Higher education is one of the more punishing environments in cybersecurity. The user population is enormous and transient, the research data is sensitive and often federally regulated, the networks are deliberately open by academic tradition, and the budgets rarely match the threat surface. The security leaders at Arizona’s universities and colleges are navigating all of that, and in some cases building programs that other institutions have adopted as models.
Lester Godsey — Chief Information Security Officer, Arizona State University
Thirty years in IT is a long time. Most people who start that deep in infrastructure end up staying there. Lester Godsey didn’t. He moved steadily toward security leadership, spent five years as CISO at Maricopa County, including a four-month stretch as interim CIO for the fourth largest county in the United States, and joined ASU as CISO in late 2024. He teaches as adjunct faculty in ASU’s Cybersecurity Hands-On Program and advises SibylSoft on cybersecurity product strategy, go-to-market execution, and investor readiness. The combination of enterprise government experience, academic engagement, and active industry advisory work gives him a profile that is broader than the title suggests.
Mike Manrod — Chief Information Security Officer, Grand Canyon Education
Mike Manrod has been CISO at Grand Canyon Education since 2019 and teaches malware analysis at Grand Canyon University as adjunct faculty, which is an unusual combination that reflects genuine technical depth alongside leadership responsibility. He is candid about the threat landscape his sector faces. Initial access brokers, he has noted publicly, are delivering password-protected zip files that mount ISOs, which launch scripts, which download malware payloads, and he argues that playbooks need to be updated to address those specific delivery mechanisms rather than treating them as variations on familiar themes. That kind of specificity is more useful than general threat awareness, and it shapes how his team approaches defense.
Rob Gibbs — Chief Information Security Officer, Cochise College
Before arriving at Cochise College in 2020, Rob Gibbs spent nearly thirteen years as VP of information technology at Reynolds and Reynolds, where he built an internal security operations center, implemented an information security program aligned with GLBA compliance requirements, and achieved SOC 2 and PCI DSS certification. Earlier in his career he managed software development programs for the Department of Defense, DARPA, and the federal intelligence community. He is currently pursuing a master’s degree in cybersecurity at Georgia Tech. Bringing that level of enterprise and defense-sector experience to a community college in Sierra Vista is not a typical career move, and the institution is better for it.
Chris Graver — Chief Information Security Officer, Northern Arizona University
Chris Graver was promoted to CISO at Northern Arizona University in March 2026 after more than three years as director of information security there, and his roots at NAU run deeper than most: he has been with the university for nearly twenty-six years, starting in application development roles before moving into security leadership. That progression from developer to security director to CISO inside a single institution gives him a level of environmental fluency that external hires rarely bring. He knows how the systems were built, who built them, and where the gaps are. In a university environment, that kind of institutional knowledge is a genuine operational advantage.
Lonnie Benavides — Chief Information Security Officer, Chegg
Lonnie Benavides arrived at the CISO role through a path that most security executives haven’t traveled: Air Force information warfare, Boeing red team lead, penetration testing at JPMorgan Chase, security operations and vulnerability management at DocuSign, and VP of global cybersecurity operations at McKesson. He also served as head of security engineering at OneLogin, a role that sits squarely at the intersection of identity and enterprise security. He joined Chegg as CISO in September 2024. His approach centers on implementing security solutions that are smart and cost-effective rather than expensive and performative, a philosophy shaped by years of offensive security work where understanding the attacker’s perspective is the starting point.
Building Security Programs That Last in Arizona’s Academic Sector
The common thread in this group is not credential accumulation or title progression. It is program-building under constraint. Each of these leaders has had to make meaningful security improvements in environments where open access is a cultural value, budgets are tight, and the user population does not behave like a corporate workforce. That is genuinely hard work, and the fact that several of them have built programs that serve as models for peer institutions says something about how seriously they have approached it.
Explore more profiles of Arizona leaders shaping cybersecurity: