Bradley J. Schaufenbuel is currently Vice President and Chief Information Security Officer at Paychex. He has over 28 years of experience in the information security field at companies in the financial services and technology verticals, has written numerous books and professional journal articles, possesses an MBA, a JD, and an LLM, maintains over two dozen professional certifications, serves as an advisor to multiple venture capital firms and cybersecurity startups, and regularly speaks at industry conferences. Bradley was recognized as the Chicagoland CISO of the Year in 2018 as one of the Top 100 CISOs for 2024 by Cyber Defense Magazine.
Recently, in an exclusive interview with Digital First Magazine, Bradley shared insights on the role of artificial intelligence and machine learning in cybersecurity, the secret mantra behind his success, personal hobbies and interests, favourite quote, future plans, words of wisdom, and much more. The following excerpts are taken from the interview.
Hi Bradley. What drives your passion for information security and governance?
I am driven by a fiduciary duty as an executive officer to my company and its shareholders to protect the organization against the crystallization of cybersecurity risks that exceed the organization’s risk tolerance. At a deeper level, I started college as a criminal justice major, as I wanted to be a police officer and serve and protect people against bad actors for a living. But I also was a computer geek and loved technology. I was able to combine these two passions by joining the information security profession.
What do you love the most about your current role?
What I love the most about my current role is the people I am blessed to work with. We have built a team of some of the brightest and most passionate cybersecurity professionals in the world. It is an honor for me to lead the team. I also feel fortune to work with an executive team and board of directors that understands the importance of my function and sets the right “tone at the top”. And finally, I am lucky to work with some of the best internal and external partners an information security leader could ask for. My colleagues “get it”, which makes my job easy.
What role do you think artificial intelligence and machine learning will play in cybersecurity?
Artificial intelligence of all types (e.g., machine learning, large language models, agentic AI, etc.) is already being leveraged by attackers to improve the efficiency and effectiveness of cyber-attacks. The same technology is being leveraged by defenders to detect and stop cyber-attacks and improve the efficiency of security operations. It is a perpetual “cat and mouse game” where every new technology is adopted by both attackers and defenders, with each side looking to gain an edge (albeit a temporary one).
Over the course of your career, you have been a recipient of various prestigious awards and accolades including Chicago CISO of the Year in 2018, as one of the Top 100 CISOs in 2024, and as the North America Information Security Leader of the Year in 2021. Our readers would love to know the secret mantra behind your success.
While I am very honored to have received many individual awards, the awards my team has received are much more important to me. Although I provided inspiration and support, I would have achieved nothing as a CISO without an incredible team executing my vision. For that reason, the awards I am most proud of are the ones bestowed upon the entire Paychex Enterprise Security team, including the “Financial Services Cyber Security Team of the Year” by American Cyber Awards and a “top ten information security team” globally by On Conferences.
How do you stay current with the latest cybersecurity threats and trends?
I stay current with the latest cybersecurity threats and trends by reading a lot of blogs, books, magazines, and professional journals, attending cybersecurity conferences, staying engaged in professional associations, and participating in CISO roundtables and summits. I build a “Sunday evening reading list” each week. The most valuable intelligence usually comes from peer CISOs who are experiencing the same problems as I am or who may have already solved them. The advice I receive from peers is also the most objective, i.e., free from bias.
What are some of your passions outside of work? What do you like to do in your time off?
Outside of work, I like to go bicycling or golfing with my daughter or travel internationally with my family. I also do a lot of work with cybersecurity startups and venture capital firms. I serve on the advisory boards of several venture capital firms, where I help select startups to invest in and then assist portfolio companies with bringing their products to market. I also serve on the advisory boards of several cybersecurity startups, where I provide go-to market advice and assist founders with product direction.
What is your favorite quote?
My favorite quote is the Bible verse, “To whom much is given, much is expected” (Luke 12:48). It emphasizes that individuals who are blessed with more, whether in terms of talent, wealth, knowledge, or opportunities, are also held to a higher standard of responsibility and are expected to use these gifts wisely and for the benefit of others. As a person who is blessed with a great education, a fantastic job, a loving family, and material possessions, I have a great responsibility to mentor, develop, and give to those who are less fortunate than myself.
Which technology are you investing in now to prepare for the future?
The technology I believe holds the most promise for the future right now is agentic artificial intelligence. This is the first generation of artificial intelligence that emulates human thinking and is non-deterministic. AI agents hold the promise of performing many operational security tasks within multiple domains, including security alert triage and investigation, vulnerability management, identity and access management, and IT compliance. It is still early and most of the organizations developing this technology are startups, but there his huge upside potential.
What are your long-term career aspirations, and how do you see yourself evolving as a leader over the next five years?
Traditionally, I have been a builder or a transformational security leader. Organizations have brought me in to build a cybersecurity program from scratch or to fix / transform a cybersecurity organization to better align it to the needs of the organization. What I thrive on in the long term are bigger challenges to overcome. Bigger challenges can come in the form of changes in my current organization, e.g., acquisitions or digital transformation initiatives, or from the assumption of the CISO role at a larger and more complex organization.
What advice would you give to aspiring CISOs and cybersecurity professionals?
I would advise aspiring CISOs to obtain experience in multiple security domains (e.g., security operations, network security, cloud security, governance risk compliance, identity and access management, application security, security architecture, etc.), as the CISO must have a good working knowledge of them all. I would also suggest investing in general business and financial management skills, as managing a P&L is important to the success of a CISO and you need to be able to speak the language of your peers within the C-suite.