California’s county and city governments operate some of the most complex public sector technology environments in the country. Their CISOs are responsible for protecting essential services, sensitive resident data, law enforcement systems, and the digital infrastructure that keeps local government running. The leaders in this feature come from counties and cities of very different sizes, but they share a common challenge: building resilient cybersecurity programs inside organizations where public trust, operational continuity, and regulatory demands all matter at once.
Andrew Alipanah — Chief Information Security Officer, County of Orange
Andrew Alipanah is chief information security officer for the County of Orange, where he leads cybersecurity at one of California’s largest county governments. Before stepping into the top security role in August 2023, he served as the county’s cybersecurity operations manager, giving him direct experience in the county environment before taking responsibility for the broader security program. That progression reflects a career built inside local government technology and security operations.
Alipanah’s background combines county and city experience across Southern California. Before returning to the County of Orange in a leadership capacity, he briefly served as chief innovation security officer at the City of Riverside. Earlier roles included work as a senior information technologist at the Orange County Probation Department and as an IT specialist with the City of Brea, where he supported municipal environments and managed infrastructure and project work for multiple cities. That mix of county, city, and departmental experience gives him a practical understanding of the operational realities local governments face when securing public systems.
Robert Pittman — Chief Information Security Officer, County of Los Angeles
Robert Pittman is chief information security officer for the County of Los Angeles, where he is responsible for the countywide information security program in the nation’s largest county. His role includes leadership across information security and privacy, cyber incident response, intelligence gathering, partnerships with law enforcement, and support for the countywide Computer Emergency Response Team. The scale of Los Angeles County makes the position especially significant, with cybersecurity responsibilities tied to one of the largest and most complex local government environments in the United States.
Pittman’s profile reflects long-running leadership in county government security, with emphasis on policy and standards development, incident management and response, compliance, awareness, and departmental mentoring. His work also includes collaboration with federal intelligence and law enforcement partners, along with countywide subprograms focused on security culture and recognition. A cited leadership profile describes him as having provided program development and administrative leadership in the county for nearly two decades, underscoring the depth of his role in shaping Los Angeles County’s security posture over time.
Brendan Daly — Chief Information Security Officer; Deputy Director, IT Architecture and Engineering, City of San Diego
Brendan Daly is chief information security officer and deputy director of IT architecture and engineering for the City of San Diego. In that role, he leads the city’s information security policies, standards, and procedures while also overseeing engineering and architecture functions tied to managed service providers, cloud and data center services, workplace systems, applications, and the city’s security operations center contract. His remit also includes vulnerability and risk assessments, investigations, executive briefings, awareness programs, and cybersecurity budget planning.
Daly’s path to the role shows a steady build through the City of San Diego’s technology organization. Before becoming chief information security officer in 2024, he served as interim CISO, cybersecurity program manager, and earlier in leadership roles tied to cybersecurity and data center services for a major city law enforcement organization. Across those positions, he worked on citywide vulnerability assessments, compliance with PCI, PII, HIPAA, and CJIS requirements, managed security strategy and controls, and coordinated with local, state, and federal partners on cybersecurity matters. His career reflects a blend of operational IT leadership and public sector security governance shaped inside one municipal environment over many years.
Jaime Schrepfer — Chief Information Security Officer, County of El Dorado
Jaime Schrepfer is chief information security officer for the County of El Dorado, where she moved into the role after serving as an information security analyst within the county. That recent progression shows a leader who has already worked directly inside the county’s security operations, including monitoring and responding to alerts and incidents, documenting governance and compliance processes, and conducting third-party software security reviews tied to the county’s risk appetite and standards.
Schrepfer’s background combines public sector work with hands-on experience in security operations, vendor risk, and endpoint security. Before joining the county, she worked as an information security specialist at Cobham Advanced Electronic Solutions and previously held desktop management, security, and consulting roles at California State University, Monterey Bay. Her experience spans incident response, vulnerability management, social engineering awareness, process documentation, third-party risk review, and technical support in institutional environments. That combination gives her a grounded perspective on how security programs are built from operational detail upward.
Anthony Chogyoji — Chief Information Security Officer, County of Riverside
Anthony Chogyoji is chief information security officer for the County of Riverside, where he leads enterprise information security, governance, compliance, risk management, and cyber operations. His tenure in Riverside County stretches back to 2008, and before becoming CISO in 2018 he served as deputy chief information security officer and earlier as a departmental information security officer. That long progression inside the same county government points to deep institutional knowledge and a direct role in shaping the county’s security program over time.
Chogyoji’s work in Riverside has included incident response, digital forensics, governance and compliance leadership, policy and standards development, security portal creation, and the rollout of enterprise security capabilities such as multifactor authentication, log management, and web filtering. Before joining county government, he served as head of information security at Stater Bros. Markets, where he was responsible for major compliance efforts involving SOX 404, PCI DSS, and HIPAA. His background blends public sector security leadership with private sector experience in audit, compliance, and enterprise controls, making him one of the more established cybersecurity leaders in California county government.
Stormy Maddux — Associate Chief Information Security Officer, County of Santa Clara
Stormy Maddux is associate chief information security officer for the County of Santa Clara, bringing decades of government technology and security experience to the role. Before joining Santa Clara County in 2020, Maddux spent more than 20 years with the County of San Mateo, including nearly 14 years as chief information security officer. In San Mateo, Maddux was responsible for the development and delivery of a comprehensive information security program, coordinated policy and procedure development, led security education and training efforts, and served as the county’s HIPAA security officer.
That earlier CISO tenure makes Maddux one of the more experienced local government security leaders on this list. The career path also includes network services supervision, systems engineering, and earlier public sector roles with the California Public Utilities Commission. Across those positions, Maddux built a background spanning infrastructure, application administration, data center operations, identity and access management, and countywide security governance. Santa Clara County benefits from a leader whose experience combines long-term security program ownership with the operational knowledge needed to support large public institutions.
Where local government security leadership is expanding
County and city governments in California are facing a cybersecurity environment that is only getting more demanding. These leaders show how local government security now requires more than technical oversight alone. It calls for policy development, interagency coordination, executive communication, incident response planning, and the ability to protect public services in highly visible environments. As counties and cities continue modernizing systems and expanding digital services, leaders like these will play an increasingly central role in how local government earns and keeps public trust.
Explore more profiles of the leaders shaping cybersecurity across numerous industries in our CISOs to Watch collection.