NOMINATION HIGHLIGHTS

James Hengsterman-Cash, Sr. Director of Security & Compliance at Eightfold AI, is redefining what world‑class security leadership looks like in the era of AI. Tasked with setting a security strategy, directing security operations, steering global GRC, and protecting customer trust, he has translated his vision into measurable, market-shaping outcomes.

Traditional controls stop at the application layer just as attackers pivot toward the model itself. Anticipating this shift, James led one of the industry’s first end-to-end deployments of ISO 42001, while embedding the NIST AI RMF into Eightfold’s secure development lifecycle. Model threat modeling, red-team exercises, and explainability reviews are now introduced alongside new products and significant changes.

His classical rigor matches his foresight in AI. Over the past year, James’ team earned FedRAMP Moderate and DoD IL4 authorizations and cleared ISO 27001, 27701, 42001, and SOC 2 Type II audits with zero significant findings. The automated evidence pipelines he championed cut audit preparation time by more than 80 percent, boosting engineering velocity without compromising assurance.

James couples strong governance with radical transparency. He launched a customer‑trust portal that surfaces security metrics, compliance artifacts, and penetration testing details.

Beyond Eightfold, James is a sought-after expert for organizations grappling with AI and cybersecurity controls. He authored an open AI Impact Assessment template that translates technical risk into language understandable by boards and critical stakeholders. Returning to Duke University as a visiting lecturer this year, he delivered masterclasses on “AI Risk Management Frameworks, Regulation & Governance” and “Assessing the AI and Cybersecurity Environment,” earning excellent feedback from executives across five continents.

Complementing his teaching, James also holds Duke University credentials as both a Board‑Certified CISO and a Certified CISO & Cybersecurity Leader. These credentials reinforce his ability to translate deep technical realities into clear, strategic guidance for the boardroom.

By uniting strategy, operations, GRC rigor, transparency, and community stewardship, James Hengsterman-Cash proves that security-by-design is not an aspiration, but an operating model. He is not merely keeping pace with the AI revolution; he is helping to draft the guardrails that will secure its future.