Marketing and advertising companies hold more than campaign files and creative assets. They manage client relationships, production systems, audience data, brand platforms, compliance obligations, and the technology workflows that help organizations reach customers. The security leaders in this group come from cybersecurity consulting, GRC, AI security, infrastructure, managed services, print, media, and enterprise risk. Their work shows how cybersecurity supports trust in industries built on visibility.

Waqas Akkawi – SVP & Chief Information Security Officer (CISO), Propelis

Waqas Akkawi leads global cybersecurity strategy and function for Propelis, a brand services agency supporting more than 2,000 companies through a platform with 10,000 employees in more than 30 countries and nearly $1 billion in annual revenue. His role covers security for Propelis and its family of brands, SGX, Marks, Collide, and 5Flow, with work tied to creative, production, technology, AI, automation, print, merchandising, and design environments. Before joining Propelis in August 2025, Akkawi spent more than 18 years at Sirva, where he served as CISO, Director of Global Information Security, and Senior Manager of IT Security. His Sirva work included SOC2 audit sponsorship, incident investigations involving corporate and client information, global security policies, privacy compliance, application penetration testing, SIEM, DLP, IPS, web security, and quarterly risk management meetings with business owners, HR, privacy, legal, IT, and internal audit. Earlier at RR Donnelley, he managed network security architecture for a global enterprise environment with more than 300 locations, 85 Cisco PIX firewalls, secure DMZ architecture, remote access for more than 3,000 users, and a $9 million WAN conversion completed ahead of schedule.

Shannon Brewster – CISO, YipitData

Board governance, teaching, consulting, and operational security all sit inside Shannon Brewster’s cybersecurity profile. He became CISO at YipitData in December 2025 after serving as CISO at LevelBlue, where his role covered the internal information security program, GRC, SecOps, and Enterprise IT for a divested asset of AT&T. Brewster’s background also includes leadership of AT&T’s Security Consulting Services organization, a cross-functional global team of 200 people delivering professional services and consulting solutions to Fortune 500 companies and federal, state, and local governments. That role carried $42 million in government revenue responsibility and $28 million in commercial revenue responsibility, with focus areas such as information security program development, risk advisory, regulatory compliance, network security engineering, technology enablement, and security transformation. He also serves on the ISC2 Board of Directors for a 2025 to 2027 term, chairs the bylaws committee, serves on the audit and risk committees, and became Board Treasurer in January 2026. The academic side of his profile is active as well, with adjunct teaching roles in cybersecurity, cloud security, and enterprise business continuity and disaster recovery.

Sabeena Lalwani – CISO, Magnite

Sabeena Lalwani brings advertising technology, AI security, GRC, security operations, and audit assurance into her role as CISO at Magnite. Since December 2024, she has led strategic initiatives to combat digital threats across security domains, implemented real-time protection measures for Engineering and other business units, and supported security awareness and compliance across teams. Before Magnite, Lalwani served as Director of Security at Microsoft, where she led SecOps and incident response for Microsoft AI. Her earlier work at Xandr included VP of Technology, Head of GRC and Cybersecurity, and Senior Director of Technology, GRC. At AppNexus, she oversaw IT governance, risk management, compliance, audit assurance, IT audits, SOC reporting, IT SOX general controls testing, risk assessments, remediation tracking, policy development, and information security processes. Lalwani also held systems operations and IT GRC roles tied to 24/7 production systems, customer support, disaster recovery, business continuity, and security testing. Her current CISO role sits on top of a career that has moved through ad tech, AI, operational resilience, and formal governance.

Mark Karaffa – CISO, The John Roberts Company

HITRUST accreditation is the clearest marker in Mark Karaffa’s security profile. As CISO at The John Roberts Company since October 2012, Karaffa identifies the company’s October 2017 HITRUST accreditation as his most significant work experience to date, supported by earlier SOC2 work and his CISSP certification from the same year. His career also includes time as a Senior Business Analyst at Quad/Graphics, more than 12 years as IT Director at Williamson Printing, and earlier roles as Manufacturing Manager at Perry Judd’s and Technical Consultant at AHP Systems. That progression gives his CISO role a direct connection to print, manufacturing, business analysis, and security assurance work. It is a narrower source profile than some others in this group, but the available material points clearly to compliance, certification, and security leadership inside a print and production environment.

Michael Palmer – CISO, Hearst

Michael Palmer has served as CISO at Hearst since August 2019, following more than two decades at the National Football League in roles that moved from engineering and infrastructure communications into information security leadership. At the NFL, Palmer served as CISO from 2015 to 2019 after earlier roles as Senior Director of the Information Security Office, Director of the Information Security Office, Director of Shared Services Infrastructure Communications, Director of Infrastructure Communications, and Senior Engineer. His own description of the CISO role centers on identifying, defining, and developing information security and risk-based initiatives, programs, and assessments, with an emphasis on clarifying technology risks and coordinating remediation across resources, departments, and specialists. Palmer also serves on the National Technology Security Coalition Board, previously served on the Rochester Institute of Technology Industry Advisory Board for the Department of Computing Security, and has advised YL Ventures. His profile reflects a security leader who came through infrastructure, risk remediation, media-adjacent operations, and executive security leadership.

Security Behind the Brand Surface

The marketing and advertising world often looks external by design: campaigns, audiences, platforms, clients, content, and brand experiences. The security work behind it is less visible. These leaders show how much has to operate correctly beneath that surface, from SOC2 and HITRUST to AI security, incident response, production systems, cloud environments, third-party risk, and executive reporting. Their paths are different, but the shared theme is clear: trust in marketing and media depends on security programs that can protect both the business and the relationships behind it.

The post Brand Trust at Scale: The CISOs Securing Marketing, Media, and Advertising appeared first on CISO Whisperer.

*** This is a Security Bloggers Network syndicated blog from CISO Whisperer authored by John Kevin Hao. Read the original post at: https://cisowhisperer.com/brand-trust-at-scale-the-cisos-securing-marketing-media-and-advertising/?utm_source=rss&utm_medium=rss&utm_campaign=brand-trust-at-scale-the-cisos-securing-marketing-media-and-advertising