Public sector cybersecurity in Arizona operates under a particular kind of pressure. The systems being protected are not just business assets. They are election infrastructure, tax records, benefits data, and the operational backbone of services that residents depend on daily. The leaders in this feature have built and sustained security programs inside that environment, across state agencies, county government, and municipal operations where the political, regulatory, and operational stakes all run high at the same time.
Ryan Murray — Deputy Director and State Chief Information Security Officer, State of Arizona
Ryan Murray’s path to leading Arizona’s statewide cybersecurity function is one built entirely from within the public sector. He started in school district IT in Yuma, moved into senior analyst and LAN administration roles at Maricopa County, then stepped up to CISO at the Arizona Department of Revenue before joining the State’s central security office. He has held the deputy director and state CISO role in both interim and permanent capacities since 2023, giving him continuity through a period of significant transition. That career arc, from network specialist in a rural school district to the state’s top security executive, reflects the kind of ground-up institutional knowledge that is difficult to replicate.
Michael Moore — Chief Information Security Officer, Arizona Secretary of State’s Office
Election security is one of the most publicly scrutinized areas in cybersecurity, and Michael Moore has made it his primary focus. Before joining the Secretary of State’s Office in 2023, he spent nearly four years as information security officer at the Maricopa County Recorder and more than six years in information security and application development roles at Maricopa County. His framing of the threat landscape is notably direct: he identifies mis-, dis-, and malinformation as the greatest risks to elections, alongside the insider threat that radicalized individuals can create. A mathematics and education graduate of Arizona State University and a CISSP, he has worked to build federal, state, and local government partnerships alongside the technical defenses his office depends on.
Mitch Kohlbecker — Chief Information Security Officer, City of Phoenix
Before being appointed CISO of the City of Phoenix in January 2025, Mitch Kohlbecker spent nearly five years as the city’s deputy CISO, driving advances in architecture, engineering, risk management, and compliance that materially strengthened Phoenix’s security posture. Prior to joining the city, he accumulated more than two decades of security leadership experience across education, government, non-profit, and Fortune-listed companies. His view of the role is straightforward: effective security and business alignment are not competing priorities. They reinforce each other. That perspective informs how he approaches balancing the city’s operational needs with the protection of resident data and municipal assets.
Roberto Sagastume — Former Chief Information Security Officer, City of Scottsdale
Roberto Sagastume brought more than 25 years of IT experience to the City of Scottsdale, where he served as CISO from late 2024 through the end of 2025. His work there centered on building and executing a risk-based cybersecurity maturity roadmap, directing multi-million-dollar security budgets, and overseeing enterprise security operations that included identity and access governance, attack surface management, cloud security controls, and SOC oversight. He also served as the city’s enterprise security engineer for several years before stepping into the CISO role, giving him detailed operational knowledge of the environment he was ultimately responsible for protecting. He leveraged AI as an enabler to support human intelligence and enhance business functions, an approach that reflected a broader philosophy of positioning security as a business driver rather than a cost center.
Stacy Wallace — Chief Information Security Officer, Arizona Department of Revenue
Stacy Wallace has led information security at the Arizona Department of Revenue since 2017, bringing a background that includes nearly eight years in information assurance at Lockheed Martin within defense and space environments subject to ITAR, DoD, and JSIG requirements. She holds a PhD and has published research on the intersection of organizational culture and the work-life balance of cybersecurity professionals, a detail that sets her apart from most security executives. Her approach to the CISO role emphasizes psychological safety, executive partnership, and the importance of truly understanding the business before imposing security controls on it. She is direct about the demands of the profession and equally direct about what sustains people through them.
Jerry Keely — Chief Information Security Officer, City of Tucson
Jerry Keely stepped into the CISO role at the City of Tucson in April 2025, bringing a background that combines long government service with a two-year stint as a cybersecurity advisor at CISA. Before Tucson, he spent nearly five years as CISO at Pinal County, where he also previously served as IT operations manager and acting CISO for more than twelve years. He volunteers with the Arizona Cyber Warfare Range and has maintained that community involvement for nearly a decade alongside his government roles.
Tony Bryson — Chief Information Security Officer, Town of Gilbert
When Tony Bryson took on the CISO role at the Town of Gilbert in 2020, he brought something unusual to it: more than a decade of parallel experience teaching information technology, psychology, and communications at Ottawa University and Fielding Graduate University. That academic thread runs alongside a municipal IT career that included serving twice as interim vice president of information technology and CIO at Mesa Community College, and as director of information technology security planning there for nearly five years. His security leadership at Gilbert covers policy, governance, risk assessment, architecture, incident response, and security awareness, with an explicit emphasis on building shared ownership of security across the organization rather than keeping it siloed within the security team.
Dan Wilkins — Chief Information Security Officer, Arizona Department of Economic Security
Dan Wilkins has served as CISO at the Arizona Department of Economic Security since 2021, overseeing governance, risk, compliance, incident response, forensic analysis, disaster recovery, and cyber resiliency for an agency that handles sensitive benefits and economic data for Arizona residents. He works within the NIST framework and CIS standards, with a focus on shifting organizations from detective controls toward preventative ones. In parallel, he founded Trilioni Tech, a virtual CISO practice serving organizations that need security leadership without the resources to support a full-time hire. That combination of agency leadership and advisory practice reflects a broad view of what public sector security expertise can contribute beyond any single organization.
Matthew Gudenkauf — Chief Information Security Officer, Arizona State Retirement System
Matthew Gudenkauf moved into the CISO role at the Arizona State Retirement System in early 2025 after nearly nine years at the organization in progressively senior technology roles, including applications operations manager and IT infrastructure engineer. His background includes cloud computing expertise in AWS and Azure, DevOps, and systems optimization, and he has also run an independent IT consulting practice. The institutional continuity he brings to the CISO role matters in a retirement system context: he knows the environment, the systems, and the stakeholders. That familiarity is not a small thing when the assets being protected belong to Arizona’s public employees.
Careers Built Inside the Institutions They Now Protect
Taken together, this group represents something worth noting. Several of these leaders built their careers inside the same agencies they now lead, which means their security programs are grounded in real operational knowledge rather than frameworks imported from outside. Others came in from defense, enterprise, or consulting backgrounds and applied that experience to public institutions that needed it. In both cases, the work is the same: protect systems that the public relies on, maintain trust that is difficult to earn and easy to lose, and do it with the resources and constraints that government environments typically provide.
Explore more profiles of the leaders shaping cybersecurity across numerous industries in our CISOs to Watch collection.