Winner. Business Leader of the Year 2025

Sonia Mishra

Position: Sr. Information Security Risk Management Specialist
Company: Cloudflare
City: Leesburg, Virginia
Country: USA
Economic/Business Sector: Technology / Cybersecurity Risk Management

Sonia Mishra is a distinguished professional in the field of cybersecurity risk management, with over a decade of experience spanning the Banking and Financial Services, Insurance, Technology, and SaaS industries. Currently serving as a Senior Information Security Risk Management Specialist at Cloudflare, Inc., she plays a crucial role in maintaining the organization’s cybersecurity risk management program. Her responsibilities include leading cybersecurity risk assessments, identifying and evaluating potential threats, proposing mitigation strategies, and working with executives to ensure alignment in managing security risks effectively.

Before joining Cloudflare, Sonia held the position of Manager, Cybersecurity Risk Management at Workday, Inc., where she led a team of professionals and spearheaded the organization’s cybersecurity risk management initiatives. In this role, she was instrumental in developing structured approaches to risk assessment, ensuring that Workday maintained a proactive stance against evolving cyber threats.

Prior to her tenure at Workday, she worked as a Senior Consultant at Deloitte and Touche LLP, leading numerous cybersecurity risk management projects. Her expertise was sought across various industries, where she provided strategic insights and guidance to enhance security frameworks and mitigate risks.

Sonia holds a Bachelor’s degree in Computer Science and Engineering from Jagannath Institute of Engineering & Technology, Jagatpur, India. In addition to her formal education, she has further honed her expertise with a certificate from Harvard University in “Cybersecurity: Managing Risk in the Information Age.” She is also accredited with multiple industry-recognized certifications, including CGEIT, CISM, CRISC, and ITIL Foundation, underscoring her deep knowledge of governance, risk, and security management.

Sonia Mishra’s contributions to cybersecurity risk management have been widely recognized, solidifying her reputation as a leader in the field. She was elevated to Senior Member of IEEE, a testament to her impact and expertise in cybersecurity.

During her tenure at Workday, she developed a groundbreaking Semi-quantitative Cybersecurity Risk Assessment Methodology, marking a significant advancement in risk evaluation. This methodology integrated security alert data from incident response teams and analyzed risks using the MITRE ATT&CK framework, which includes 14 attack tactics, 200+ techniques, and over 100 subcategories from the NIST Cybersecurity Framework (CSF). By mapping risks to these frameworks and assessing control effectiveness, she created a robust system for determining inherent and residual likelihoods of threats.

Her approach introduced a hybrid model that combined both numerical and qualitative risk assessment, making results accessible for diverse stakeholders. To enhance efficiency, she developed an Excel-based tool for risk calculation, streamlining data collection and analysis. The insights derived from this initiative helped Workday identify top cybersecurity risks based on real security event data, leading to better decision-making and prioritization. This project resulted in an estimated annual savings of USD 4.42 million for the organization.

In recognition of her contributions, Sonia was honored at Workday for her creativity and innovation in cybersecurity risk management. Her ability to design and implement impactful solutions while maximizing available resources exemplifies her leadership and expertise in the field.