California’s university sector depends on cybersecurity leaders who can protect large, decentralized environments while supporting teaching, research, administration, and public service. The leaders in this feature work across institutions with very different structures and priorities, but they share a common challenge: securing complex academic ecosystems without losing sight of access, collaboration, and innovation. Their backgrounds span security operations, governance and compliance, infrastructure leadership, risk management, and long-term security program development inside higher education.
Drake Chang — Chief Information Security Officer, UCLA
Drake Chang serves as chief information security officer at UCLA, where he leads cybersecurity for one of California’s largest and most prominent university environments. His rise to the role came through a long progression inside UCLA itself, including earlier positions as interim chief information security officer, manager of cybersecurity operations, incident response supervisor, system engineer, and technology analyst. That internal path reflects deep familiarity with the university’s systems, operating model, and institutional needs.
Chang’s background is rooted in higher education security, with experience spanning cybersecurity operations, incident response, systems security, and organizational transformation. His profile emphasizes team building, collaboration, and the alignment of cybersecurity practices with institutional strategy. Across his UCLA tenure, he has built experience in threat and vulnerability management, digital forensics, policy implementation, disaster recovery, and risk assessment, giving him a broad foundation for leading security in a research-intensive university setting.
William Hacker — Interim Chief Information Security Officer and Interim Senior Director of Infrastructure Services, California State University, Los Angeles
At California State University, Los Angeles, William Hacker currently serves as interim chief information security officer and interim senior director of infrastructure services. In those roles, he is responsible not only for information security, but also for networking, data center, desktop, and laptop services across the university. That dual remit places him at the intersection of security leadership and core infrastructure operations.
Before stepping into the interim CISO role, Hacker served as director of information security management at Cal State LA. Earlier, he spent nearly two decades at the University of Southern California as an IT manager and previously led data center operations in the private sector as director of information technology at U.S. Data Source. His background combines higher education technology leadership with infrastructure and operations experience, which is particularly relevant in campus environments where security and service delivery are tightly linked.
Keith Barros — Chief Information Security Officer, Chapman University
Keith Barros is chief information security officer at Chapman University, bringing roughly three decades of IT executive management and cybersecurity experience to the role. Before joining Chapman, he spent nearly 16 years at Seton Hall University, where he held senior leadership positions including senior director of information security and associate executive director of IT. His work there covered cybersecurity strategy, operations, governance, compliance, risk management, third-party risk, and legal coordination.
Barros’s experience at Seton Hall also included helping create an undergraduate cybersecurity certificate, showing a connection between security leadership and the academic mission itself. Across his career, he has worked on PCI, HIPAA, FERPA, GLBA, NIST, project management, disaster recovery, and IT service management, while also holding earlier leadership roles in consulting, e-business, infrastructure, and enterprise systems. That breadth gives him a well-rounded profile for a university setting where security leadership often extends into governance, policy, vendor oversight, and institutional planning.
Sean MacLean — Senior Director of Information Technology and Chief Security Officer, Vanguard University of Southern California
At Vanguard University of Southern California, Sean MacLean serves as senior director of information technology and chief security officer. In that position, he oversees information technology services, enterprise systems, infrastructure planning, and cybersecurity posture, while working with university leadership to align technology investments with institutional goals. His profile highlights both operational leadership and a strong emphasis on mentoring staff and connecting technology work to institutional mission.
MacLean’s earlier experience includes consulting work through his own firm, SEARKS, as well as roles at TechMD, Mariners Church, Access, St. Joseph Hospital, and Ricoh Americas. Those positions gave him experience across infrastructure, systems support, ERP environments, cloud and on-premises systems, network design, backup and disaster recovery, vendor management, and day-to-day IT operations. His career reflects a practical blend of hands-on technical leadership and broader organizational management, which fits the needs of a smaller private university environment.
Shawn Kim — Director of Cybersecurity Governance, Risk, and Compliance, Stanford University
Shawn Kim is director of cybersecurity governance, risk, and compliance at Stanford University, where she leads initiatives to strengthen governance frameworks, risk assessment, and compliance strategy across the university’s technology landscape. Her work focuses on protecting critical systems, data, and research infrastructure while helping integrate cybersecurity risk management into day-to-day operations and long-term planning.
Before moving into Stanford’s Information Security Office, Kim built her experience inside the university’s Graduate School of Education, where she worked for many years in digital learning, academic technology, and project leadership roles. That background gave her direct exposure to the realities of teaching, learning, research, and educational technology inside a major academic institution. Her progression from academic technology leadership into cybersecurity governance gives her a distinctive perspective on balancing innovation, usability, and institutional risk in higher education.
Joshua Van Horn — Deputy Chief Information Security Officer, University of California Office of the President
Joshua Van Horn is deputy chief information security officer at the University of California Office of the President, where he helps lead cybersecurity at the systemwide level for one of the largest public university systems in the country. Before taking on that role, he served as senior manager of security operations at the Office of the President and spent more than two decades at the University of California, Davis in progressively senior enterprise technology roles.
Van Horn’s UC Davis experience included leading teams responsible for system administration, enterprise applications, database administration, network operations, and cybersecurity for a campus community of more than 70,000 students, faculty, staff, and affiliates. He also oversaw large-scale virtualization, hosted solutions, identity and access management integration, multi-cloud deployments, audit readiness, and infrastructure governance. His background shows a long-running focus on building and scaling enterprise services in university environments, making him one of the more operationally seasoned security leaders in California higher education.
Cybersecurity Leadership Across California’s Universities
Cybersecurity in universities is not just about defending networks. It is about protecting research, student and employee data, academic systems, and the operational backbone of institutions that serve large and diverse communities. The leaders in this feature show how California universities are approaching that challenge from different angles, whether through security operations, infrastructure oversight, governance and compliance, or systemwide coordination. Together, they reflect the depth of cybersecurity leadership shaping higher education across the state.
Explore more profiles of the leaders shaping cybersecurity across numerous industries in our CISOs to Watch collection.