Jonathan Trull on cybersecurity leadership

About Jonathan Trull

Jonathan Trull, Chief Information Security Officer and Senior Vice President for Security Solution Architecture at Qualys, has spoken at several industry events in 2024 and 2025 about the evolving role of CISOs and the impact of artificial intelligence on cybersecurity. At ROCon25 Houston, Trull said CISOs should avoid being "sucked into the hype around AI" and instead become "the most knowledgeable people about AI in the company to advise the board." He noted that organizations are grappling with the "duality" of AI, with CEOs asking how to use it for competitive advantage while security teams assess new attack vectors such as sophisticated phishing and deepfakes. Trull stated that if the scientists who develop AI are "surprised by these emergent behaviors," it falls on CISOs to help manage the associated risks. Trull has also emphasized the need for cybersecurity professionals to translate technical risk into business language that boards and CFOs can understand. In a fireside chat with Oracle, he said CISOs face "difficult conversations" in the boardroom, citing an example where a board member would not allocate more funds unless the CISO could clearly articulate what the budget would buy. He has advocated for breaking down silos between GRC, vulnerability management, and security operations, describing risk management as "the grand unifier" that aligns security with business objectives. In a GovExec TV interview, Trull discussed challenges facing government entities, including limited resources and difficulty securing talent, particularly in rural areas. He also noted that frameworks for securing AI are emerging from NIST and ISO, and that organizations should integrate privacy and security controls into AI development from the start rather than retrofitting them later.

Profile compiled from Jonathan Trull's verified public interviews and appearances. See all quotes & transcripts →