Oregon’s cybersecurity landscape is evolving rapidly, shaped by a mix of public-sector institutions, healthcare networks, major consumer brands, and critical infrastructure providers. Behind these organizations are security leaders who not only protect sensitive data and essential services but also influence how the region prepares for emerging threats.
The following list highlights 10 CISOs to watch in Oregon. These professionals are driving modernization, strengthening resilience, and raising the bar for cybersecurity leadership across the state.
Dennis Tomlin — Multnomah County
Dennis Tomlin currently serves as the Chief Information Security Officer for Multnomah County, leading the county’s cybersecurity efforts, including endpoint and perimeter protection, incident response, identity management, and compliance programs. He holds a seat on key statewide security governance bodies, among them the Oregon Cyber Advisory Council, reflecting his influence in shaping public-sector cyber policy across Oregon. In recognition of his leadership, he was named CISO of the Year in 2023 by the local chapter of Society for Information Management (SIM).
David McMorries — Oregon State University
David McMorries is the Chief Information Security Officer at Oregon State University (OSU), overseeing the institution’s security posture and data protection strategies. In 2024, he was honored as “CISO of the Year” by SIM’s Portland chapter, a strong signal of his leadership and impact within higher-education cybersecurity in Oregon. As university campuses remain high-value targets for cyber threats, his role at OSU places him at the forefront of securing academic networks, research environments, and student data through evolving threat landscapes.
Matt Carlson — NW Natural
Matt Carlson leads cybersecurity and compliance at NW Natural, a major utility, playing a critical role in securing its infrastructure and operations that serve large populations. He has also been recognized for his leadership: in 2022, he won SIM Portland’s CISO of the Year award, demonstrating his strong track record in balancing regulatory compliance, operational reliability, and cybersecurity in the utility sector.
Jon P. Washburn — Stoel Rives LLP
Jon P. Washburn is Chief Information Security Officer at Stoel Rives LLP, a major law firm headquartered in Portland. With over 30 years in IT and security, and nearly two decades in the legal industry, he leads information security, governance, compliance, and business-intake security functions for the firm. He is also actively involved in the broader legal industry security community, volunteering with organizations such as the International Legal Technology Association (ILTA) and the Legal Services Information Sharing and Analysis Organization (LS-ISAO), helping to shape better security practices across the sector. For his leadership, Washburn was named SIM Oregon CISO of the Year in 2020.
Steve Person — Cambia Health Solutions
Steve Person serves as CISO for Cambia Health Solutions, a significant role given the sensitive nature of healthcare data and regulatory compliance demands. He also holds a position on the leadership board of CyberRisk Collaborative for the Portland community, positioning him among the region’s key security leadership network. Although not listed as the most recent SIM award winner, his presence among the leadership of a major health system’s cybersecurity efforts makes him a CISO to watch, especially as privacy and security remain critical in healthcare.
Christopher Paidhrin — City of Portland
Christopher Paidhrin is the Chief Information Security Officer for the City of Portland, responsible for securing municipal systems, data, and citizen services. He has long been recognized as a national authority on information security, with past accolades including inclusion in “Security 7” by Information Security magazine, and was awarded SIM Oregon CISO of the Year in 2021. Paidhrin is also known for advocating IT Service Management (ITSM) best practices, process improvement, and knowledge management, a perspective that combines governance, process, and security in the public sector.
José A. Domínguez — University of Oregon
José A. Domínguez is listed as the security lead at the University of Oregon. Given the significance of higher-education institutions as targets for cyberattacks, especially around research data, student records, and institutional systems, his role remains important, and he’s worth watching for future visibility as university cybersecurity becomes more central.
Ronald Buchanan — Vitalant
Ronald Buchanan currently serves as Vice President and Chief Information Security Officer at Vitalant, one of the nation’s largest nonprofit blood and biotherapies providers, where he leads enterprise-wide security strategy across a highly regulated and mission-critical healthcare environment. Before joining Vitalant in 2024, he spent nearly five years as CISO of St. Charles Health System in Oregon, strengthening the organization’s cyber resilience and building its modern security program.
Mike Bray — The Vancouver Clinic (Pacific Northwest region)
Mike Bray appears among the security leadership in Oregon’s broader cyber-community network for the Vancouver Clinic. As the healthcare industry remains under intense scrutiny from both regulators and threat actors, CISOs heading security at regional health providers will likely gain prominence.
Ryan McGrory — Columbia Sportswear Co.
Ryan McGrory is listed as CISO of Columbia Sportswear Co. within the Portland-area cybersecurity community. As Columbia Sportswear is a high-profile consumer brand headquartered in Oregon, McGrory’s role is especially relevant: protecting intellectual property, supply chain systems, customer data, and e-commerce infrastructure, all of which are high-value targets for attackers.
Why This List Matters
Oregon’s cybersecurity landscape features a diverse set of CISOs, each facing distinct challenges. The individuals above represent a mix of strong institutional responsibility, community recognition, and leadership in environments that matter for both data protection and public or societal impact.
As cyber threats continue to evolve, the work of these leaders will help shape how organizations across Oregon respond, adapt, and fortify their defenses.