Spain’s transportation sector runs on complex, interconnected systems: rail networks, metro operations, long-distance fleets, ticketing platforms, passenger information systems, and increasingly digitized OT/IT environments. Cybersecurity leadership here is about more than protecting data—it’s about ensuring safety, service continuity, and resilience across critical infrastructure. The leaders featured below are shaping security programs that support reliable public mobility, large-scale operations, and modern transport transformation.
Kerman Arcelay — Chief Information Security Officer, Metro Bilbao
Kerman Arcelay is Chief Information Security Officer at Metro Bilbao, bringing more than 25 years of experience across information security, systems, and application development. The role includes designing security solutions, selecting tools and vendors, preparing procurement documentation, and administering security platforms. Kerman also holds key transportation-sector security responsibilities linked to critical infrastructure and regulatory frameworks, including security roles aligned to Spain’s critical infrastructure and NIS-related requirements, and acting as a primary cybersecurity point of contact for metropolitan transport coordination.
Alejandro Fernandez Payno — Chief Information Security Officer, Alsa
Alejandro Fernandez Payno is Chief Information Security Officer at Alsa, building on extensive leadership experience in cyber defense operations across large, complex environments. Prior to joining Alsa, Alejandro held senior leadership roles at Deloitte, including leading EMEA cyber defense functions spanning incident response, vulnerability management, threat detection, threat intelligence, phishing awareness, and security engineering. This combination of operational cyber defense leadership and transport-sector responsibility positions Alejandro to strengthen resilience for large-scale passenger transport services.
Gema Parra Rodríguez — Head of the Cybersecurity Department for Spain and Portugal, Alstom
Gema Parra Rodríguez leads the Cybersecurity Department for Spain and Portugal at Alstom, with a strong background in industrial and project-focused cybersecurity. Her experience includes project cybersecurity management and industrial cybersecurity consulting, supporting environments where security requirements intersect with engineering delivery and operational constraints. In the transportation context, this work is especially relevant to rail and mobility systems where cybersecurity must be integrated into projects, control environments, and long lifecycle assets.
Esther Mateo Rodriguez — Director of Cybersecurity and Digital Transformation, ADIF
Esther Mateo Rodriguez is Director of Cybersecurity and Digital Transformation at ADIF, combining cybersecurity leadership with large-scale transformation and crisis-oriented execution. Her background includes leading multidisciplinary teams in high-pressure environments and delivering strategic, organization-wide programs within Spain’s rail infrastructure ecosystem. The role focuses on modernizing security capabilities while supporting broader digital transformation goals, aligning resilience, continuity, and security governance with the operational demands of national transport infrastructure.
Strengthening Mobility Resilience Across Spain’s Transport Networks
Transportation is a high-impact target environment: distributed operations, OT/IT convergence, third-party ecosystems, and nonstop service expectations. The leaders highlighted here reflect how Spain’s transport organizations are investing in governance, operational cyber defense, and integrated industrial security to protect continuity, reliability, and trust across the mobility landscape.