California’s insurance sector depends on cybersecurity leaders who can protect highly sensitive customer and claims data while helping organizations navigate regulation, vendor risk, privacy expectations, and operational resilience. The executives in this feature work across insurers, brokerages, and insurance-focused service organizations where cybersecurity is closely tied to trust, compliance, and business continuity. Their backgrounds span enterprise risk, audit, governance, compliance, security engineering, and the building of long-term security programs inside complex and highly regulated environments.
Ajay Wadhwa — Chief Information Security Officer, State Compensation Insurance Fund
Ajay Wadhwa is chief information security officer at State Compensation Insurance Fund, where he has led the organization’s information security program since 2017. In the role, he is responsible for strategic direction, security planning, architecture, and roadmap development, while working with executive leadership and the board on security initiatives and risk posture. His background reflects more than three decades across IT, audit, compliance, privacy, and cybersecurity.
Before joining State Fund, Wadhwa worked as an executive security consultant and security portfolio manager supporting organizations including Bank of the West, TPMG, and UCSF, where he helped develop security strategy, cloud migration plans, privacy and governance programs, incident response plans, and business continuity frameworks. Earlier roles at Symantec, Blue Shield of California, and Esurance added experience across business-unit security leadership, audit management, compliance, and control remediation. That range makes him one of the stronger examples of an insurance-sector security leader with both practitioner depth and governance experience.
Michael Popp — VP, Director, Information Security, Alliant Insurance Services
Michael Popp is vice president and director of information security at Alliant Insurance Services, where he has risen through the organization across several security roles before taking on his current leadership post. His work at Alliant has included security transformation, platform ownership, SIEM integration, workflow automation, and alignment with frameworks such as NIST, ISO 27001, and MITRE ATT&CK. He describes his approach as pragmatic and business-aligned, with an emphasis on empowering engineers and building secure-by-design environments.
Before Alliant, Popp spent more than two decades at Cymer in systems engineering and information security engineering roles, where he worked on incident response, vulnerability assessment, privileged access management, enterprise logging, and global infrastructure operations. That long operational background gives him a practical foundation for leading security in a large insurance services environment, where day-to-day execution matters as much as long-term governance.
Robert Rowsey — Director, Information Security & Governance, Brown & Brown Insurance
Robert Rowsey is director of information security and governance at Brown & Brown Insurance, where he leads cybersecurity, risk management, and compliance efforts with a strong focus on aligning security and technology strategy to business goals. His responsibilities include security architecture, governance, regulatory compliance, vendor risk management, and coordination with legal, audit, and compliance teams. His profile emphasizes the idea that technology and cybersecurity are not just support functions, but business enablers.
At Brown & Brown, Rowsey has overseen external audits, helped strengthen SOC 1 and SOC 2 control environments, supported compliance work tied to regulations such as CCPA and NYDFS, and developed programs around vendor risk and policy governance. Earlier in his career, he worked across systems engineering, support, and infrastructure roles at Arrowhead General Insurance Agency, building the operational experience that now supports his governance-focused leadership in the insurance sector.
Gustavo Mastroianni — Chief Information Security Officer, Schools Insurance Authority
Gustavo Mastroianni is chief information security officer at Schools Insurance Authority, where he leads end-to-end cybersecurity program development and implementation. In the role, he works with senior leadership on business risk, technical and non-technical controls, training, compliance reviews, and incident response support. His background combines enterprise security leadership with a strong foundation in networking, wireless, and technical architecture.
Before joining Schools Insurance Authority, Mastroianni held CISO and security program leadership roles at Cyber74, Apex Technology Management, and Digital Umbrella, where he helped build security operations capabilities, develop vCISO and MDR programs, manage SOC processes, and advise clients against frameworks such as NIST CSF, NIST RMF, NIST 800-171, and NIST 800-53. That experience gives him a broad perspective on how to translate risk into practical security programs, an important strength in an insurance organization serving education-focused members and stakeholders.
Insurance security leadership is getting broader
The leaders in this feature show how cybersecurity in insurance now extends well beyond core technical defense. It includes governance, privacy, audit readiness, business continuity, third-party oversight, and the ability to explain risk in business terms to executives and boards. In California especially, where insurance organizations operate under heavy regulatory pressure and manage large volumes of sensitive information, the strongest security leaders are often the ones who can connect controls, operations, and business priorities without losing sight of trust.
Explore more profiles of the leaders shaping cybersecurity across numerous industries in our CISOs to Watch collection.