Higher education cybersecurity in Oregon spans flagship research universities, regional public institutions, urban community colleges, and small liberal arts campuses. The CISOs in this feature are protecting student records, research data, financial aid systems, and the open academic networks that make all of it harder to secure. Their backgrounds are varied, their institutions different in scale and mission, and their programs reflect what it actually takes to build security inside environments where openness is a cultural value and the user population changes every year.
José DomÃnguez — Chief Information Security Officer, University of Oregon
Thirty-two years at the University of Oregon precede José DomÃnguez’s current CISO role, covering a progression from network engineer through senior network engineer, network architect and assistant director for network engineering, director of information security services and information assurance, and two years as interim CISO before stepping into the permanent role in November 2023. That arc, from foundational network engineering in 1994 through every layer of the institution’s technology and security stack over three decades, reflects an institutional fluency that external hires cannot replicate. His approach centers on treating technology and people as part of a symbiotic environment, a philosophy shaped by years of working directly with the academic community he now helps protect.
David McMorries — Chief Information Security Officer, Oregon State University
David McMorries spent nearly twenty-nine years as an operational communications officer in the United States Marine Corps before transitioning into civilian cybersecurity leadership, a background that shapes how he approaches security governance, team leadership, and operational complexity at Oregon State University, where he has served as CISO since April 2019. Between his Marine Corps retirement and joining OSU, he spent ten months as a lead associate at Booz Allen Hamilton and briefly served as deputy CISO for the State of Oregon. He also taught introductory IT at George Mason University as an adjunct instructor. The discipline and cross-functional leadership experience of nearly three decades in military communications, including service across worldwide locations, informs how he now leads security at a major land-grant research university with a complex and distributed technology environment.
Michael Ellis — Chief Information Security Officer, Western Oregon University
Michael Ellis has spent more than twenty-five years at Western Oregon University, starting as a student programmer and moving through residential computing manager, assistant director of computing services, and interim director before stepping into the CISO role in November 2024. His technical depth spans Cisco networking and security, Oracle and PL/SQL database programming, web application development, access control systems, and enterprise monitoring, giving him a grounded operational understanding of the infrastructure he now leads from a security perspective. His profile reflects a career built by someone who stayed inside a single institution long enough to watch it change across multiple technology generations and then became responsible for securing it. At a regional university operating with lean resources, that kind of institutional continuity is a genuine strategic asset.
Josh Goessler — Chief Information Security Officer, Portland Community College
Josh Goessler stepped into the CISO role at Portland Community College in April 2025 after nearly twenty years at the same institution, progressing from computing technology specialist through technology support analyst, cybersecurity specialist, and information security technical manager. That internal progression reflects an approach to security that he describes clearly: building programs that are practical and grounded in people, embedding governance and response maturity into the institution’s culture rather than applying controls from the outside. Community college security is its own discipline, serving a student population that is diverse in age, technical literacy, and life circumstances, and doing it with resources that rarely match those of four-year institutions. Goessler has spent two decades developing the institutional knowledge and community trust that effective security in that environment requires.
Gary Sandine — CISO and Computing Infrastructure Services Associate Director, Portland State University
Before joining Portland State University, Gary Sandine spent more than eleven years at Los Alamos National Laboratory and the New Mexico Consortium, working as a senior systems analyst and scientist in one of the most security-sensitive research environments in the country. He joined Portland State in 2016 as Linux platform team technical manager, then moved through associate director roles covering Linux, middleware, databases, and computing infrastructure before adding the CISO title in April 2023. That progression from national laboratory systems work through infrastructure management to security leadership inside a single urban research university gives him a technical depth that is uncommon in higher education security roles. His dual mandate covering both CISO responsibilities and computing infrastructure services reflects the operational integration that effective security requires in a complex university environment.
Brian King — Chief Information Officer and Chief Information Security Officer, Pacific University
Brian King has spent more than three years at Pacific University, moving from IT director through senior IT director before stepping into the combined CIO and CISO role in September 2025. His path to the dual executive seat ran through hands-on technology management inside the same institution, giving him direct knowledge of Pacific’s systems, staff, and operational needs before he took on full technology and security leadership. Holding both the CIO and CISO mandates simultaneously at a small liberal arts university reflects the operational reality of higher education security at that scale: the boundaries between technology strategy and security accountability are not separate functions but a single integrated responsibility that one leader has to carry across all of it.
What Oregon’s Higher Education Security Leaders Share
Several of the leaders in this feature built their entire careers inside the institutions they now lead from the security seat. Others arrived from national laboratories, military service, or state government with experiences that translate directly into the complexity of securing academic environments. In both cases, the common thread is a commitment to security that is grounded in the mission of the institution rather than the demands of the compliance calendar. In higher education, where that distinction matters considerably, Oregon’s campuses are in capable hands.
Discover more CISOs securing higher education:
- Missouri’s Academic Security Leaders: The CISOs to Watch Across the State’s Higher Education Landscape
- Where Arizona’s Higher Education CISOs Are Setting the Standard
- CISOs to Watch in the State of New York’s Higher Education Industry
- Cybersecurity Leaders to Watch in Massachusetts’ Higher Education Industry
- Cybersecurity Leaders to Watch in Florida’s Higher Education Sector
