Oregon’s public sector cybersecurity landscape spans state agencies, major cities, and counties of vastly different sizes and resources. The cybersecurity leaders in this feature hold a range of titles, some are CISOs, some are CIOs with direct cybersecurity accountability, and one is a chief information risk officer, but all of them are responsible for protecting government systems that Oregon residents depend on every day. Their work covers everything from statewide security governance to ransomware recovery in a rural county, and it reflects the full complexity of what public sector security leadership actually demands.
Ben Gherezgiher — Chief Information Security Officer, State of Oregon
Ben Gherezgiher has spent more than a decade working at the intersection of public safety and information technology before becoming Oregon’s state CISO in July 2022. He served as CIO for public safety and defense at Oklahoma’s Office of Management and Enterprise Services for more than six years, directing IT services for state public safety agencies and affiliated county, city, and tribal public safety organizations, before returning to Oregon as CIO for state public safety under the Office of the State CIO. His background of more than twenty-five years in public safety IT, covering telecommunications, law enforcement systems, and defense-aligned technology, gives him a grounding in the operational stakes of government security that shapes how he approaches statewide cybersecurity governance. He holds a CISM certification and a degree in computer engineering from the University of Oklahoma.
Christopher Paidhrin — Chief Information Security Officer, City of Portland
Nearly eleven years at the City of Portland, including almost a decade as CISO, make Christopher Paidhrin one of the longer-tenured municipal security leaders in the state. His work centers on NIST CSF-aligned governance, continuous process improvement, and building information risk prevention and mitigation capabilities across a city government where the stakeholder landscape spans elected officials, legal, human resources, risk management, and regional law enforcement partners. He received the Portland SIM CISO of the Year award in 2021 and the MS-ISAC Leadership Recognition Award in 2025 for exemplary contributions to the community. He has served on the Portland ISSA board for a decade and speaks publicly on GenAI threats, cybersecurity careers, and cyber insurance. His philosophy is grounded in mentorship over networking and knowledge sharing over self-promotion, which reflects how he has built community engagement alongside his institutional security work.
Kristine Cornett — IT Director and Chief Information Risk Officer, State of Oregon OHA/ODHS
Kristine Cornett leads the Information Security and Privacy Office for two of Oregon’s largest and most data-sensitive agencies, the Oregon Health Authority and the Department of Human Services, a combined operation that handles health and social services data for millions of Oregon residents. Before stepping into this IT director and chief information risk officer role in August 2022, she spent five years as director of cyber security services and GRC at Oregon’s statewide Cyber Security Services division, and before that served as senior program project manager in the Enterprise Security Office. Her career has been built entirely inside Oregon state government security, giving her a depth of institutional knowledge across the state’s regulatory environment, compliance frameworks, and agency-specific risk profiles that informs how she now governs information security and privacy for two of its most operationally complex agencies.
Anthony Clem — Chief Information Officer, Oregon Department of Emergency Management
Anthony Clem is a former CISO now serving as CIO at the Oregon Department of Emergency Management, a combination of backgrounds that is directly relevant in an agency where security and operational resilience are the same thing. His dual background as both a CIO and a CISO shapes how he approaches the intersection of digital transformation and security governance, and he frames his work around what he calls safe acceleration: driving aggressive digital growth while ensuring the foundation is architecturally sound and resilient to modern threats. His current mandate at OEM includes leading multimillion-dollar IT initiatives, ensuring compliance with state cybersecurity requirements, advising IT governance committees on risk and investment priorities, and strengthening the operational resilience that supports statewide emergency response. The former CISO perspective is not incidental to that work. It is the lens through which he evaluates every technology decision the agency makes.
Luke Ross — Chief Information Officer, Washington County
Luke Ross oversees four divisions at Washington County, Oregon, including Information Security, alongside Infrastructure and Operations, Enterprise Systems, and the Project Management Office. His twenty-seven years in information technology, including nineteen in public sector leadership, give him a grounded perspective on what it means to carry cybersecurity accountability inside a CIO mandate rather than as a separate function. He came up through the county’s own technology organization, having served as IT infrastructure and operations manager before stepping into the CIO role in October 2023, and his focus on strengthening cybersecurity alongside generative AI adoption and systems modernization reflects an integrated approach to technology governance rather than treating security as a separate lane.
Philip Dickson — Chief Information Officer, Curry County
Philip Dickson took on the CIO role at Curry County in September 2023 and immediately found himself leading one of the most difficult assignments in local government technology: recovery from a significant ransomware incident that had struck the county. He directed the stabilization, rebuilding, and modernization of core infrastructure, restored critical services, and implemented stronger security practices designed to prevent recurrence, all while managing the operational realities of a rural county with limited resources and a broad service mandate covering law enforcement, emergency response, finance, public works, elections, and records management. That experience, managing an active ransomware recovery while simultaneously building a more resilient foundation, is the kind of operational pressure test that shapes a technology leader’s approach to security in lasting ways. He is now organizing the Curry County Cybersecurity Summit to bring together county leadership, special districts, and technology professionals across the region to share practical strategies for strengthening security and resilience. His profile is a direct argument for why cybersecurity experience matters at every level of government, not just the state level.
Richard Rylander — Chief Information Officer, Oregon Department of Justice
Richard Rylander has spent twenty-seven years at the Oregon Department of Justice, starting as a technology support analyst, spending nearly a decade as information security officer, moving into enterprise technology services management, and stepping into the CIO role in May 2019. His security foundation shapes everything about how he approaches technology leadership at an agency where sensitive legal data, privacy obligations, and federal compliance requirements including IRS Safeguards standards are constant operational realities. During his tenure as ISO, he developed the first national multi-agency collaborative federal tax information group for meeting IRS Safeguards security standards, a contribution that extended Oregon’s security work beyond state borders. Twenty-seven years of continuous service inside a single agency that handles some of the most sensitive data in Oregon government reflects a career defined by institutional commitment and security-first technology leadership.
Oregon’s Government Security Leaders Are Doing the Hard Work
Public sector cybersecurity does not offer the resources of a Fortune 500 budget or the flexibility of a private sector culture. It operates under public scrutiny, regulatory constraint, and the weight of accountability to residents who have no choice but to trust the systems these leaders protect. The people in this feature are meeting that responsibility across state agencies, a major city, and counties ranging from the Portland metro to a rural coastal community that spent the past two years rebuilding from a ransomware attack. That range of environments and that shared sense of public accountability is what Oregon’s government security community is built on.
Discover more cybersecurity leaders securing various levels of government units:
- CISOs to Watch in Illinois’ Government Administration
- CISOs to Watch in Georgia’s Government Administration
- CISOs to Watch in North Carolina’s Government Administration
- CISOs to Watch in Florida’s Government Administration
- CISOs to Watch in Maryland’s Government Administration
- CISOs to Watch in the State of New York’s Government Administration
