With more than 20 years of experience at startups, nonprofits, and large universities, George Finney has built a reputation for seeing both the big picture and the detailed improvements needed for lasting cybersecurity.
Today, he brings that perspective to his role as chief information security officer for the University of Texas System—one of the largest higher education networks in the U.S. As CISO, Finney is responsible for protecting 14 universities, six health institutions, 140,000 employees, and 250,000 students from increasingly sophisticated cyber threats.
Beyond his day-to-day responsibilities, Finney is also a renowned author whose books—including “Project Zero Trust,” “Well Aware,” and “Rise of the Machines”—have influenced how organizations approach security.
His leadership has been recognized with various honors, including being named one of the world’s top 100 CISOs in 2023 by CISOs Connect and receiving a Malcolm Baldrige Award in 2024. This year, Finney is a CSO Hall of Fame inductee at the 2025 CSO Conference & Awards.
In a conversation with CSO, Finney shares his perspective on the looming challenges of quantum decryption and ransomware, the workforce of the future, and why CISOs are finally finding their voice at the executive table.
What emerging technologies are you most excited about from a security standpoint, and why?
George Finney: I’m particularly excited about anti-ransomware and enterprise browser tools. Ransomware is probably the biggest challenge we face today, and every organization that’s been hit already had some form of antivirus in place. That tells us traditional defenses aren’t enough.
At the same time, we know that about 95% of all user activity today happens through a browser. If we want to be effective at protecting organizations, we need stronger security built directly into the browser experience. Both of these areas—anti-ransomware protections and enterprise-focused browsers—are promising because they meet attackers where they are striking.
What do you see as the biggest cybersecurity challenges for the next generation of CISOs, and how should they prepare?
George Finney: One major challenge is the threat of attackers saving encrypted data today with the intention of decrypting it later. With quantum computing, we know that in five to 10 years, older encryption protocols will be able to be decrypted.
Right now, organizations aren’t required to disclose a breach if the data was encrypted. But if attackers are already taking a “harvest now, decrypt later” approach, that’s a serious concern.
The good news is that some applications are beginning to adopt quantum-resistant encryption methods, like the learning with errors (LWE) algorithms. That’s an important step toward future-proofing our protections.
What are your predictions for the workforce over the next 5-10 years? Are you worried that AI and automation are cutting out the entry-level rung for workers?
George Finney: Actually, I think the opposite may happen. In cybersecurity, we’ve unintentionally made it harder for entry-level workers to break in because we tend to hire seasoned professionals to meet immediate needs. But AI tools may open the door for newer workers to contribute more quickly.
Take Microsoft’s Copilot for Security, for example. SOC analysts can use natural language LLM prompts to search logs for threat activity, correlate attack data, and identify related activity in minutes—work that used to take hours. That kind of acceleration means less-experienced analysts could be valuable right away, which could lower barriers to entry.
How has the role of the CISO evolved during your career, and where do you think it’s headed in terms of business influence and leadership?
George Finney: It took years before I was given the title of CISO, and even longer before I had a real seat at the table with leadership. To be fair, I needed time to grow myself during that time, but it also reflected how organizations viewed security.
Today, I think business leaders have a much clearer understanding of cyber risk. They’re more willing to embrace security as a priority, and that shift is giving CISOs more responsibility and influence at the business level.
You’ve written a series of cybersecurity books. What are the themes of your latest book, and why are they important right now?
George Finney: Writing has been one of the most rewarding ways I’ve been able to contribute to cybersecurity. I’ve been honored that the community has embraced books like “Project Zero Trust”, and I’m really excited about my newest book, “Rise of the Machines,” which discusses the timely topic of the convergence of artificial intelligence and zero trust.
Everyone these days is focused on the intersection of cybersecurity and AI. “Rise of the Machines” is the first book that shows how to use zero trust principles to secure AI, and also how AI itself can accelerate your zero trust journey. I think the book helps equip security leaders for two of the most important forces shaping the future of cybersecurity.
Hear Directly from Cybersecurity’s Top Voices
George Finney is among the leaders being honored in the CSO Hall of Fame at this year’s CSO Conference & Awards. Don’t miss the chance to learn from Hall of Famers and other CISOs driving the future of security strategy. Register now to join the conversation.
No Responses