Shauli Zacks
Published on: July 7, 2025
In our latest interview at SafetyDetectives, we sat down with Bill Dunnion, the Chief Information Security Officer (CISO) at Mitel, a global leader in business communications. With a background that spans mechanical engineering, product marketing, and cybersecurity, Bill brings a rare multidisciplinary perspective to his role—one that’s especially valuable in the complex landscape of M&A-driven digital transformation.
Since stepping into the CISO role in 2024, Bill has guided Mitel through major security milestones, including ISO compliance efforts and the integration of Unify. In our conversation, he shares his unique journey to cybersecurity leadership, how Mitel is turning security into a business enabler, and why AI is both a threat and a powerful tool during times of organizational ch
Can you tell us a bit about your background and your current role as CISO at Mitel?
My path to Mitel is far from the traditional one. I started off my career in mechanical engineering, where I had the opportunity to be exposed to all the moving parts of a business. I also spent time running a cyber practice and delivering services for a series of startups. Through various experiences, I found myself drawn to product marketing and manufacturing, leading me to my first role at Mitel as Product Marketing Manager. After a few years on the product marketing side, I decided to shift over to security, where I’ve remained since I was appointed as CISO of Mitel in 2024.
As a CISO, I oversee the company’s information security strategy, security architecture, and compliance with security standards. I also assess, develop, and implement industry best practices for security across Mitel. My diverse engineering and product background gives me an edge in understanding Mitel from all angles, not just security.
What are Mitel’s primary cybersecurity priorities today, and how have recent acquisitions—like Unify—shaped those priorities?
My biggest priority this year has been helping Mitel transition to International Organization for Standardization (ISO) compliance, especially in Europe. Following the COVID-19 pandemic, this has been in high demand for our European customers. Due, in large part, to many high-profile breaches and supply chain attacks, many European organizations within the private sector and large enterprises expect providers to demonstrate business continuity planning by having strict data protection capabilities.
The integration of Unify was a pivotal moment in this transition and Mitel’s overall cybersecurity evolution. It expanded our global footprint and our role in mission-critical communications, especially in verticals like healthcare, government, and emergency services. But with that growth came the need to address a broader threat landscape. As our combined ecosystems matured, so did the complexity of ensuring secure, compliant, and uninterrupted communications across multiple platforms.
In parallel, I’ve also taken this opportunity to align our ISO journey with Mitel’s broader hybrid cloud strategy and our Common Communications Framework. This initiative is central to our long-term vision: delivering consistent, secure, and flexible communications at scale—no matter the deployment model or geography. It also ensures regulatory compliance and consistent security policies across all Mitel and Unify platforms and continues to build trust with our customers.
When companies go through mergers or acquisitions, how should they decide between integrating systems or migrating to a new environment?
When navigating a merger or acquisition, like we did with Unify, one of the most strategic technology decisions you face is integrating existing systems or migrating to a new platform. At Mitel, we take a customer or business requirements approach. We view this decision through the lens of security, scalability, and operational continuity, especially in the context of mission-critical communications where downtime isn’t an option, all in support of customer requirements.
The first question is: Is speed the top priority, or is long-term resilience the goal? If the need is immediate continuity with minimal disruption, integration often makes sense, especially when both systems are modern, API-driven, and capable of interoperating within a hybrid cloud environment. This has been core to how we’ve approached the Common Communications Framework, which helps ensure we can unify platforms without compromising consistency or security.
However, if the goal is true modernization—whether that’s to meet ISO compliance standards, reduce the attack surface, or better support distributed teams—migration becomes the better path. This is particularly true when one platform clearly offers stronger security, better cloud readiness, or more strategic alignment with the business’s direction.
Security is often seen as a roadblock during M&A. How can CISOs flip that narrative and position cybersecurity as a business enabler?
While many see M&A as a period of heightened security risk, it’s also one of the most powerful opportunities to elevate cybersecurity as a strategic growth enabler. At Mitel, we’ve taken the approach that compliance and risk management aren’t just about protection; they’re about supporting customer requirements, unlocking operational efficiency, and accelerating sales.
Following our acquisition of Unify, we recognized early that demonstrating our commitment to internationally recognized standards like ISO/IEC 27001 was essential—not only to mitigate risk but also to strengthen customer trust, particularly in heavily regulated sectors like healthcare, government, and European public institutions. These aren’t just checkboxes; they’re gateways to markets where security and continuity are non-negotiable.
Achieving and maintaining security compliance benchmarks sends our customers a powerful message: Mitel is built for resilience and what they need. It also enables our sales teams to move faster, whether it’s clearing mandatory security assessments during procurement or meeting evolving regulatory requirements.
Licensing, policy alignment, and shadow IT are major pain points during integration. What’s your playbook for identifying and addressing these vulnerabilities before they become real threats?
Licensing, policy alignment, and shadow IT are often the silent killers of secure, scalable M&A integration because they are underestimated, difficult to detect early, and can quietly derail integration efforts in costly, risky, and time-consuming ways.
At Mitel, we’ve seen how critical it is to address these factors proactively, first by going through a discovery process, i.e., identifying unmanaged applications, unsanctioned data flows, and third-party collaboration tools that may have bypassed governance protocols. Teams like sales, marketing, and engineering often rely on workaround solutions that fly under the radar but pose significant data protection concerns—especially in regions with stricter regulatory regimes like the EU.
From there, we prioritize risk assessments since, for a company like Mitel, where we support mission-critical communications, even one uncontrolled endpoint can represent an unacceptable risk. But identifying the problems isn’t enough. We follow through by offering secure, approved alternatives, and we invest in internal awareness to drive adoption and accountability. This has helped us minimize friction during the M&A process while maintaining the trust of our customers who depend on us for a resilient, secure communications infrastructure.
AI is rapidly transforming the cybersecurity landscape. How do you see it impacting M&A activity—both in terms of new risks and new defenses?
AI is reshaping the cybersecurity landscape at a pace we’ve never seen before—and during mergers and acquisitions, that impact is amplified. M&As are periods of high organizational flux, making them especially vulnerable and appealing to threat actors. At Mitel, we’ve treated times of M&A as a strategic inflection point to evolve our defensive posture and our use of AI-driven tools.
We see how GenAI enables attackers to craft highly convincing phishing and social engineering campaigns that can easily slip past employees during the uncertainty of merger announcements or restructuring. AI also accelerates insider threats, allowing disgruntled users to automate data exfiltration or deploy sophisticated malware that before required advanced skills.
But AI is also proving to be a force multiplier on the defensive side. At Mitel, we’re leveraging AI-powered behavioral analytics and anomaly detection to flag suspicious activity during the integration window, such as unusual logins, elevated access spikes, or uncharacteristic data movement. These tools help us protect sensitive data across both Mitel and Unify platforms, while aligning with our Common Communications Framework and ISO compliance efforts.
We’ve also incorporated AI-driven phishing simulations and deepfake detection training for our high-risk teams. Ensuring cybersecurity readiness isn’t just about technical controls—it’s about fostering a culture of security across the organization, so that every employee understands both the risks and the safeguards when using AI.
