Manufacturing and engineered technology companies face a security challenge that differs meaningfully from software-first organizations. Their attack surface spans corporate IT, product security for devices that ship to customers, operational technology on factory floors, and increasingly, the convergence of physical and digital systems in everything from gaming hardware to data center infrastructure. The CISOs in this feature are protecting companies that build the physical world’s technology, and their programs reflect what security looks like when the product itself, not just the data behind it, is part of what has to be defended.
Lance Harris — CISO and SVP, IGT
Lance Harris joined IGT as CISO in July 2025, leading cybersecurity, physical security, and identity and access management following the acquisition and merger of International Game Technology and Everi Holdings under Apollo Global Management. Before IGT, he spent more than six years as SVP and CISO at Everi Holdings, growing the security team from two people into a full organization covering application and product security, physical security, vulnerability management, data loss prevention, incident response, and IAM across a company manufacturing ATMs, POS devices, payment processing systems, and casino gaming technology. His team completed multiple SOC 2 certifications and improved the PCI-DSS Level 1 QSA review process for certification of more than 3,000 ATMs and POS units. Before Everi, he built Esurance’s first full IT security program and managed the global vulnerability management program at eBay. His earlier career includes security roles at Mastercard, Qualys, Copart, and a SOC supervisor position supporting the National Nuclear Security Administration through Raytheon. That progression from federal nuclear security through major financial and technology platforms to gaming hardware manufacturing reflects a career built on protecting systems where the consequences of failure are measured in regulatory, financial, and operational terms simultaneously.
Mike Orosz — CISO and Global Head of Product Security, Vertiv
Mike Orosz was recruited to Vertiv, a $13 billion-plus public AI infrastructure company, in 2020 to build and lead global security strategy, accountable for enterprise security, product security, and key IT infrastructure pillars. He manages a global fusion team of 130 spanning product security engineering, security operations, IT security engineering, business continuity, and architecture, and holds active Top Secret clearance as the company’s designated Facility Security Officer. His product security work includes architecting the engineering security strategy for AI-ready data center products serving hyperscaler clients, and his program has achieved Mandiant CMMI 4 rating, ISO 27001 certification, ISO 22301 business continuity certification, and UL 2900 and IEC 62443 OT secure standards certification. Before Vertiv, he spent five years as senior director of global cyber and physical security at Citrix, a year as VP and global compliance officer at Citi, three years as principal of threat intelligence at Battelle, and three years leading Europe and Africa watch operations at L3Harris Technologies. He began his career with ten years of active duty and reserve service in US Army intelligence, security, and analytics. That foundation in military intelligence and global threat analysis now informs how he protects critical infrastructure technology that hyperscale data centers depend on to operate.
Mike Conley — CISO, Industrial Scientific and Intelex Technologies
Mike Conley has served as CISO for Industrial Scientific and Intelex Technologies, operating companies of Fortive Corporation, since October 2017, directing 24/7 data protection and privacy operations and global IT operations for both organizations, which manufacture gas detection instruments and environmental health and safety software respectively. Before stepping into the CISO role, he spent two and a half years as IT security manager at the same company. His earlier career includes more than four years as IT security manager at United States Steel Corporation, preceded by five years as application architect and five years as application developer at the same company, giving him fifteen years of progressive technical and security depth inside one of America’s most storied industrial manufacturers before moving to instrumentation and safety technology. He was named the 2023 Pittsburgh CISO of the Year in the Megabyte category by the Pittsburgh Technology Council and is an active member of the Greater Pittsburgh CISO Group. That twenty-five-year arc from software engineering through steel manufacturing security to safety instrumentation CISO reflects a career built on protecting physical industrial systems long before it became fashionable to call that work cybersecurity.
Leslie Kershaw — CISO, IonQ
Leslie Kershaw joined IonQ as CISO in January 2026, establishing and leading the end-to-end information and product security strategy for a company building quantum computing and quantum platform capabilities, where the intellectual property and safety-critical services demand security commensurate with the most sensitive technology being developed in the country today. Before IonQ, she spent fourteen months as CISO and CIO at Capella Space, achieving 100 percent regulatory audit readiness for CMMC2 and delivering a secure, scalable IT roadmap supporting Capella’s satellite data infrastructure with 90 percent system uptime. Before Capella Space, she served as cyber technical director for Space Delta 6 in the United States Space Force, directing cybersecurity strategy for more than $15 billion in mission-critical space and satellite systems spanning more than 40 global nodes, reducing system vulnerabilities by 65 percent over eighteen months, and leading cross-functional teams of more than 80 cybersecurity professionals. Earlier in her career, she spent more than nine years at the National Security Agency, including a role as senior cyber liaison to the Department of Homeland Security where she helped coordinate the federal response to the Office of Personnel Management breach, and eight years as deputy division chief directing cyber operations across four geographically distributed sites supporting more than $500 million in IT and cyber infrastructure. She co-founded the Colorado chapter of the Military Cyber Professionals Association and serves on the board of Space ISAC. That career, built across national security space operations, satellite infrastructure, and now quantum computing, reflects a security leader whose entire professional life has been oriented toward protecting the technologies that will define the next generation of national security and computing infrastructure.
Rob Collins — CISO, Jabil
Rob Collins joined Jabil, one of the world’s largest electronics manufacturing services companies, as CISO in July 2025. His path to Jabil ran through more than a decade of progressively senior federal CISO roles. He served as CISO at AGCO Corporation, a global agricultural equipment manufacturer, for nearly four years before that, and before AGCO spent more than four years as CISO at the Social Security Administration, managing security for an agency responsible for the personal and financial data of virtually every American. Before SSA, he served more than three years as CISO and director of information security at the Indian Health Service, and before that held compliance branch chief and risk and compliance lead roles at the FDA spanning more than five years. His earliest security work included a tiger team role at the US Department of State. That fourteen-year federal security career, spanning agencies responsible for healthcare delivery to underserved populations, the nation’s social safety net, and pharmaceutical regulation, now informs how he approaches security at a global manufacturing company whose supply chain touches electronics production across dozens of countries. The combination of deep federal regulatory experience and recent industrial manufacturing leadership at AGCO gives him a security governance perspective shaped by both public accountability and private sector operational complexity.
Gang Tong — CISO, ThorLabs
Gang Tong has served as CISO at ThorLabs, a global manufacturer of photonics and optical equipment, since 2024. Before ThorLabs, he spent three years as executive director of cyber defense and fraud at JPMorgan Chase, responsible for architecture, engineering, risk and controls, and operations across network telemetry, malware detection, full packet capture forensics, network security, and email security functions at one of the world’s largest banks. Before JPMorgan, he spent two years as director of information security and business technology strategy at Freddie Mac, leading cloud and data center consolidation initiatives and enterprise identity and access management governance. Earlier, he spent five years at MUFG Union Bank as global head of IAM architecture and engineering and VP of architecture and shared services, and nine years at Avaya in senior architecture and management roles covering identity and access management, web technology, and enterprise service bus architecture following large-scale M&A integration. He began his career as a software engineer at BEA Systems. That twenty-year arc through telecommunications, banking, and government-sponsored enterprise security, with deep specialization in identity and access management, now shapes how he protects a precision optics and photonics manufacturer whose intellectual property in laser and optical technology requires the same rigor he applied to some of the world’s largest financial institutions.
David Magee — CTO and CISO, Turtle and Hughes
David Magee has served as CTO and CISO at Turtle and Hughes, an electrical distribution and supply chain solutions company, since August 2021, combining technology strategy and security accountability into a single executive mandate. Before Turtle and Hughes, he spent nearly seven years as CTO at Atrion Communications Resources, providing clients with technology vision spanning strategic planning through tactical implementation and guiding production network and security service delivery. Before Atrion, he spent more than nine years at Telerx Marketing across VP of infrastructure and CTO and director of network services roles, managing more than 60 engineers and a $20 million budget supporting six US and three international operational centers with $220 million in total company revenue. His nearly thirty-year career in IT management across commercial, regulated, and public sector industries reflects a technology executive who built deep operational and infrastructure expertise before combining it with security accountability, a pairing that increasingly defines how mid-market manufacturing and distribution companies structure their technology leadership.
Manufacturing Security Protects More Than Data
The companies in this feature build gaming hardware, data center infrastructure, industrial safety instruments, quantum computers, electronics, optical equipment, and the electrical systems that power distribution networks. Their security leaders are not just protecting databases. They are protecting the integrity of products that customers depend on to function correctly, safely, and securely once they leave the factory floor. That responsibility, extending security accountability into the physical world, is what distinguishes manufacturing and engineered technology security from most other sectors, and the leaders in this feature carry that weight in environments where a security failure can mean more than a data breach. It can mean a product that does not work the way it was promised to.
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.