Hugo Teufel III is Vice President, Deputy General Counsel for Cyber, Privacy, and Records, and Chief Privacy Officer for Lumen Technologies (formerly CenturyLink) (NYSE: LUMN), a publicly traded global technology company with approximately $13B in annual revenue.
Hugo leads a team responsible for Lumen’s global privacy and records management programs, as well as the provision of cybersecurity and artificial intelligence legal advice and counsel to the company. Hugo brings more than 20 years of experience, centering on the changing landscape of privacy and security across a variety of sectors. He previously served in several leadership roles, including as Chief Privacy Counsel for Raytheon Company and as Chief Privacy Officer at the U.S. Department of Homeland Security. Hugo also served as a Judge Advocate in the Army National Guard for over 12 years.
Hugo has a B.A. in Economics with a minor in German from Metropolitan State University of Denver, a J.D. from the Washington College of Law at American University, and an M.A. in National Security and Strategic Studies from the U.S. Naval War College. He also holds CIPP/G, CIPP/US and CIPM certifications from the International Association of Privacy Professionals and Certificates in Privacy Engineering from Carnegie Mellon University, Strategic AI from the University of Colorado, Colorado Springs, and AI Strategy from Cornell University. Hugo is a member of the Colorado bar.
Q: You’ve had a distinguished career spanning senior government roles at DHS and DOJ to leadership positions in the private sector, including at Raytheon and now Lumen Technologies. How did you approach the transition from government service to corporate leadership?
A: Hey, thank you for the kind words! The transition from government to corporate leadership wasn’t as hard on might expect. Over the course of my time in public service, I worked for cabinet and sub-cabinet officials, testified before committees of both houses of Congress, and advised general and flag officers. I learned how to present at different levels, always neutrally providing the pros and cons of various courses of action. I also understood the importance of aligning with key internal stakeholders and working across functions to get the work done. These are all traits one needs to succeed in corporate America.
Q: Many veterans and government lawyers struggle with how to make their public sector experience resonate with private employers. What advice would you give them on framing their skills and impact in a way that is relatable in the corporate world?
A: It’s tough sometimes, but it’s not always the fault of the veteran or government lawyer looking to transition into corporate work. I once had a general counsel at a well-known government contractor ask me if I wasn’t better off remaining in government. At that point in my career, I had practiced at two law firms and a consultancy, in addition to working in government and the military. I often wonder whether that person even understood his company’s customers.
My advice would be to look for prospective employers whose businesses could benefit from one’s prior work experience, but also whose customers are aligned with one’s prior public service. It should make for a better “fit” when transitioning to the private sector. Also, don’t be afraid to take an entry-level position. You may have done great things in public service, but you still have to prove yourself to your prospective private sector employer. Work hard, do good work, and always look to advance the company’s business in an ethical and legal manner. You will be recognized.
Q: How has your leadership style evolved from leading within federal agencies to now managing cross-functional teams at a global technology company?
A: Whether in government or the private sector, as a privacy professional, your superpower is the same: you must be able to persuade others with responsibility and budget to work with you to achieve goals that they may not immediately see as beneficial to their teams and the company, but that can lower risk and differentiate the company from its competitors.
Q: What practices have you found most effective in building and retaining high-performing privacy and cybersecurity teams?
A: Hire better and smarter people than I am and then get out of their way! Give them the tools and training they need and remove barriers when they arise. The team is everything.
Q: In both government and corporate roles, you’ve needed to align diverse stakeholders around privacy and security goals. How do you build influence without direct authority?
A: Sometimes I think it’s pure magic. But I’m no magician. And then I think of Jerry McGuire. Collaboration and mutual understanding of our shared issues makes it possible to be more than the sum of our parts. Sounds cliché, but it’s true.
Q: You’re credentialed in both privacy and AI law, and you hold a Top Secret clearance. How do you see AI, cybersecurity, and privacy converging as risk areas that organizations must prepare for?
A: Absolutely, there is a clear convergence among AI, cybersecurity, and privacy as risk areas that organizations must address. As our professional and personal lives become more entwined with digital platforms, the digital landscape has grown dramatically—creating a much broader attack surface for potential threats. AI technologies now play a vital role in both protecting and challenging privacy and cybersecurity, as they can automate defenses but also introduce new vulnerabilities and ethical concerns. Meanwhile, advancements like quantum computing are on the horizon and will further complicate this risk landscape, potentially rendering current encryption methods obsolete. Organizations must proactively adapt their risk management strategies to stay ahead of these rapid developments, ensuring robust privacy protections and cybersecurity measures while keeping pace with AI innovation.
Q: What is the value of a security clearance for someone moving into private-sector roles, especially in industries like defense, telecom, and technology?
A: A security clearance is a significant differentiator for the right employer. It won’t, by itself, get you the job, but among candidates of equal standing, it can make the difference. Being “cleared” means you’ve gone through a vetting process, but it also means the company won’t have to pay for you to get your clearance.
Q: Leaders are often asked to set their own compass for risk tolerance. How do you personally calibrate your approach to risk, and how do you reconcile that with a company’s stated risk appetite?
A: My job is to appropriately assess and advise business risk decision makers of the risks to a given course of action and then support the execution of their decisions. Very few decisions are a clear-cut “yes” or ”no.” If I’m not aligned with the company’s approach to risk, I probably should find another job.
Q: For candidates interviewing with a company, what are respectful ways to ask about that company’s risk appetite and approach to compliance?
A: I’d start with having a good network within the privacy community. The number of privacy professionals has expanded tremendously over the last 20 years, but it’s still a small community in many ways. You can learn a lot about a company’s risk tolerance through your network.
Next, I would do research on the company, starting with the website and its trust center, if any, followed by any annual reports it has published, along with the company’s code of conduct. You can learn a lot about a company and its privacy posture this way.
At the interview, it’s as much what the interviewers have to say as it is what you might ask. If you are getting a lot of questions on risk or who makes risk decisions, it could mean that leadership has concerns with how the privacy team views risk and that they want to assess how you approach risk.
Q: As a leader, how do you communicate your organization’s risk appetite clearly to candidates and new hires, so they know how to align their judgment calls with the business?
A: It’s important that team members understand how privacy frameworks and maturity models operate. Sometimes compliance is binary, and sometimes compliance is measured on a scale of 0 or 1 to 5. Optimal maturity is different for each company. But most importantly, I stress that for most risk decisions, we are not the decision-makers and we should never substitute our judgment for the judgment of those who are.
Q: What specific skills or experiences would you advise early-career lawyers or veterans interested in privacy and cybersecurity roles to prioritize?
A: Network relentlessly. Look for opportunities to work on privacy or cyber roles where you are currently. If none, don’t hesitate to make a move. One advantage to being in the federal government is the ability to get a security clearance, which can help when looking to work in the cyber field. U.S. Attorney’s offices are a good place to get experience and work on cyber matters, so is working at a law firm that does incident response. Get a certification or two in privacy, AI, or cyber, but don’t overdo it with the certs. An entry-level job is more important than half a dozen certifications while working in an unrelated field. Take the entry-level job after you’ve vetted the company and the team and learn on the job.
Q: Having served in both high-level government and corporate roles, what lessons do you draw from those experiences that remain most relevant in your work today?
A: The fundamentals are never out of style or inapplicable. Do good work. Bring solutions, not problems. Remember who you work for, who your stakeholders are, and never confuse the two. Have fun. Be kind.
Q: Any other closing thoughts you’d like to share?
A: Thanks for including me in “Captains of Industry.” It was great talking with you today. I’m a big fan of the series, and it’s a huge honor to be a part of it.
Introduction & Background Q: You’ve had an extraordinary career spanning the privat...
Read More
Career Path & Transitions Q: You’ve built a remarkable career that spans private pr...
Read More
David Sclar is a seasoned in-house counsel and Harvard Law School graduate who has spent ...
Read More