Align Information Security

To better understand how healthcare organizations are approaching Privileged Access Management, we spoke with Garrett McCarthy, Security Architect at K logix. As part of the cyber research team, Garrett evaluates security vendors using a proprietary, vendor agnostic methodology and leads PAM initiatives across customer environments.

Across conversations with cybersecurity leaders featured in Feats of Strength, one message is unmistakably clear: the future will not reward those who stand still. It will belong to leaders who adapt, learn, unlearn, and lead with clarity in a world defined by rapid technological change.Artificial intelligence may be the most visible force shaping today’s strategy, but true future-proof leaders see beyond tools. They understand that technology alone does not secure a business or guide a team. Instead, it is the leader’s mindset, communication style, culture building, and vision that determine whether an organization thrives in the years ahead.In our latest set of interviews, 100 percent of security leaders mentioned AI, and 75 percent identified it as one of their top strategic priorities. But when you listen closely, what emerges is not an AI story. It is a leadership story, one about adaptability, clarity, and the ability to create structure amid uncertainty.The future-proof leader is not a technologist. They are a strategist. An enabler. A communicator. And above all, a guide.

Kyle Thomas describes his path into cybersecurity as “nonlinear,” yet it is precisely that diversity of experience that exemplifies his strength as a leader. His career began in the late 1990s as technology was taking shape, and he grew alongside it, earning certifications across everything from database design, to JavaScript, and firewalls. Over time, his adept curiosity led him into security leadership, where his ability to bridge technology and strategy became a defining skill.In 2022, Kyle’s career journey led him to WEX, a global commerce platform, where he took on the role of Director, then Senior Director of Global Information Security. When joining the organization, Kyle was drawn not only to the technology stack but to what he describes as a “true culture of security.” “When I joined, we had roughly fifty people in security,” he recalls. “That’s a large number for an organization our size, but it reflected the complexity of what we do.”WEX operates across three lines of business including Mobility, Corporate Payments, and Benefits, and provides services to clients in over 200 countries. The company processed more than $200 billion in payment volume last year, managing data across 20 currencies and tens-of-millions of user accounts. “It’s a global organization with a highly regulated environment,” Kyle explains. “We’re subject to PCI, SOX, SOC, HIPAA/HITRUST, GDPR, and numerous other global privacy frameworks. That level of maturity made me confident this was a place where security had real influence.”Culture of SecuritySince joining WEX, Kyle’s scope of responsibilities has grown significantly. Starting at two teams and 13 people, he now leads a team of 40 members across five countries, overseeing network security, data protection, identity protection, automation, and security applications. He is closely partnered with Application Security, Architecture, and GRC teams, serving on advisory boards, and working with senior technology leaders to align security with innovation.One of his primary focuses is helping the organization balance product velocity with security oversight. “Our goal is to enable rapid experimentation and innovation while maintaining compliance and protecting data,” he says. “That means staying closely connected to digital and product leadership and making security part of the business rhythm.”Each year, Kyle and his teams begin with what he calls “brag books”, internal reports that track metrics, project milestones, and wins. “We aggregate those into an annual brag book and present it across the organization,” he explains. “It’s not just about showing numbers like the 120 million threat blocks we average per day, or the 400,000 daily container runtime scans, it’s about showing what we can achieve when we work together.” That transparency helps build trust and alignment across departments, reinforcing security’s role as a business enabler.AI and the Future-Ready EnterpriseKyle describes artificial intelligence as both a driving force and a challenge for the modern security leader. “AI is everyone’s focus right now,” he says. “We’ve built AI-powered tools to simplify processes, but that means our focus must include securing those models, monitoring them for vulnerabilities, and ensuring we use AI responsibly.”For WEX, the integration of AI is not only operational but also strategic. The organization continues to explore how AI can streamline operations, identify threats faster, and even support defensive automation. “We use AI to fight fire with fire,” Kyle explains. “If threat actors are using AI, so should we.”He notes that AI security overlaps with several other domains. “It’s similar to application and identity security. Overprivileged AI agents can create risk just like any other non-human account. It’s about managing those permissions and maintaining control.”As part of his annual planning, Kyle focuses on short, actionable roadmaps rather than multi-year strategies. “Security evolves too fast for long-term static plans,” he says. “Three years ago, no one had AI in their strategy, and now it’s a major priority. Being future-ready means staying adaptable and focusing on measurable progress each year.”Building TrustTo translate complex security strategies into business language, Kyle believes communication must start with “the why.” He believes in a philosophy of purpose-driven communication. “Security can’t just say no, we have to show why something matters, what the risk is, and how we can partner to solve it,” he says.That philosophy has helped him earn the trust of executives and peers across the organization. His team conducts annual roadshows to share results, discuss upcoming initiatives, and gather feedback from product and technology leadership. “Those sessions are key,” he says. “They turn security into a shared mission instead of a separate function.”Kyle also emphasizes a service-oriented mindset. “In security, our customers are usually internal. If a security control creates friction, our job is to guide and support, not to punish,” he explains. “Trust is built in small moments. You earn it by showing up and helping.”Leadership with Transparency Kyle describes his leadership style as open and honest. Every new employee receives the same speech on their first day: clear expectations, candid feedback, and empowerment to take ownership. “If I have to do their job for them, I’m either overpaying or I’m not doing my job,” he says with a laugh. “My job is to create space for people to excel.”He encourages his team to innovate and challenge convention. “We say the box is where we put our ideas when we’re done,” he notes. Each team member is required to set two annual development goals, one technical and one professional. “It’s my responsibility to develop leaders,” he says. “That means giving them room to fail safely and learn from it.”When hiring, Kyle prioritizes cultural fit and capability over credentials. “We removed degree and certification requirements from our roles,” he explains. “Skills and mindset matter more. We can help someone earn a certification later if they have the drive and curiosity to learn.”He believes diverse experiences strengthen the team. “We operate globally, and certifications popular in the U.S. may not carry the same weight in India or the UK. I care about competence and problem-solving. The rest can be developed.”A Lifelong Learner Kyle practices what he teaches by setting his own development goals each year. He reads, listens to leadership podcasts, and attends industry conferences to stay current. “I’m a big believer in lifelong learning,” he says. “Every day, I try to learn something new.”He also values the network of peers he’s built through professional events. “We all need someone to call when we hit a new challenge,” he says. “Conferences and groups give you that lifeline. You can ask, ‘Have you seen this before?’ And learn from each other.”Looking ahead, Kyle hopes to see more collaboration across technology disciplines. “We talk a lot about breaking down silos, but we still tend to separate CISOs, CIOs, and CTOs into different circles,” he reflects. “We have so much to learn from each other. If we want to move the industry forward, we need more of those mixed conversations.”At WEX, Kyle is leading by example, proving that future-proof leadership means more than adapting to technology. It means empowering people, communicating purpose, and building a culture of trust that stands ready for whatever comes next.