The Consulting Report is pleased to announce The Top 25 Cybersecurity Consultants and Leaders of 2025. Cybersecurity has become one of the defining disciplines of modern enterprise, shaping how governments, financial institutions, and global corporations operate and safeguard trust. As digital systems now underpin everything from energy grids and hospitals to supply chains and financial markets, the scale and sophistication of threats have made security a board-level priority.
Behind every resilient organization are the experts who anticipate attacks, contain breaches, and rebuild systems stronger than before. The individuals recognized here design the frameworks, controls, and response capabilities that keep critical operations running. They advise on policy, architecture, and risk management, lead recovery from incidents that could paralyze industries, and mentor the teams that defend essential infrastructure. Together, they have helped move cybersecurity from a technical discipline to a central pillar of business continuity and organizational trust.
Among this year’s awardees, Rex Thexton, Senior Managing Director and Global Chief Technology Officer for Accenture Cybersecurity, stands out for leading the firm’s Cyber Protection business and re-architecting identity and access management at a global scale. With more than 30 years of experience, he has driven complex cybersecurity transformations that combine AI, cloud, and zero-trust architectures for multinational clients.
Daphne Lucas, Partner and National Leader of Cyber Security at Deloitte Canada, is recognized for directing a 500-member team delivering enterprise-wide programs that integrate risk management, data analytics, and cyber governance. And Del Heppenstall, Partner and Head of Cyber Advisory at KPMG UK, has led some of the UK’s largest security transformation initiatives across government, defense, and public sectors, restoring critical systems and shaping long-term cyber resilience strategies.
This year’s awardees were selected through a methodical nomination process and careful consideration of each candidate’s career track record and industry contributions. Please join us in celebrating The Top 25 Cybersecurity Consultants and Leaders of 2025.
1. Rex Thexton
Firm: Accenture
Title: Senior Managing Director
Rex Thexton is a Senior Managing Director at Accenture and serves as the Global Chief Technology Officer (CTO) for Accenture Cybersecurity, where he leads the company's Cyber Protection business. With more than 30 years of experience in technology services, Rex has established himself as a visionary leader in cybersecurity, infrastructure, and digital identity strategy. Over the past two decades, he has excelled as a practice leader, company founder, and trusted advisor, guiding organizations through complex management and technology challenges in an increasingly threat-laden digital landscape.
Prior to joining Accenture, Rex spent eight years leading PwC's Identity and Access Management (IAM) business, where he drove innovative security solutions and strategic implementations. Before that, he served as CTO at Entology, a cybersecurity firm specializing in identity and access solutions, which was successfully acquired by PwC. His career trajectory reflects a deep commitment to building resilient cybersecurity frameworks, with expertise spanning more than 15 years in cloud, network, data, and IAM security technologies.
In his current role, Rex is currently spearheading a major transformation initiative for a leading global financial services institution, re-platforming its entire worldwide IAM infrastructure to enhance scalability, reduce technical debt, and bolster defenses against evolving threats. Rex's approach emphasizes vendor and tool consolidation, leveraging AI and cloud technologies to deliver efficient, scalable solutions that protect clients' digital assets while simplifying operations.
Rex has a proven track record of executing strategic projects through a blend of strong relationship-building with C-suite executives and cutting-edge technological insight. His impressive career accomplishments include founding and developing multiple consulting organizations, deploying high-impact technology solutions, and fostering enduring partnerships with clients and ecosystem vendors.
Under his leadership, Accenture Security has earned prestigious accolades, including multiple Global Systems Integrator of the Year honors across the ecosystem. These achievements underscore his role in positioning Accenture as a leader in cloud security and zero-trust architectures, driving long-term growth and innovation in the industry.
Based in the Miami-Fort Lauderdale area, he remains actively engaged in thought leadership on cybersecurity trends, including the integration of AI for identity analytics and the importance of proactive digital identity management in mitigating risks like ransomware.
2. Ida Kristensen
Firm: McKinsey & Company
Title: Senior Partner
Ida Kristensen is a Senior Partner at McKinsey & Company, a global management consulting firm that advises corporations, governments, and institutions on strategic and operational issues. With 26 years of experience, Ida is the global co-convener and North American lead for McKinsey’s Risk & Resilience Practice, as well as the global lead for the Cybersecurity Practice.
3. Jordan Rae Kelly
Firm: FTI Consulting
Title: Senior Managing Director
Jordan Rae Kelly is a Senior Managing Director and Head of Cybersecurity for the Americas at FTI Consulting. FTI Consulting is a global business advisory firm that helps organizations manage change, mitigate risk, and resolve complex challenges in areas such as corporate finance and restructuring, economic and forensic consulting, technology, and strategic communications.
4. Sean Wessman
Firm: EY
Title: Partner
Sean Wessman is a Partner at EY and the Industrial Products Cyber Leader, advising some of the world’s most influential organizations. He helps global enterprises strengthen defenses, modernize operations, and lead through technological disruption. His expertise spans cybersecurity strategy, AI-driven innovation, and platform transformation—enabling clients to manage risk while accelerating performance and growth.
Sean focuses on how emerging technologies, particularly artificial intelligence, are redefining operating models and elevating security as a driver of value creation. His consulting success is grounded in deep technical roots, beginning at AT&T where he developed services and managed advanced labs. He holds a bachelor’s degree in computer science with a specialization in software engineering from Western University.
5. Del Heppenstall
Firm: KPMG UK
Title: Partner
Del Heppenstall is the lead Partner in Cyber Advisory at KPMG UK, where he has spent over 20 years at the forefront of cybersecurity. Del has consistently led and directed major cybersecurity programs across diverse sectors, demonstrating exceptional leadership in transforming the security posture and capabilities of significant organizations. His leadership has been instrumental in providing critical security insight, expertise, and strategic direction to multiple sectors including government and wider public sector bodies, and the demanding aerospace and defense sectors.
Del has spearheaded some of the UK’s largest security transformation programs, including delivering multi-million-pound change agendas in multiple sectors. Currently, Del leads a team of over 350 specialist practitioners dedicated to helping clients manage cyber risk through advisory, transformation and managed services.
Del's expertise extends to leading investigations into security breaches, successfully restoring services and eradicating threat actors. He has also advised clients on a wide range of topics, from security strategy and organizational design to technical security solution implementation and operations.
6. Daphne Lucas
Firm: Deloitte
Title: Cyber & Strategic Risk Leader
Daphne Lucas is a Partner at Deloitte and the National Leader of Cyber Security in Canada. With over 20 years of experience in cybersecurity and risk management, she leads a team of more than 500 professionals delivering a full suite of cyber services across industries. Daphne specializes in developing and implementing risk-based, data-driven cybersecurity programs and advising Boards and C-suite executives on cyber strategy, governance, and emerging threats.
Earlier in her career, she held leadership roles in enterprise information security at Suncor Energy and served as a security advisor at BMO Financial Group. Daphne holds a master’s degree in mathematics, specializing in combinatorics and optimization with a focus on cryptography, and a bachelor’s degree in mathematics from the University of Waterloo, as well as a bachelor’s degree in education from Queen’s University.
7. Gerome Billois
Firm: Wavestone
Title: Partner
Gérôme Billois is a Partner at Wavestone, where for more than 20 years he has helped global organizations define and execute forward-looking cybersecurity strategies. Recognized for blending technical expertise with strategic insight, he advises CISOs, executive committees, and boards on turning cybersecurity into a driver of trust, resilience, and business transformation.
His current focus areas include AI security, product and OT systems protection, and enterprise-wide cyber resilience. Gérôme is particularly valued for his ability to anticipate major shifts, from agentic AI to post-quantum cryptography, and translate them into actionable roadmaps for organizations worldwide.
Beyond client work, he is deeply engaged in advancing the cybersecurity ecosystem. He drives innovation initiatives and nonprofit projects, and is the author of influential publications such as the CISO Radar, the Cyber Startup Radar, and the first open-source methodology for cyber sustainability. A frequent speaker at leading international conferences and a trusted voice in the media, Gérôme is widely recognized as one of Europe’s foremost experts on the future of cybersecurity.
8. Frank Ford
Firm: Bain & Company
Title: Partner
Frank Ford is a Partner at Bain & Company and head of the firm’s global Cybersecurity Practice. He is also a member of Bain’s Enterprise Technology practice in EMEA, where he focuses on cloud-enabled business transformation and leads the firm’s cloud solutions and products globally.
9. Jotham Nyamari
Firm: Tata Consultancy Services
Title: Partner
Jotham Nyamari is a Partner at Tata Consultancy Services (TCS). TCS is a global IT services, consulting, and business solutions organization that helps businesses navigate digital transformation. A part of the Tata Group, the company provides a broad range of IT-enabled and engineering services through its Global Network Delivery Model. TCS partners with leading global organizations to drive innovation and technology-led growth.
10. Cindi Bassford
Firm: Guidehouse
Title: Partner
Cindi Bassford is a nationally recognized cybersecurity leader and Partner at Guidehouse, where she leads the firm’s Cybersecurity practice with a mission to deliver measurable impact. With over 25 years of experience, Cindi has helped federal agencies, Fortune 500 companies, and critical infrastructure providers navigate today’s most complex cyber threats with precision, innovation, and resilience.
Cindi is known for her hands-on approach to translate strategic vision into operational outcomes. Under her leadership, Guidehouse’s cyber team has delivered cutting-edge solutions that reduce risk, ensure regulatory compliance, and protect the confidentiality, integrity, and availability of mission-critical data. From Zero Trust architectures and secure data exchanges to AI-enabled threat detection and cyber risk quantification, Cindi’s work is shaping the future of cybersecurity across sectors.
Cindi is a trusted advisor to senior government and industry leaders, helping them make informed decisions in high-stakes environments. She is also a champion for workforce development, mentoring the next generation of cyber professionals and building diverse, high-performing teams.
At Guidehouse, Cindi is driving a cybersecurity platform that blends advisory, technology, and managed services to deliver tangible results. The firm’s integrated approach across solutions and private/public sectors empowers clients to stay ahead of evolving threats, modernize their cyber posture, and build lasting resilience in an increasingly digital world.
11. Derek Han
Firm: Grant Thornton
Title: Partner
Derek Han is a Partner at Grant Thornton, a leading professional services firm that provides assurance, tax, and advisory services to clients. At Grant Thornton, Derek serves in the Advisory Cyber Risk Services Group, where he helps organizations manage information security, IT risk, and data protection challenges. With more than 27 years of experience, he advises Fortune 500 and global clients across sectors such as financial services, healthcare, transportation, and consumer products.
12. Jill Cochrane
Firm: World Wide Technology
Title: Vice President, Global Security Consulting
Jill Cochrane is a globally recognized cybersecurity executive with over 20 years of experience leading complex security transformations for Fortune 100 companies and global enterprises. As Vice President of Global Security Consulting at World Wide Technology (WWT), she leads a high-performing team that delivers comprehensive solutions across cyber resilience, cloud security, data security, zero trust, and cyber risk management. Under her leadership, WWT’s security practice has achieved substantial revenue growth through the transformation of service delivery models, operational stabilization, and the development of tailored, client-centric programs.
Throughout her senior leadership roles at MetLife, the Royal Bank of Canada, and her own consulting firm, she is valued for her ability to align technology strategy and enable clients to reduce risk, modernize infrastructure, and drive growth. Her expertise spans a broad range of industries, including financial services, healthcare, legal, and education, where she has led enterprise-scale initiatives such as data center migrations, identity and access modernization, and full-scale technology transformations.
Jill was recognized as one of the Top 50 Leaders in Cybersecurity of 2023 by The Consulting Report and actively serves on multiple industry boards.
13. Thomas Fuhrman
Firm: Marsh
Title: Managing Director
Thomas Fuhrman is Managing Director of Cybersecurity Consulting and Advisory Services at Marsh Risk Consulting (MRC), where he leads the firm’s cyber risk practice across North America and collaborates with Marsh & McLennan’s operating companies on a range of cybersecurity initiatives. He advises clients on enterprise-wide cybersecurity strategy, risk quantification, and resilience.
14. Dan Resnick
Firm: CliftonLarsonAllen
Title: Managing Principal
Dan Resnick serves as the Managing Principal of Cybersecurity at CLA, one of the nation’s largest professional services firms dedicated to delivering integrated audit, tax, consulting, and outsourcing solutions. At CLA, which operates under the mission to create opportunities for clients, communities, and people, Dan leads the firm’s national cybersecurity practice, guiding a team of practitioners across technical assessments, governance and risk advisory, and specialized security services.
Under his leadership, CLA’s cybersecurity practice has expanded its capabilities to address the rapidly evolving threat landscape, delivering penetration testing, third-party risk management, and regulatory compliance assessments for clients across industries. Dan is recognized for his ability to bridge technical expertise with executive-level strategy, enabling organizations to better manage risk and strengthen resilience.
With more than 15 years of experience, Dan has held leadership roles in both Big 4 consulting and Fortune 20 enterprise environments, bringing a proven record of building and maturing security programs.
15. Charles Jacco
Firm: KPMG
Title: Principal
Charlie Jacco is a Partner in the New York office of KPMG LLP’s Advisory Services practice and has several leadership roles for the Cybersecurity & Tech Risk (CTR) offering, including Global CTR Financial Services Industry Lead, Global Cyber Managed Services Lead, and US Cyber Threat Management Lead. He has focused extensively in multiple disciplines of the information security field over the past 25 years across Cyber Defense and Threat Management, Security Transformation, Digital Identity, and Security Strategy & Governance.
Charlie has been honored as one of the Top 25 Cybersecurity Consultants for three years in a row in 2023, 2024, and 2025 from The Consulting Report, and was honored as one of the Top 25 Cybersecurity Executives in 2020 by the IT Services Report.
16. Andreas Grau
Firm: Consileon Business Consultancy GmbH
Title: Senior Project Manager
Andreas Grau serves as Senior Project Manager, Strategy and Transformation, and Head of Cyber Security and IT Transformation at Consileon Business Consultancy GmbH. Consileon is a German management and IT consultancy that helps companies navigate business transformation and digitization from concept to implementation. The firm operates across multiple offices and serves clients such as banks, insurance companies, automobile manufacturers, retail organizations, and IT firms.
At Consileon, Andreas oversees cybersecurity initiatives and leads strategic transformation projects, guiding organizations in aligning technology, operations, and business objectives. He has 14 years of experience guiding organizations through IT modernization, digital resilience, and complex transformation programs. Andreas began his career in 2010 as a software engineer, enterprise integration at tarent, where he gained foundational experience in system integration and software development.
17. Jayne Goble
Firm: KPMG UK
Title: Operational Technology Security Lead
Jayne Goble is the Operational Technology Security Lead at KPMG UK, where she established and leads the firm’s OT Security business. She oversees a 27-member team responsible for protecting critical national infrastructure and delivering cybersecurity solutions across oil and gas, renewables, utilities, and industrial manufacturing sectors. She has more than 17 years of experience leading global projects ranging from rapid response to national infrastructure attacks to the deployment of large-scale interception and intelligence platforms.
A specialist in industrial control systems and IT/OT convergence, Jayne has served as a trusted advisor to the UK Government and the National Cyber Security Centre’s Industrial Control Systems working group. She designed the UK’s first Data Security and Protection (DSP) standard, which now governs security compliance for more than 50,000 healthcare and private organizations connected to NHS systems. Her project portfolio spans sectors from healthcare and manufacturing to oil and gas, where she has led multi-million-pound OT security implementations and complex transformation programs.
At KPMG, Jayne has partnered with Lancaster University to launch a state-of-the-art OT security testing lab and a research program focused on advancing cybersecurity innovation. She also co-founded a consortium with Lancaster University and the National Cyber Security Centre’s CyberFirst initiative to expand access to technology careers and improve diversity in the cyber sector—engaging more than 2,000 students across the UK.
Jayne holds a PhD in Applied IT Communications Systems from Newcastle University and multiple professional certifications, including CISSP, CCP, ISO 27701/2 Lead Auditor, and Microsoft Azure IoT Developer Specialty. A frequent keynote speaker and published author on OT and medical device cybersecurity, she is widely regarded as a leading authority on securing critical national infrastructure and developing the next generation of cybersecurity talent.
18. Andrew Miller
Firm: PwC UK
Title: Partner
Andrew Miller is a Partner at PwC UK, a leading professional services firm providing audit, consulting, deals, risk, and tax services to public and private clients. Andrew leads the firm’s government and public sector cybersecurity practice, overseeing major initiatives in information security, cyber risk, and operational transformation.
19. Shinoy George
Firm: Protiviti
Title: Managing Director
Shinoy George is a Managing Director and the Security Operations and Managed Security Services (MSS) Practice Leader at Protiviti, a global consulting firm providing services in internal audit, risk, business, and technology. Shinoy leads the firm’s cybersecurity operations and managed security services practice, overseeing delivery of cyber defense solutions, forensics, and the design and operation of client cybersecurity centers.
20. Julio San Jose
Firm: Alvarez & Marsal
Title: Managing Director
Julio San Jose is a Managing Director with Alvarez & Marsal Global Cyber Risk Services in Madrid. Alvarez & Marsal is a global management consulting firm providing business performance improvement, turnaround management, and advisory services. Julio leads the firm’s cybersecurity and digital transformation initiatives, advising clients on security innovation, IT management, risk management, compliance, and IT audit for critical environments.
21. Eric Chuang
Firm: BDO USA
Title: Managing Director
Eric Chuang is a Managing Director at BDO USA, leading the firm’s Incident Response and Cybersecurity services. BDO USA is the U.S. member firm of the international BDO network, providing accounting, tax, and advisory services across industries. The firm offers audit and assurance, business services and outsourcing, and digital and technology consulting.
22. Eric Thompson
Firm: Kroll
Title: Managing Director
Eric Thompson is a Managing Director in the Cyber Risk practice at Kroll, a global advisory firm providing services in cybersecurity, risk management, and financial consulting. Kroll helps clients mitigate risks, manage security, and make informed financial decisions. The firm’s cybersecurity services include incident response, digital forensics, and strategic advisory to address evolving cyber threats.
23. Scott Stransky
Firm: Marsh McLennan
Title: Managing Director
Scott Stransky is Managing Director and Head of the Marsh McLennan Cyber Risk Intelligence Center. The Center launched in 2021 to provide cyber modeling, thought leadership, and cyber analytics guidance across Marsh McLennan. Under his leadership, the Center leverages Marsh McLennan’s proprietary data sets and external data sources and combines them with advanced machine learning algorithms, stochastic modeling techniques, and Monte Carlo simulations to develop a robust suite of models for managing cyber risk.
24. Amit Jain
Firm: HCLTech
Title: Executive Vice President
Amit Jain is an Executive Vice President at HCLTech and is responsible for the overall Global Cybersecurity & GRC business and P&L encompassing technical practices, research labs, sales, marketing, finance, consulting and operations service delivery. HCLTech is a global technology company headquartered in Noida, India, providing digital, engineering, and cloud services across industries including financial services, manufacturing, and healthcare.
25. Melissa Sutherland
Firm: Booz Allen Hamilton
Title: Executive Vice President
Melissa Sutherland is an Executive Vice President at Booz Allen Hamilton, an American management and technology consulting firm providing services in digital transformation, artificial intelligence, and cybersecurity to public and private sector clients. In her role, Melissa leads initiatives to implement the firm’s national cyber strategy across the intelligence community, with a focus on the United States Cyber Command and the National Security Agency.