On the 36th episode of Enterprise AI Defenders, hosts Evan Reiser and Mike Britton sit down with Chris Leigh, VP and Chief Information Security Officer at Eversource, New England’s largest energy provider serving more than 4.5 million customers across three states. For a utility, cybersecurity is not just an IT concern. It is a reliability mandate, tied to the systems that keep electricity flowing and gas pressure stable. Chris’s scope reflects that reality. “No guards, no guns, no gates. But if it touches technology, it’s in my purview,” he says, describing a role that spans cyber defense, core networking, and, unusually, AI ownership.
That unusual structure is not a novelty. It is the thesis of the conversation. Chris is using security as the forcing function that makes AI adoption durable. When public AI tools broke into the mainstream, he did not start with experimentation. He started with containment. His team discovered employees using a range of internet tools and responded the way a critical infrastructure operator has to: “So it started with that security question and so locked it all down.” Then they put policy in place, reopened access for approved business cases, and built a governance structure that could scale beyond a handful of pilots.
What comes next is where the outcomes show up. Chris describes an operating model built to keep development consistent and hand off production systems to the right application owners. The point is to build “everything one way using standard tools,” rather than creating fragmented one-off solutions. That consistency becomes speed. “And that’s allowed us to accelerate our time to delivery by orders of magnitude of three months, down to four weeks, down to two weeks for various sprints,” he says. In a regulated environment, that is a meaningful signal: governance can be an enabler when it is engineered, not policed.
Chris also grounds AI value in operations, not hype. One standout example is drone-based preventative maintenance. Utilities already fly drones over transmission and distribution lines, but the leap comes from AI models that can detect issues the human eye misses. Chris explains how imagery flows through models to identify damaged components and hotspots, “which allows us to schedule and do repairs before we actually have power outages.” He calls the approach “a game-changing technology” because it improves grid resiliency where customers feel it most: fewer disruptions and faster remediation.
On the security side, the most transformative win he shares is the ability to deliver threat intelligence at scale. Chris notes how dramatically government and partner reporting has expanded, to the point of overload. Instead of asking analysts to manually sift and transcribe, Eversource routes reports into AI for analysis, then operationalizes the output: “Any IOCs get popped into our tools automatically.” The result is speed and focus. It is “not a manual effort anymore,” which frees the team to spend time on higher-value investigation and response rather than data entry.
Looking forward, Chris is especially focused on deepfakes and impersonation, not because employees are unaware, but because the attacks exploit urgency. His answer is cultural and procedural, reinforced by better identity signals and authenticated communications. Underneath it all is his leadership posture: practical, low-ego, and people-oriented. In his lightning round advice, he brings it back to how security leaders earn trust while navigating change: “Put your ego away and learn. Listen.”
Listen to Chris’s episode here and read the transcript here.
