The Security Imperative: Shane O’Donnell on Cybersecurity

February 28, 2026

Shane O’Donnell, Centric Consulting’s Vice President of Cybersecurity, is a sought-after expert, author, speaker, and thought leader in the cybersecurity space.

Shane O’Donnell is a cybersecurity strategist passionate about helping organizations transform security challenges into competitive advantages through proven risk management and compliance expertise. He leads Cybersecurity Consulting Services at Centric Consulting and brings over two decades of specialized experience in audit and cyber risk management across the healthcare, manufacturing and financial sectors.

Recently, O’Donnell has focused on helping Fortune 500 companies develop comprehensive cyber-risk programs, streamline SOX compliance frameworks, and implement ISO 27001 controls. His integrated approach combines deep audit expertise with cutting-edge cybersecurity strategy, enabling organizations to proactively identify vulnerabilities and build resilient security postures while maintaining regulatory compliance.

O’Donnell is a member of the Forbes Technology Council who regularly contributes thought leadership on cybersecurity topics. He holds multiple certifications, including CPA, CISA, CCSFP, and CITP. He speaks at industry events nationwide, sharing practical insights on enterprise risk assessment, regulatory compliance optimization, and navigating the evolving cybersecurity landscape.

Read his latest insights below.

Read O’Donnell’s Latest Articles

Why AI-Driven Legacy Upgrades Are Creating Security Vulnerabilities

In this segment of Shane O’Donnell’s Forbes Technology Council column, rapid AI-driven upgrades to legacy systems are shown to introduce new security vulnerabilities. The article explains that AI-generated changes can overlook system complexities, leading to misconfigurations and gaps in protection. It emphasizes that without proper oversight and security integration, modernization efforts can ultimately increase risk rather than reduce it. Read the Full Article

Read Additional Articles

Compliance Doesn’t Equal Security, But What If It Does?

“Compliance doesn’t equal security” has become something of a rallying cry in cybersecurity circles. Security professionals have long argued that checking regulatory boxes doesn’t guarantee actual protection against threats. It’s a valid concern. Organizations can be fully compliant and still vulnerable to sophisticated attacks. But I’ve been questioning this conventional wisdom, particularly as I’ve watched industries struggle with persistent underinvestment in cybersecurity. READ THE FULL ARTICLE

5 Cybersecurity Misconceptions That Could Cost Your Business Millions

In cybersecurity, myths aren’t just harmless misconceptions — they’re expensive vulnerabilities disguised as conventional wisdom. Companies across every industry face assumptions that create confusion, actively undermine their security posture and leave their business vulnerable to attacks that can cost millions. This article discusses five of the most common, persistent, and costly myths we’ve encountered, and the truth. READ THE FULL ARTICLE.

The Hidden Cyber Threat Of Shadow AI — And How To Manage It

Like its well-known cousin, shadow IT, shadow AI is the use of unapproved tools — in this case, AI tools — by employees within an organization. But shadow AI can be much riskier, and every C-suite leader should be concerned about how it operates in their organization. Because security teams don’t have visibility into unauthorized AI tools, tracing the source and scope of data exposure is nearly impossible. Read the full article.

In the Media

O’Donnell frequently shares his insights with technology- and security-focused publications to share his cybersecurity expertise on the importance of security; governance, risk and compliance; and risk assessment, auditing, and assurance. He also is a Forbes Technology Council expert panelist. Read his latest contributions and quotes below.

How To Reduce Security Tool Sprawl Without Losing Essential Coverage

In this Forbes article, O’Donnell discusses how to reduce tool sprawl through data mapping.

“Perform data mapping alongside a functional analysis of your existing tools. Data mapping reveals where critical data actually flows—if data isn’t flowing into a tool, you likely don’t need it. Cross-functional analysis identifies overlapping capabilities, showing where existing tools can cover multiple functions and providing evidence for consolidation without coverage gaps,” O’Donnell said. READ THE FULL ARTICLE.

Read Additional Articles

Human-Caused Cyber Risk: Security Vulnerabilities Leaders Can’t Ignore

In this Forbes article, O’Donnell shares insights on how to strengthen cybersecurity resilience as cyberattacks continue to get more sophisticated.

“Organizations should be paying attention to employee access. We still see companies trying to employ all sorts of high-tech defense mechanisms while their employees have too much access to their systems and networks. This is especially true for admin access. Organizational leaders need to think long and hard about least privilege and not just use the term loosely,” O'Donnell said. READ THE FULL ARTICLE.

How To Connect Remote Tech Team Performance To Real Business Results

In this Forbes article, O’Donnell shares insights on how remote tech leaders can connect their team's contributions to business impact.

“Allowing people to take on a pet project they’re passionate about can create measurable business results. Some of the greatest innovations in tech have come from passion projects, and these translate directly into new revenue streams and competitive advantages. Allowing time and showcasing these projects helps with remote worker engagement and drives innovation,” O'Donnell said. Read the full article.

How To Turn Employees Into Proactive Cybersecurity Partners

In this Forbes article, O’Donnell shares insights on how training can help employees safeguard an organization.

“Security is about enabling job performance while preventing harm. The most practical strategy is to shift from occasional “checkbox” training to continuous engagement: Put team members at the center of cyber defense with live simulations, regular threat briefings, and reward systems. This turns employees into active partners who see cybersecurity as their mission. That’s when you get real results,” he said. Read the full article.