Construction, engineering, and industrial manufacturing occupy a unique position in the cybersecurity landscape. Their environments blend corporate IT with operational technology on jobsites, factory floors, and distributed project locations that are difficult to monitor and harder to secure consistently. Many of them hold federal contracts that require CMMC compliance. Several operate globally across dozens of countries. All of them manage sensitive project data, proprietary designs, and supply chain relationships that make them attractive targets. The CISOs in this feature are building security programs inside organizations that build the physical world, and their work reflects the particular challenges of securing environments where the work itself is always moving.
Donnie Hill — Chief Information Security Officer, Kiewit
Donnie Hill stepped into the CISO role at Kiewit in December 2025 after more than eight years at the company, having built his way from senior cybersecurity engineer through security operations manager and senior cybersecurity manager before taking the top security seat. His responsibilities now include enterprise cybersecurity strategy, CMMC and federal compliance readiness under NIST 800-171, security operations, GRC, and vendor strategy across one of the largest construction and engineering companies in North America. Kiewit’s distributed project environments, spanning mining, oil and gas, power, transportation, and federal construction contracts, create a security challenge that most enterprise CISOs do not face: protecting a workforce and infrastructure that is geographically dispersed, constantly changing, and often operating in remote locations far from centralized IT oversight. Before Kiewit, he spent nine years as a cybersecurity engineer at Blue Cross and Blue Shield of Nebraska and nearly seven years as IT and security manager at iSECUREtrac supporting critical government systems for 37 agencies. He also ran Cairn Computing, his own IT and security services practice, for nearly eighteen years alongside his corporate career.
Christopher Chambers — Chief Information Security Officer, Comfort Systems USA
Christopher Chambers has spent nearly seventeen years at Comfort Systems USA in Houston, progressing from network engineer through regional network administrator, systems architect, IT infrastructure manager, director of information security, and VP of information security before stepping into the CISO role in January 2024. Comfort Systems USA provides mechanical, electrical, and plumbing contracting services across hundreds of locations nationwide, a business model that creates a distributed, contractor-heavy technology environment where OT systems, building automation, and corporate IT all converge. His career at a single company across nearly two decades reflects the kind of institutional depth that makes him uniquely equipped to lead security at an organization whose operational complexity is embedded in the physical infrastructure it installs and maintains for clients. Before Comfort Systems, he spent six years as IT manager and network engineer at a Houston law firm. That long single-company progression, from hands-on network engineering to enterprise CISO, is a profile that construction and engineering companies benefit from enormously.
Darrell Jenkins — Chief Information Security Officer, Clayton Homes
Darrell Jenkins has spent more than thirty-two years at Clayton Homes, one of the largest manufactured housing companies in the United States, progressing from computer technician through software developer, IT manager, IT director, director of shared service solutions, senior director of enterprise technology operations, VP of enterprise technology operations and security, and stepping into the CISO role in September 2018. That three-decade-plus arc inside a single organization reflects a security leader whose understanding of Clayton Homes’ systems, culture, and risk environment is as deep as it is possible to develop. He holds a CISM, PMP, ITIL v3 Foundations, and Certified ScrumMaster certification, serves as an advisory board and founding member of TennesseeCISO, and is a governing body member of Gartner C-level Communities. His career began as a customer service representative at Averitt Express and a computer technician at a regional medical center before joining Clayton Homes in the early 1990s. Three decades of building technology and security capability from the inside at a company that builds homes for hundreds of thousands of Americans reflects a career defined by institutional commitment and sustained operational impact.
Eric Schlesinger — Chief Information Security Officer, Parsons Corporation
Eric Schlesinger has served as CISO at Parsons Corporation since 2024, having spent the preceding six years as VP of global security operations at the same company, building operational security capabilities across a complex, multinational defense and infrastructure engineering environment. Before Parsons, he served as CISO at Polaris Alpha, a defense technology firm, and as CIO at Proteus Technologies. His earlier career includes executive director of infrastructure operations at AOL and vice president of global operations at AT&T, spanning eight years across two of the most operationally demanding technology companies of the early internet era. He began his security career as a network security engineer at Johns Hopkins Bayview Medical Center and Kennedy Krieger Institute, and taught as adjunct faculty at Howard Community College for four years. Parsons operates at the intersection of defense, intelligence, and critical infrastructure, designing and building programs that span cybersecurity, missile defense, transportation, and federal facilities, making Schlesinger’s combined defense contractor and enterprise technology operations background directly relevant to one of the more complex security mandates in the engineering sector.
Sam Merrell — Chief Information Security Officer, Kennametal
Sam Merrell leads cybersecurity at Kennametal, a $2.4 billion NYSE-listed industrial manufacturer operating globally, where in 2025 he achieved CMMC Level 2, Cyber Essentials Plus, and TISAX Level 2 in the same calendar year, enabling more than $40 million in regulated and defense-adjacent business. He established the company’s first global SOC, chairs the enterprise AI Steering Committee, and is accountable for cybersecurity disclosures in SEC 10-K filings. Before Kennametal, he spent more than five years as head of cyber intelligence at Covestro, building cyber intelligence and incident response capabilities across more than 30 countries, and chaired the American Chemistry Council Cybersecurity Committee. Before Covestro, he spent nearly seven years at Carnegie Mellon University’s CERT and Software Engineering Institute, co-developing the ES-C2M2 and Cyber Resiliency Review frameworks now adopted across US critical infrastructure sectors, and taught graduate-level cybersecurity at CMU’s Heinz College. He has published and presented at RSA, IEEE, and Dragos ICS and OT security conferences. That combination of critical infrastructure research, global chemical industry security leadership, and industrial manufacturing CISO accountability gives him one of the more substantively credentialed profiles in this feature.
Robert Vazquez — Chief Information Security Officer, STACK Construction Technologies
Robert Vazquez has served as CISO at STACK Construction Technologies in Cincinnati since April 2022, leading security for a construction estimating and takeoff software platform whose data includes project designs, bid documents, and proprietary cost information for construction firms across the country. Before STACK, he served as CISO at the Independent Purchasing Cooperative, the purchasing arm of the Subway franchise system, and as CISO at PLXIS, having built his career from IT support and security analyst roles at the Independent Purchasing Cooperative before stepping into successive CISO roles across different sectors. His background reflects a practitioner who built security expertise from the analyst level upward across franchise operations, retail supply chain, and construction technology, giving him a cross-sector perspective that informs how he approaches security at a SaaS company whose clients are the builders of the physical environment.
Leland Coffey — Chief Information Security Officer, Kirby-Smith Machinery
Leland Coffey has spent nearly eighteen years at Kirby-Smith Machinery, an Oklahoma-based heavy equipment dealer serving the construction and industrial sectors, progressing from system administrator through IT manager, director of data center operations, and stepping into the CISO role in October 2025. Before Kirby-Smith, he spent twenty years in the United States Navy in information technology roles, giving him a military discipline and operational systems background that directly informs how he approaches security at a company whose business depends on the reliability of the equipment and technology systems supporting construction operations across multiple states. His career at Kirby-Smith reflects the pattern that appears throughout this feature: a long-tenured technology professional who built operational depth inside a single company before taking on security leadership, with an institutional knowledge of the environment that cannot be replicated by external hires.
Security in the Construction and Engineering Sector Is Still Catching Up
Construction and engineering have historically lagged behind financial services and healthcare in security program maturity, partly because the physical nature of the work made digital risk feel secondary and partly because the industry’s project-based, distributed model made centralized security governance difficult. The leaders in this feature are changing that, building programs that match the scale and complexity of organizations whose projects span continents, whose federal contracts demand CMMC compliance, and whose OT environments are increasingly connected to corporate networks in ways that create new attack surfaces every day. The work of building secure environments starts with the people responsible for securing the companies that build them.
Discover more CISOs securing the construction industry worldwide:
- CISOs to Watch in Spain’s Construction Industry
- CISOs to Watch in France’s Construction Industry
- CISOs to Watch in German Construction
- CISOs to Watch in Austria’s Construction Industry
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.