What keeps James Johnson up at night is the fear of a “one-to-many” attack, which would involve a bad actor uncovering a system vulnerability at Deere & Co. and in a nightmare scenario, take control of the company’s network of farming machinery.
Though no such dire event has occurred, if it did, this type of hacking event would erode the hard-earned trust that Deere has cultivated over a 188-year history. “Our customers trust us a lot,” says Johnson, chief information security officer at Deere since 2014. “Our executives are laser focused on making sure we do the right things with data, as well as our equipment.”
To keep the manufacturer safe, Johnson deploys various strategies including “continuous attack surface management,” which constantly monitors a company’s digital footprint, and “pen testing,” a staged cyberattack to help uncover security vulnerabilities in a computer system.
But Johnson is also quick to laud a Bug Bounty program that he established in 2022. The initiative has united Deere with HackerOne, a cybersecurity company that verifies researcher testers, who are empowered to examine Deere’s applications and network. When these researchers spot vulnerabilities before any bad actors are able to, they are entitled to compensation from Deere. Payouts vary on a sliding scale that’s based on the potential severity and risk of the security issue.
Over the past three years, Deere has paid more than $1.5 million to the external researchers it works with to keep the company safe. Around 85 ethical hackers work with Deere as part of the program and Johnson predicts that number will rise to 150 by the end of 2025.
The hackers report their findings to Deere’s internal team of cybersecurity researchers, who then assess each potential vulnerability. “Once we can validate it and get it fixed, they actually help us test it to make sure it’s fixed,” says Johnson.
Due to the constant nature of change at a company, including how data is handled, Johnson says that new information is constantly at risk of being exposed. One example he shared was a directory of names and phone numbers that wasn’t intended to be made public. The researchers found it and flagged it to Deere, which was able to protect the information before a malicious individual could find it. “They found it very quickly and we were able to get it resolved,” says Johnson.
Another area of focus for Johnson is promoting stronger cybersecurity skills at the collegiate level, which can bolster in-house expertise at Deere once those grads are ready to enter the workforce. “One of the hardest things we do in security is to find talent,” he says.
Deere hosts an annual “CyberTractor Challenge,” which initially was a company initiative but has grown to become so popular that it is now an agricultural-focused, cybersecurity event that’s brought in peers including CNH Industrial and AGCO Corporation. The week-long program, now run as a nonprofit, attracts college students to Iowa State University where they learn about tractor operating systems. They also attempt to hack into the equipment and then discuss how to keep the machines secure from those attacks.
Deere also hires Iowa State students to work part time for the company and learn how to keep cloud environments like Amazon Web Services and Google secure.
“Frankly, most college programs can’t keep up with technology and how fast it’s moving,” Johnson says. Many of those students in that part-time program later become interns or full-time employees at Deere.
With nearly 76,000 employees, Johnson aims to make cybersecurity accessible to the broader workforce through a mix of phishing tests sent to employees to assess their ability to identify scams, annual training certification courses, and a digital security newsletter that’s distributed companywide each month. Other initiatives include a recent guest lecture from former New York Times cybersecurity reporter Nicole Perlroth and the launch of a CISO awards program to honor top security practices developed by Deere dealerships, factories, engineering teams, and suppliers.
HackerOne and offensive security services provider Bishop Fox are among the vendors that Deere leans on, but Johnson says he doesn’t spend too much time directly talking to vendors. He empowers his team to manage those relationships on Deere’s behalf. He says he’s witnessed a lot of consolidation in the cybersecurity industry, but expects that AI will be an even greater disrupter.
Recently, Deere has been using agentic artificial intelligence solutions to help determine if a phishing email reported by an employee is in fact malicious and then, proactively delete the messages that are deemed harmful from all company inboxes. Before AI, Deere had a goal of completing that assessment process within four hours. AI has trimmed that response time to under 20 minutes.
When asked to assess his cybersecurity efforts, Johnson has a simple barometer to gauge success.
“We’ve not been on the front page of any newspapers,” he says. “That feels pretty good.”
John Kell
Send thoughts or suggestions to CIO Intelligence here.
The new Fortune 500 ranking is here
In total, Fortune 500 companies represent two-thirds of U.S. GDP with $19.9 trillion in revenues, and they employ 31 million people worldwide. Last year, they combined to earn $1.87 trillion in profits, up 10% from last year—and a record in dollar terms. View the full list, read a longer overview of how it shook out this year, and learn more about the companies via the stories below.
- A passion for music brought Jennifer Witz to the top spot at satellite radio staple SiriusXM. Now she’s tasked with ushering it into a new era dominated by podcasts and subscription services. Read more
- IBM was once the face of technological innovation, but the company has struggled to keep up with the speed of Silicon Valley. Can a bold AI strategy and a fast-moving CEO change its trajectory? Read more
- This year, Alphabet became the first company on the Fortune 500 to surpass $100 billion in profits. Take an inside look at which industries, and companies, earned the most profits on this year’s list. Read more
- UnitedHealth Group abruptly brought back former CEO Stephen Hemsley in mid-May amid a wave of legal investigations and intense stock losses. How can the insurer get back on its feet? Read more
- Keurig Dr. Pepper CEO Tim Cofer has made Dr. Pepper cool again and brought a new generation of products to the company. Now, the little-known industry veteran has his eyes set on Coke-and-Pepsi levels of profitability. Read more
- NRG Energy is the top-performing stock in the S&P 500 this year, gaining 68% on the back of big acquisitions and a bet on data centers. In his own words, CEO Larry Coben explains the company’s success. Read more
NEWS PACKETS
Entry-level jobs appear to be at risk as AI advances. Fresh fears are emerging on AI’s impact on the workforce and the disruption to employment, with media reports highlighting how the technology could make it harder to secure entry-level, well-paid jobs in fields like banking and computer science. Two leading CEOs in the field recently shared opposing views on what’s ahead: Nvidia’s Jensen Huang was more optimistic and leaned on the popular industry refrain that “you’re not going to lose your job to an AI, but you’re going to lose your job to someone who uses AI.” Anthropic CEO Dario Amodei was far more dour. He told Axios that he predicts AI could eliminate half of all entry-level jobs within five years. The New York Times reports that AI’s disruption on the workforce can already be seen in the economic data, highlighting that unemployment for recent college graduates has leapt to an “unusually high” 5.8% in recent months.
At Meta and McKinsey, embracing AI continues to upend workflows. New examples of how AI is quickly disrupting the tasks that knowledge workers perform can be seen at tech giant Meta and consultancy McKinsey. This week, the Wall Street Journal reported that Meta is angling to enable brands to fully create and target ads using AI by the end of next year, which would allow clients to create full video and video assets without having to spend the money to hire a production crew. At McKinsey, as reported by Bloomberg, consultants are increasingly drafting proposals making PowerPoint slides using the firm’s generative AI platform. The outlet says that the technology has developed enough to take over at least some tasks that were performed by junior employees. Meta cut 5% of its workforce in January, while McKinsey’s headcount has dropped by more than 10% in the past 18 months, the largest decline in the consultancy’s history.
AI startups continue to announce fresh, big rounds of funding. The most recent report from Bloomberg says that Abridge AI—which uses AI to transcribe conversations between medical providers and patients—is raising $300 million in a new funding round led by Andreessen Horowitz that would value the AI startup at $5.3 billion. Other big-figure deals include a $50 million Series A raised by Databricks rival Chalk, cybersecurity startup Horizon3.ai’s efforts to raise $100 million in new funding, Snorkel AI’s $100 million Series D led by VC firm Addition, and Elon Musk’s AI company xAI shopping around a $5 billion debt package. The big funding rounds come after investors poured nearly 58% of global VC dollars into AI and machine learning startups in the first quarter of 2025, according to data provider PitchBook.
Samsung-Perplexity AI near AI technology deal. South Korean consumer electronics giant Samsung is reportedly close to inking a wide-ranging deal with Perplexity AI that would put search technology from the AI startup in future Samsung devices and integrate Perplexity’s search features into the Samsung web browser. The companies are also discussing potentially incorporating Perplexity’s technology into Samsung’s Bixby virtual assistant, Bloomberg reports. The outlet has also previously reported that Samsung is expected to be one of the biggest investors in a fresh round of funding for Perplexity, citing people familiar with the matter. The startup has been in advanced discussions to raise $500 million at a $14 billion valuation.
ADOPTION CURVE
A majority of companies say AI agents have performed unauthorized actions. A new study published by cybersecurity company SailPoint found that while four out of every five organizations say they are already using AI agents, only 44% of organizations have policies in place to secure them. Four out of every five companies also report that their AI agents—which use foundational models to complete complex, multi-step tasks—have performed some unintended actions. This has included accessing unintended applications and services (39%), accessing privileged or sensitive data (33%), and allowing inappropriate data to be downloaded (32%). The responses were from 353 IT professionals at companies across the world.
Mark McClain, SailPoint’s CEO and founder, tells Fortune that this inflection point reminds him of an old cybersecurity adage: why do race cars have breaks? So they can go fast. “People are being reminded that they have to be able to trust their brakes,” says McClain. “And right now, I think security people are raising their hands and going, ‘We don’t really have confidence in our brakes.’”
JOBS RADAR
Hiring:
- Dish TV is seeking a CIO, based in Englewood, Colorado. Posted salary range: $400K-$500K/year.
- Blue Cross Blue Shield is seeking a CIO of the Synergie Medication Collective contracting business, based in Chicago. Posted salary range: $275K-$300K/year.
- Jefferies is seeking a head of HR technology and transformation, based in New York City. Posted salary range: $200K-$250K/year.
- The HRT Club is seeking a CTO, based in Bridgewater, New Jersey. Posted salary range: $180K-$200K/year.
Hired:
- Home Depot (No. 24 on the Fortune 500) promoted Angie Brown to serve as EVP and CIO, overseeing all aspects of technology strategy, infrastructure, cybersecurity, and software development for the home improvement retailer’s stores, supply chain facilities, support centers, and online systems. A 27-year veteran of Home Depot, Brown most recently served as SVP of IT.
Every Friday morning, the weekly Fortune 500 Power Moves column tracks Fortune 500 company C-suite shifts—see the most recent edition.
- Vertiv named Mike Giresi as CIO, joining the infrastructure equipment manufacturer on June 30 to lead initiatives in AI adoptions across the business, cybersecurity, and product security. Previously, Giresi served as chief digital officer at consumer electronics company Molex. Prior to that, he served as CIO at cruise operator Royal Caribbean Cruises, fashion brand Tory Burch, and chocolate maker Godiva Chocolatier.
- Agilent Technologies named August Specht as CTO, joining the instruments and services provider for laboratories on June 9. Previously, Specht served as a VP of global R&D at biotechnology company Thermo Fisher Scientific. He has also held other R&D, product management, and strategy roles at Thermo Fisher and scientific instruments manufacturer Varian Instruments.
- Chesapeake Utilities Co. appointed Abhijit Bhatwadekar as VP and CIO, effective June 13, to oversee IT infrastructure, enterprise applications, cybersecurity, data management, and vendor partnerships for the natural gas distributor. Bhatwadekar joins Chesapeake Utilities from natural gas and electricity provider PPL Corporation, where he served as VP of data analytics and customer experience.
- Harbor has appointed Allan Lamkin as CTO, joining the law firm consultancy after previously serving as CIO at law firm Paul Hastings LLP. At Paul Hastings, he led modernization of the firm’s global technology infrastructure and completed more than 200 projects over a five-year period. Lamkin also previously served as CTO at media company Deluxe Entertainment Services Group.
- CompQsoft Digital announced the appointment of Jon Rastia as CTO and EVP of strategy, where he will spearhead technology innovation and lead the global engineering team. Before joining the IT services company, Rastia held roles at IT services companies Argano and DXC Technology and also served as a solution architect at server and cloud-software firm Hewlett-Packard Enterprise.
- Keystone.ai has appointed Brad Miller, the former CIO of drugmaker Moderna, to serve as president of the technology consulting firm’s CoreAI business. Miller led Moderna’s decision to become Keystone’s CoreAI inaugural customer, working together to co-develop an AI-powered forecasting demand model and intelligent control tower. Prior to joining Moderna in 2023, Miller served as CIO of enterprise products and platforms at Capital One and as EVP of operations and technology at Mastercard.
- EnableComp announced the appointment of Brian Kenah as CTO, overseeing technology development and managing infrastructure and cybersecurity for the revenue cycle management provider. Kenah has nearly 25 years of healthcare technology, including as CTO of Azalea Health and senior VP of technology operations at Sharecare.
