The Making of a Modern Cybersecurity and Tech Leader: Morgan Hague

I’ve known Morgan for years, and to say I’m proud of the leader he’s become doesn’t even begin to cover it. From the start, it was clear he was one of the sharpest minds in the room—someone who not only understood the technical landscape of cybersecurity, but also had the vision and work ethic to help shape its future.

What stands out most, though, is his integrity. His drive to make a meaningful impact—on organizations, people, and the industry as a whole—is rooted in a quiet confidence and a deep sense of purpose. I’ve seen him take on complex problems with clarity, lead with thoughtfulness, and mentor others with generosity.

In this interview, Morgan reflects on the path he’s carved out so far, the challenges that shaped him, and where he hopes to take his passion for security, data, AI, and leadership in the years ahead. His story is grounded in curiosity, intention, and the kind of leadership we need more of—and I know it will resonate with anyone working to find their own path in this space.

Career Journey & Growth

Take us back to your start—what drew you to cybersecurity, and how has your career evolved to where you are today?

I actually started my undergrad as a computer science major, but cyber eventually swayed me– the appeal of keeping the proverbial ‘bad guys’ out of play illustrated the challenges present in cybersecurity, and to me ultimately represented a ‘societal good’; meaning success in this line of work can actually have a meaningful impact on critical industries as opposed simply improving a balance sheet or bottom line. My first job in the real world was in a NOC where I was able to establish a strong operational foundation, and I’ve been fortunate since to enjoy a career in consulting where I can work with and learn from some of the brightest in the field.

You’ve worked across many parts of security—consulting, risk modeling, cloud, AI—and have helped shape new service lines and innovative frameworks. As you lead large teams and complex client portfolios, what areas of this work energize you most, and what drives your vision for the future of cybersecurity and risk leadership?

At my core, I love solving problems – so I’m always driven towards a challenge or opportunity to provide value in meaningful ways. The program development and implementation work I’ve been fortunate to lead really more than anything permits me to do that. In a growing security function, how an organization establishes programs for key areas like risk management, security strategy, or emerging technology mirrors how effective their defenses ultimately are – and so I’ve found that’s the key to solving the most critical problems; while tools can be crucial, effective programs are foundational.

Cybersecurity and risk are constantly in a state of flux – there’s significant discourse around things like whether continuous compliance tools may commoditize risk management, or whether teams can automate their entire security function with AI agents! With that in mind, leading the future of cybersecurity and risk must rely on the fundamentals – ensure your organization understands the risks they’re actually facing, ensure there is a mechanism to evaluate and report on those risks – and objectively reasonable (i.e. good) decisions accordingly. No matter the new technology, those will always ring true.

Tell us about the ‘BADdest’ challenge you’ve taken on in your career—the boldest, most authentic, and driven moment you’re most proud of—and how it shaped you.

I had the opportunity to architect, develop, and implement a novel framework and mechanism for cyber risk management and quantification at one of the world’s largest healthcare providers – almost like a universal language for how any part of the business should assess, remediate, and monitor risk.

I was still relatively early on in my career, but the leaders I worked with gave me the autonomy and support to build a capability that was really ahead of the curve (if I can say that!) and enabled tremendous flexibility for our partner to identify their risk, respond thoughtfully, and establish accountability in the process – three paramount challenges at organizations of scale.

The lessons learned during the initial period of development have been critical in my growth, and I lean on them almost daily. There are little (or big) wins in life that give you the courage to take action and instill a perpetual belief in yourself– and this was absolutely a primary one for me.

AI, Data & Innovation

You’ve done pioneering work in risk modeling and reporting—how do you see data and AI transforming cybersecurity in the next 3-5 years?

AI has certainly had the spotlight since ChatGPT burst into the public eye a couple of years ago – but many of the core fundamentals around securing those systems are consistent with general secure development practices. While we have and will see novel attack vectors and an increased focus on securing data pipelines, I think ultimately the primary impacts of AI will be around the complications introduced by agents or agentic systems, and a material knowledge gap for a large portion of the security resource pool. For agents, evaluating how identities may (or may not be) properly established, monitored, etc. across organization ecosystems is a challenge that is in the spotlight now – but will likely linger beyond the initial solutioning we’re seeing in the market. In terms of education – it’s become increasingly challenging to parse what information is or isn’t legitimate in any case – much less information that should educate users on how to effectively or safely leverage AI systems; so just as networking is a fundamental component in a security practitioner’s toolkit, I’d anticipate artificial intelligence and machine learning will become a common curriculum.

As you pursue your Master’s at Georgia Tech with a focus on cybersecurity, what emerging technologies are you most excited about?

Any answer but artificial intelligence would likely seem disingenuous – I am intrigued by the potential implications of quantum computing (e.g. for decryption) but it looks like we’ve still got about another decade (knock on wood) until that’s a concern! Within AI specifically, though – I think the development of toolkits meant to detect or deter misinformation, vishing, and similar threats is incredibly compelling. There have been a few interesting advances in the space, but the rapid pace of GenAI’s adoption and varied origins makes for a true challenge and something that I’d love to contribute to.  

How can cybersecurity leaders adopt an innovation mindset while still managing risk and regulatory demands?

They say comparison is the thief of joy – but it’s important that organizations now look not only inward but outward to understand where the greatest swings are coming from – and how general market trends can shape pending regulatory changes. Establish strong lines of communication with your peers or industry groups to ensure you have a strong grasp on where the industry is headed. Once you have that handled, instill that same focus in your team(s) internally. If you and the team are aware of what’s happening outside of your walls – you can more easily pick and choose the best use cases to adapt internally in a way that works for you or provide unique perspective so that other organizations benefit in the same way. Separately, ensure there is a formal mechanism in place to propose, evaluate, and react to new challenges or opportunities seen in the wild and derived internally like an internal incubator of safe-to-fail environment.

Redefining Leadership That Drives Innovation

The pace of technology—especially with AI—is pushing organizations to think and act faster. What leadership shifts do you believe are most needed to help cybersecurity programs keep pace with innovation?

I think the short answer is trust. As AI and emerging technologies accelerate the pace of change, no single leader can keep up with every nuance. Instead, success hinges on empowering teams composed of competent, curious, and courageous professionals to bring forward their best thinking and their honest assessments of risk.

To build this, it means trusting your people and, in turn, being worthy of trust yourself. That means supporting teams in exploring new technologies without burning them out, and ensuring that learning and innovation are embedded in the culture—not just expected, but actively enabled.

Trust also demands structure. A foundation of clear governance gives teams the freedom to innovate while managing risk thoughtfully. This balance helps organizations move decisively—without getting lost in endless decision loops—because the people closest to the ground are confident and aligned.

Ultimately, trust must be reciprocal. If your team doesn’t trust you to back them, guide them, and lead with integrity, then no level of technical expertise or strategic foresight will matter.

What gives you hope about how leadership is evolving in cybersecurity—and what kind of leadership culture do you want to help shape?

I think if anything there’s more transparency recently with the adoption (and challenges) introduced by the widespread embrace of AI/ML; this has spurred some great cross-industry collaborations such as the OWASP AI Exchange and enabled organizations to interact more effectively as peers in a space that can at times be hyper competitive. This same principle is something that can be powerful internally – creating an effective shared vision requires a commitment to transparency and an understanding that ultimately it takes a team to succeed. Where the opportunity exists, I think it’s also critical to foster an environment where the team is encouraged to interact with ‘the industry’ at large – attend conferences, volunteer with professional organizations, however that happens – diversity of thought is critical to organizational (and personal) growth, and each company is at some level prone to becoming an echo chamber if not.

Professional Growth & Shaping the Next Generation

You’ve built a career at the intersection of security, tech, and data—what advice would you give to others looking to do the same?

It’s a bit of a cliché – but always look for a challenge. These may start small – but challenging yourself whether it’s with a new curriculum, toolkit, or discipline is by far and away the easiest means to learn and build a strong foundation of belief in yourself. Leveraging those ‘wins’ along the way will lead to an exponential growth curve where you’re both developing at a high rate and you build resilience which is essential as challenges grow and obstacles come about.

How has your involvement with InfraGard Atlanta and industry collaboration shaped your perspective as a leader?

InfraGard is focused on several key industries such as healthcare, energy, and finance – and provides a fairly unique opportunity to learn from leaders in each of these industries in a local geography. While the leadership team I’m fortunate to work with there is great, the public-private partnership component permits our members to interface with experts across domains and illustrates the importance of being aware and maintaining key relationships with not only industry peers but also government agencies that may be critical in the case of a significant event (e.g. ransomware). The promise shown by my peers and our general membership in coming together for a greater good (and shared commitment to security) is inspiring and provides some hope at times when that may be tough to come by.

What role has mentorship played in your own journey, and how do you approach mentoring and developing future talent? What qualities do you believe are essential in the next generation of cybersecurity leaders?

I’ve been very fortunate to have some great mentors in my career – some were simply supervisors, others independent of any reporting structure or even external to my organization. The consistent piece that highlights the mentors who have impacted me, and ultimately something I look to strive for is the intent around involvement – having a genuine interest in helping to grow someone or provide meaningful insight. When you take time out of your day to be available for questions, offer candid input, or are simply a sounding board for ideation – that is really where mentorship can make a difference and permits a relationship to move from transactional to something greater.

For those who may be newer to the field, remaining adaptable and eager are essentially invaluable – the field will continue to change over the course of years, if not months – but being ready to react and engaging your leadership or experienced peers for their experience can go a very long way! Mentors can also significantly broaden your network; and the value of that simply can’t be overstated.

Future Ambitions

What are your future ambitions—where do you see yourself heading in the years ahead, and where do you hope to make the most impact across cybersecurity, technology, leadership, and beyond?

Whether I’m involved directly or merely as an industry voice – I’d love to help contribute to a new, effective means of defining and enforcing structures for enforcing a common penalty or incentive structure for cyber activity. This would entail a uniform means to levy sanctions in the event criminal or demonstrably negligent cyber activity results in impacts to individuals; or introducing legitimate incentives to good-faith cyber practice. In a meaningful system, this structure would be transnational, meaning it could be a universal means of governance and support a more meaningful resolution to some nation-state sponsored activity.  The problems we’re dealing with now and certainly in the future aren’t constrained to borders – so it’s important we have some universal benchmark for consideration or consequence. It’s tough to think about something more challenging than that considering the disparity between certain countries, and I love a good problem!

Closing Reflections

Morgan is exactly the kind of leader we need more of in this field—thoughtful, curious, grounded, and committed to doing the work that truly matters. He’s not just keeping up with the pace of change—he’s thinking ahead, asking the right questions, and helping others grow along the way.

As someone who’s had a front-row seat to his evolution, it’s been such a joy to watch Morgan step into his voice and his leadership with confidence. From building innovative frameworks to mentoring others and pushing the industry forward, I know this is only the beginning for him.

I’m so proud to feature him here—and even more excited to see what he takes on next.

Maliha

Disclaimer: The content on this blog and website reflects a combination of my personal experiences, perspectives, and insights, as well as interviews and contributions from other individuals. It does not represent the opinions, policies, or strategies of any organization I am currently affiliated with or have been affiliated with in the past. This platform serves as a personal space for sharing ideas, lessons learned, and meaningful reflections.