Nevada Names Retired Army Officer Bertrum Carroll as Cybersecurity Chief

What happened

Nevada named retired Army officer Bertrum Carroll as its new chief information security officer less than a year after a ransomware attack disrupted operations across much of state government. The announcement came Monday, with state officials saying Carroll will lead cybersecurity operations after the retirement of former CISO Bob Dehnhardt last May. According to the state and the article, Carroll most recently spent eight-and-a-half years at workers’ compensation insurer Employers, where he served as CISO and vice president. His background also includes IT roles at General Electric and Rockwell Automation, along with 27 years in the Army, where he retired as a lieutenant colonel. In state remarks, Carroll said he plans to begin by surveying Nevada’s most important risks and emphasized governance, workforce training, vendor expectations, and responsible data use in the AI era. 

Who is affected

The direct impact falls on Nevada state government and its cybersecurity operations. The appointment follows a disruptive ransomware incident that affected services across roughly 60 agencies, including Health and Human Services, Motor Vehicles, and Public Safety, making the leadership change especially relevant to statewide technology and security oversight. 

Why CISOs should care

This matters because Nevada is making a senior cyber leadership change in the aftermath of a major operationally disruptive ransomware incident. It also shows how states are tying leadership, data governance, cloud security standards, and risk-based security management together as part of their response to a changing threat environment. 

3 practical actions

1. Treat post-incident leadership as a security control: Use major incidents as a moment to reassess whether cyber leadership structure, authority, and accountability are strong enough for recovery and long-term resilience. 
2. Start with the highest-risk exposure: Follow Carroll’s stated approach and begin by identifying the most important organizational risks before expanding security effort more broadly. 
3. Tie cyber operations to governance and data handling: Make sure cybersecurity planning covers workforce training, vendor expectations, and data governance, especially as AI becomes more embedded in daily operations. 

For more news about government security leadership and cyber resilience efforts, click Cybersecurity to read more.