California’s automotive sector is being reshaped by electrification, connected systems, software-defined vehicles, and increasingly complex supply chains. That puts unusual pressure on CISOs, who now have to think beyond corporate IT and address product environments, manufacturing systems, cloud platforms, third-party risk, and the resilience of fast-moving engineering organizations. The executives in this feature reflect that shift, with backgrounds that span enterprise infrastructure, cloud operations, product security, and large-scale cybersecurity leadership across some of the best-known technology and mobility companies in the market.
Steve Dean — Chief Information Security Officer, Lucid Motors
Steve Dean is chief information security officer at Lucid Motors, where he leads cybersecurity for one of California’s most prominent electric vehicle makers. He stepped into the role in 2025 after serving as vice president of information technology and CISO at Astra, where he oversaw infrastructure services spanning IT, development operations, technical operations, and information security. Earlier, he held senior leadership positions at Cloudera, Hortonworks, Proofpoint, RealNetworks, and EarthLink, building a career around large-scale infrastructure, cloud platforms, product operations, and enterprise security. That combination of deep operational experience and long-running security leadership makes him well suited to an automotive company operating at the intersection of manufacturing, software, and mission-critical innovation.
Mike Johnson — Chief Information Security Officer, Rivian
Mike Johnson serves as CISO at Rivian, bringing a background that spans cloud infrastructure, transportation technology, enterprise software, and long-standing security leadership. Before joining Rivian in 2023, he was CISO at Fastly and earlier held the same role at Lyft, giving him experience leading security programs inside organizations built around scale, uptime, and constant product evolution. He also spent nearly a decade at Salesforce, where he rose from director of information security to senior director of detection and response, and he continues to be active in the broader security community through roles such as co-host of the CISO/Security Vendor Relationship Series and board member at The Shadowserver Foundation. His background reflects a security leader with experience in both cloud-first technology environments and transportation platforms, a relevant mix for Rivian’s software-heavy automotive model.
Stephen Roberts — Chief Information Security Officer, American Honda Motor Company
Stephen Roberts is CISO at American Honda Motor Company, where he leads cybersecurity for one of the most established automotive brands operating in California. He has spent much of his career inside the Honda organization, serving in his current role since 2019 after earlier leadership posts that included assistant vice president of systems innovation, development, and support at American Honda Finance Corp., senior manager of technical services, and manager of infrastructure engineering and design. Before Honda, he held infrastructure and network leadership roles at Herbalife, ALLTEL Information Services, and California Federal Bank. That long tenure across infrastructure, systems support, and enterprise technology gives him a practical understanding of how to lead security in a large, complex automotive environment with both operational and financial systems at scale.
Tom Spencer — Vice President and Deputy CISO, Toyota North America
Tom Spencer is vice president and deputy CISO at Toyota North America, where he helps lead cybersecurity strategy for one of the industry’s most significant automotive organizations. He has been in the role since 2022, following a long tenure at Qualcomm where he served as director of cybersecurity for more than 17 years. His earlier background also includes consulting, software engineering, and infrastructure work, giving him a broad technical base that spans security hardening, network design, systems administration, and enterprise defense. In addition to his Toyota role, he serves as vice chair of the board at Auto-ISAC and chairs its CISO working group, placing him at the center of information-sharing and coordination efforts across the automotive sector.
Security leadership is becoming central to how automakers operate
The leaders in this feature reflect how cybersecurity in the automotive industry now reaches into every part of the business, from enterprise systems and cloud platforms to supply chains, product environments, and mobility services. In California especially, where automotive companies often overlap with software, EV, and advanced manufacturing ecosystems, the strongest security leaders are the ones who can help organizations move fast without losing control of risk. These executives are part of that shift, helping define what trusted growth looks like in a sector where digital systems are now core to the product itself.
Explore more profiles of the leaders shaping cybersecurity across numerous industries in our CISOs to Watch collection.