service offerings. Arthur D. Little is a management consultancy that integrates strategy, innovation, and technology to drive client success.

 

10. Robert Olsen
Firm: Ankura Consulting
Title: Senior Managing Director

Robert Olsen is a Senior Managing Director at Ankura, based in Washington, D.C. He is the Global Head, Cybersecurity and Privacy and has over 25 years of experience developing, implementing, and managing complex cybersecurity and information technology enterprise risk management programs. He has served as a chief information officer and chief information security officer for clients across a diverse set of industries and organizational sizes. 

Robert is a leader in the provision of reactive, data analytics, and proactive cybersecurity services to government, private industry, and not-for-profit clients. He has executive leadership experience and has previously provided reactive, data analytics, and proactive cybersecurity services. Robert also served as CISO for clients across a range of industries, including manufacturing, finance, and private equity. He is also a serial entrepreneur and adjunct professor of cybersecurity at Johns Hopkins University.

Robert has also provided enterprise risk management and technical cybersecurity services to commercial, government, and not-for-profit clients and has provided systems engineering and technical program management services to federal agencies. He has led the operations team for a 2,500-person international organization, and led a program management organization responsible for information technology, acquisition integration, field operations, and product development. 

 

11. Andrew Turner
Firm: Booz Allen Hamilton
Title: Executive Vice President

Andrew Turner leads Booz Allen's Global Commercial business, bringing over 20 years of experience in cybersecurity and consulting. He oversees a diverse portfolio of solutions focused on cyber risk, resilience, and response across environments such as OT, cloud, and enterprise, all supported by AI and innovative strategies.

In his role, Andrew is focused on bringing advanced cyber solutions and driving cyber resiliency for some of the largest global companies across the financial, energy, software and high tech, and manufacturing sectors. He is accelerating Booz Allen’s Commercial business into new areas such as OT resiliency, AI-enabled cyber defense, and securing global supply chains from emerging cyber threats. 

Previously, Andrew served as CISO or CSO for several Fortune 500 companies. Most recently, he served as the CSO for a leading fintech company, overseeing an integrated security organization responsible for information security, financial crimes, and corporate investigations.

He has also held roles as member of the Virginia Cybersecurity Commission and the Bank of England's Cyber Resilience Board.

 

12. Brad Medairy
Firm: Booz Allen Hamilton
Title: Executive Vice President

Brad Medairy is a technology executive who leads Booz Allen’s National Cyber account. He focuses on the cyber missions of national-level clients, including the intelligence community, U.S. Cyber Command, FBI, the Department of Homeland Security, Cybersecurity and Infrastructure Security Agency, and the Department of Defense. 

Brad is responsible for addressing some of the nation’s top cybersecurity challenges, including protecting critical infrastructure, securing the supply chain, protecting emerging platforms including 5G, medical devices, and weapons and space systems, and defending the extended federal enterprise against cyber attacks. 

Brad is dedicated to advancing the nation’s capabilities in cyberspace by integrating emerging technologies with intelligence tradecraft to deliver advanced, full-spectrum cyber solutions. He leads a multidisciplinary team of cyber operators, AI and machine learning engineers, software developers, and cloud engineers to develop and deliver these solutions across the federal and commercial markets.

Brad is a senior fellow with Auburn University's McCrary Institute for Cyber and Critical Infrastructure Security, and was named a Top 50 Cybersecurity Leader of 2023 by The Consulting Report. In addition, he serves as an advisory board member for the University of Maryland, Baltimore County, and the George Mason University Volgenau School of Engineering. Brad earned a bachelor’s degree from the University of Maryland, Baltimore County, and a master’s degree from Johns Hopkins University.

 

13. Sean Joyce
Firm: PwC
Title: Global Cybersecurity and Privacy Leader

Sean Joyce is the Global and U.S. Cybersecurity and Privacy Leader and U.S. Cyber, Risk, and Regulatory Leader at PwC. In this role, he collaborates with boards and C-suite leaders across various industries, helping organizations address cybersecurity challenges, manage risk, and enhance resilience. 

Prior to PwC, Joyce held various roles in both the public and private sectors. Joyce graduated from the Tuck School of Business at Dartmouth with an MBA and from Boston College with an undergraduate degree in business administration and computer science.

 

14. Kelly Rozumalski
Firm: Booz Allen Hamilton
Title: Senior Vice President

Kelly Rozumalski is a Senior Vice President at Booz Allen, where she leads the National Cyber Defense business. She focuses on developing solutions that address some of the nation’s top cybersecurity challenges, including protecting critical infrastructure, securing the supply chain, defending the federal enterprise against cyber threats, and safeguarding connected devices such as operational technology, space mission systems, and weapons systems.

Kelly has over a decade of experience driving differentiated solutions to help clients identify and understand cyber risks, automate compliance for real-time insights into security weaknesses, and mitigate vulnerabilities to reduce cyber threats. Her team drives cyber defense capabilities from zero trust to cyber physical defense, and she supports the core missions of national-level clients, including the Cybersecurity and Infrastructure Security Agency and the Department of Defense.

Kelly is also committed to strengthening cybersecurity in the healthcare industry. She takes a holistic approach to bringing medical device manufacturers, regulators, hospital systems, medical providers, and patients together to secure the healthcare ecosystem. Kelly and her team collaborate with federal and commercial clients to drive next-generation service offerings that combat vulnerable channels to biological data. 

 

15. Aniket Bhardwaj
Firm: Charles River Associates
Title: Vice President, Global Incident Response and Cyber Threat Operations

Aniket Bhardwaj is the Global Crisis Management Lead and Vice President of Global Cybersecurity and Privacy Services at Charles River Associates, a global consulting firm providing economic, financial, and strategic expertise to major law firms, corporations, accounting firms, and governments. Based in Toronto, Bhardwaj oversees the firm's Global Cybersecurity and Incident Response Investigations, Forensics Services practice, where he provides cyber intrusion investigations, crisis management, and post-incident recovery services to clients worldwide.

With over 20 years of experience, Bhardwaj is highly skilled in crisis management and response, helping organizations rapidly contain and recover from cyber incidents. He also advises on risk and resilience, ensuring that businesses not only recover but also fortify their defenses to withstand future threats. His expertise extends to cybersecurity transformation, where he leads post-crisis engagements to help organizations rebuild and enhance their security posture, aligning technology, people, and processes to prevent recurrence.

In addition to his work in operational crisis management, Bhardwaj serves as a trusted Board-level advisor, helping leadership teams improve their cybersecurity preparedness and navigate increasingly complex regulatory environments. His experience spans threat intelligence, attack surface identification, security hygiene, and compromise discovery, positioning him as a recognized leader in cybersecurity.

Before joining Charles River Associates, Bhardwaj was a key leader within PwC’s Global Cyber Threat Operations team across the Americas and the EU, where he led significant incident response and cybersecurity transformation projects. Bhardwaj holds certifications such as GCIA, GREM, GCFA, and GNFA, along with a master’s degree in security and cryptography from Johns Hopkins University.

 

16. David Forbes
Firm: Booz Allen Hamilton
Title: Principal

Dave Forbes leads Booz Allen’s Cyber Physical Defense business, including operational technology (OT), weapon systems, and space mission systems cybersecurity. In this role, he focuses on the cyber defense missions of clients across the federal civilian, defense, and intelligence communities. 

Forbes works closely with government leaders to understand their current environment, assess their ability to protect critical infrastructure, and support mission readiness. His team has contributed to OT cybersecurity modernization at DoD installations to enable cyber defense as a mission enabler. Forbes prioritizes advancing capabilities such as zero trust and weapon system anomaly detection into the cyber physical defense space. 

Prior to Booz Allen, Forbes served 11 years in the U.S. Army, where he was posted to command or staff positions at the company through division level. He earned a master’s degree from the George Mason University School of Public Policy and a bachelor’s degree from Norwich University, the Military College of Vermont. He is the chair of the Norwich University Board of Fellows for the Senator Patrick Leahy School of Cybersecurity and Advanced Computing.

 

17. Matthew McFadden
Firm: General Dynamics Information Technology
Title: Vice President, Cyber

Matthew McFadden is the Vice President of Cyber and Distinguished Technologist for General Dynamics Information Technology (GDIT), a global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. He leads cybersecurity initiatives across various sectors, including health, civilian, defense, homeland security, and the intelligence community. McFadden works closely with GDIT’s partners to develop innovative and scalable solutions that address mission-critical challenges. 

McFadden is responsible for advancing GDIT's cyber capabilities and building strong partnerships with cybersecurity professionals. By leveraging collective expertise, his goal is to position GDIT as a thought leader in the cyber domain while highlighting its cybersecurity qualifications. He also leads the firm’s Cyber Center of Excellence, Cyber Digital Consulting Team, and GDIT Digital Accelerators, which include initiatives like Eclipse Defensive Cyber Operations, and Tidal Post Quantum Cryptography.

Previously, McFadden was a cybersecurity service area director at CSRA Inc. Earlier in his career he worked with Computer Sciences Corporation as a lead cyber and network intrusion subject matter expert. McFadden earned a doctorate of computer science from Colorado Technical University, a master’s degree in information technology, and an undergraduate degree in software engineering and network security from the University of Advancing Technology.

 

18. Charles Jacco
Firm: KPMG
Title: Principal, Cyber Security Services

Charles Jacco is a Principal in the New York office of KPMG LLP’s Advisory Services practice, and is the U.S. Cyber Defense Lead and the Global Cyber Security Services Financial Services Industry Lead. Jacco has spent over 20 years working across multiple areas of information security, including security strategy and governance, security transformation, digital identity, enterprise identity and access management, and cyber defense.

Jacco has extensive experience designing and implementing a wide range of technology-based security solutions, with a broad background in technology and infrastructure planning, transformation, and delivery. He is also a Sector Board Member of the FS-ISAC, where he engages with executives across the financial services industry on various cybersecurity and cyber risk issues. Previously, Jacco was a Managing Director at Accenture. He earned an undergraduate degree in computer systems engineering from the University of Massachusetts Amherst.

 

19. David Sun
Firm: CohnReznick
Title: Principal, Cybersecurity

David Sun is a Principal and National Leader of Incident Response and Forensics in CohnReznick’s Cybersecurity, Technology Risk, and Privacy practice. With 25 years of experience in cybersecurity and IT management, he specializes in responding to data breaches, privacy incidents, internal employee malfeasance, and government agency investigations.

David has served as a testifying expert or court-appointed expert in hundreds of litigation matters. His notable cases include providing expert testimony on the handling of classified information by a Cabinet member and the destruction of public records by a sitting mayor of a major city. He has also conducted security assessments for the United Nations, the 2004 Summer Olympics, and various United States Federal Reserve Banks.

Additionally, David has assisted multiple state attorneys general in investigating data privacy violations. With a strong background in cyber incident response, he focuses on cybersecurity advisory services, developing practical strategies to address emerging risks, including threats to cloud-based environments.

Before joining CohnReznick, David founded and served as president of SunBlock Systems, Inc., a global litigation and cybersecurity advisory firm, from 2002 to 2019. Following its acquisition, he joined CliftonLarsonAllen as a principal and national practice leader for cyber incident response and forensics. He also co-founded and served as Chief Technology Officer of S34A, a company that researched advanced computer forensics techniques for the Department of Homeland Security and other government agencies.

 

20. Andreas Grau
Firm: Consileon Business Consultancy GmbH
Title: Head of Cyber Security

Andreas Grau serves as the Head of Cyber Security and Senior Project Manager at Consileon Business Consultancy GmbH, where he oversees cybersecurity initiatives. Consileon provides strategic, operational and IT consulting to help companies solve complex business issues ranging from positioning on their respective markets through development of marketing approaches to technical implementation. Grau brings 14 years of experience to his current role. Before joining Consileon Business Consultancy GmbH, he was a software engineer specializing in enterprise integration at tarent.

 

21. Andrew Borene
Firm: Flashpoint National Security Solutions
Title: Executive Director

Andrew Borene is Executive Director of International Markets and Global Security at Flashpoint, a private threat intelligence firm supporting mission-critical decision-making for organizations worldwide. He leads a global team that works with Forbes Global 2000 enterprises across more than 50 countries. A Certified Information Systems Security Professional and licensed attorney, Borene brings 25 years of experience in national security, intelligence, privacy, and cybersecurity. He is recognized for his expertise in international public-private partnerships, open-source intelligence, and cyber threat intelligence.

Before joining Flashpoint, Borene held leadership roles at Fortune 500 technology companies including IBM, Symantec, Booz Allen Hamilton, LexisNexis, and Wells Fargo. He also served as Chief Privacy Officer at the National Counterintelligence and Security Center, where he developed a government privacy compliance framework for data and operational programs. His federal service includes roles in counterterrorism planning and legal counsel at the Pentagon, alongside service in the U.S. Marine Corps.

Borene serves on the board of the European Marshall Center’s Partnership for Peace Consortium and advises several organizations, including Lexpat Global Services, Hilltop Technologies, and George Mason University’s National Security Institute. He holds a JD from the University of Minnesota Law School, a bachelor’s degree in economics from Macalester College, and executive education in international finance from Harvard University.

 

22. Eric Thompson
Firm: Kroll
Title: Managing Director Cyber Risk

Charlie Jacco is a Principal in the New York office of KPMG LLP’s Advisory Services practice, and is the U.S. Information Protection and Cyber Security Financial Services industry lead. Jacco has focused extensively in multiple disciplines of the information security field including Security Strategy & Governance, Security Transformation, Digital Identity, and Cyber Defense over the last 15 plus years.

 

23. Emily Mossburg
Firm: Deloitte
Title: Global Cyber Leader

Emily Mossburg is the Global Cyber Leader of Deloitte. Mossburg leads Deloitte’s Global Cyber practice and serves as the leader for the Cyber Strategic Growth Offering for the U.S. member firm. In these roles, she drives the development and execution of Deloitte's global cyber strategy, expanding the practice’s reach and enhancing its innovative cyber capabilities. 

 

24. John Pearce
Firm: Grant Thornton
Title: Principal, Cyber Risk Advisory Services

John Pearce is a Principal with Grant Thornton Cyber Risk Advisory Services. He has 20 years of professional experience conducting a number of large scale engagements in security program strategy and implementation, security operations capability maturity and development, advanced intrusion analysis, and cyber remediation.

 

25. Sudarshan Singh
Firm: Capgemini
Title: Vice President

Sudarshan Singh is a Vice President at Capgemini, where he has held various leadership roles over the past 16 years. Based in Mumbai, India, Singh currently serves as the Group Cybersecurity Leader for Governance, Risk, and Compliance, leading key initiatives to strengthen cybersecurity frameworks and ensure risk management compliance across the company.