Spotlight on Todd Spight

Todd A. Spight is a board level cybersecurity executive leading information security for a global insurance carrier, with deep expertise across regulatory compliance, AI governance, and enterprise risk transformation. He specializes in aligning cybersecurity strategy with business outcomes, particularly within highly regulated environments such as insurance and financial services. In addition to his executive role, he served as an cybersecurity instructor at Northwestern University in addition to advising organizations on cybersecurity and governance at scale.

Fun fact: Todd is actively building toward corporate board service while simultaneously working on thought leadership initiatives, including a future book concerning enterprise CISO strategy.

Learn more about the Chicago CISO community here.
 

Give us a brief overview of the path that led to your current role.

My path to the CISO role has been intentionally cross disciplined, starting in hands on software development, cybersecurity teaching, engineering and consulting, evolving into leading a large-scale managed cybersecurity consulting services division, and ultimately transitioning into executive leadership. Along the way, I built expertise not just in security operations, but in regulatory frameworks, Incident response, legal alignment, and business strategy. That combination of technical depth plus board-level communication positioned me to lead cybersecurity as a business enabler within a global insurance organization.
 

What is one of your guiding leadership principles?

“Lead with accountability, operate with precision, and align security to business value.”

I believe leadership is about setting a standard, demonstrating discipline, making informed decisions, and ensuring that every initiative ties back to measurable business and risk outcomes.
 

What is the greatest challenge CISOs face today, and how are you addressing it?

The greatest challenge facing the CISO role today is the convergence of rapid AI adoption, increasing regulatory expectations, and an ever-expanding attack surface particularly within highly regulated industries like insurance. This dynamic requires a shift from traditional security models to a more integrated, forward-looking approach.

I am addressing this by embedding AI governance frameworks aligned with regulatory requirements, advancing a Zero Trust architecture to modernize access and data protection, and driving measurable cybersecurity maturity improvements tied to established frameworks such as NIST CSF. At the same time, I ensure that all security initiatives are translated into business aligned metrics so the board can clearly understand risk posture improvements and investment impact. The objective is to move from reactive security operations to predictive, risk aligned leadership.
 

What is the key to success for someone just starting out as a CISO?

Success for someone stepping into a CISO role hinges on their ability to operate beyond purely technical expertise. The most effective CISOs are those who can translate complex cybersecurity risks into clear business impact, ensuring alignment with executive leadership and securing the necessary investments required.

Equally important is a deep understanding of regulatory and governance frameworks, particularly in industries like insurance where compliance is inseparable from security strategy. Finally, success requires building influence across the organization establishing strong relationships with business partners, legal teams, and the board so that security is embedded into decision making rather than operating as a standalone function.
 

How do you measure success as a leader?

I measure success as a leader through a combination of risk reduction, business enablement, and organizational strength. From a risk perspective, this means achieving quantifiable improvements in cybersecurity maturity and control effectiveness. From a business standpoint, success is defined by security’s ability to enable innovation particularly in areas like AI and digital transformation without introducing unnecessary friction.

Equally important is the development of high performing teams and the establishment of clear governance structures that build trust with executive leadership and the board. Ultimately, success is realized when security operates as both a strategic enabler and a trusted function within the organization (Not an easy task).
 

What is the value of being a member of Gartner C-level Communities?

The Gartner CISO Community provides a high trust environment where C-level leaders can exchange real world strategies, validate approaches, and stay ahead of emerging risks. The value is not just networking, it’s peer-level insight that accelerates executive decision-making in areas where there is no playbook.
 

Governing Body members share their insights and leadership perspectives to shape the agendas and topics that address the top priorities impacting business leaders today.