California’s aviation, aerospace, and defense sector depends on security leaders working across highly sensitive environments where innovation, national security, safety, and resilience all intersect. The people in this feature come from electric aviation, defense technology, military and civilian space systems, naval cybersecurity, and aerospace manufacturing. Their backgrounds span enterprise risk, classified programs, cyber operations, regulatory compliance, security architecture, incident response, and the buildout of cybersecurity programs designed to support complex mission-driven organizations.
Ray Cotton — Chief Information Security Officer, Archer
Ray Cotton is chief information security officer at Archer, where he now leads cybersecurity in an aviation company building in one of California’s most technically demanding sectors. His background includes more than two decades in cybersecurity, technology risk, and global operations, with experience across transportation, financial services, technology, and enterprise resilience. His profile highlights expertise in incident response, disaster recovery, regulatory compliance, third-party risk, operational resiliency, and crisis management.
Before joining Archer, Cotton spent more than seven years at Wells Fargo in an executive director role focused on technology control across information technology infrastructure, risk, and cybersecurity. Earlier roles at Capital One, Riverbed Technology, and Lumber Liquidators added experience in innovation, insider threat work, investigations, business continuity, secure logistics, and global security and risk leadership. His career also includes strategic advisory work with cybersecurity and AI startups, along with academic involvement at Brown University, where he contributed to courses covering advanced computer security, privacy, and future cybersecurity policy and technology.
Michael Cardoza — Head of Cybersecurity, Supernal
Michael Cardoza is head of cybersecurity at Supernal, where he was brought in to build the company’s cybersecurity program and team as it develops electric vertical take-off and landing aircraft mobility solutions. In the role, he has focused on supporting strategic business goals through risk reduction, automation, and next-generation tools and services. His work includes security strategy, threat assessment, incident response coordination, and the development of a secure operating environment across the enterprise.
Before Supernal, Cardoza built the cybersecurity program at the Orange County Transportation Authority after a significant breach and ransomware incident, leading strategic planning and enterprise cybersecurity initiatives while creating the organization’s risk management and compliance program. His background also includes service as a cyber operations officer and systems integration officer in the California Air National Guard, along with an information systems security manager role at Boeing, where he worked on enterprise networks, risk management framework compliance, insider threat programs, change management, and continuous monitoring for defense-related systems.
Matthew Myhra — Chief Information Security Officer, Space Systems Command
Matthew Myhra is chief information security officer at Space Systems Command, where he executes enterprise cybersecurity and information security programs across space and missile mission areas, including satellite and ground systems. In the role, he oversees risk tolerance management, proactive cybersecurity planning, adaptive response, and the implementation of risk management framework standards across the defense contractor portfolio. His work also includes analyzing the threat landscape and recommending responses to nation-state threats against United States defense space systems and assets.
Myhra’s earlier roles within the Space and Missile Systems Center included information and industrial security program manager, foreign disclosure officer, and chief of security for the space launch systems enterprise, where he oversaw contractor security compliance, program protection planning, foreign military sales disclosures, and cybersecurity requirements tied to frameworks such as FISMA, NIST, DFARS, and ISO standards. His background also includes leadership in emergency services and disaster response planning in Afghanistan, along with multiple security management roles in the Air Force Materiel Command, where he worked across personnel, industrial, information, and operational security.
Mark Compton — Command Information Security Officer, NAVWAR
Mark Compton is command information security officer at NAVWAR, where he has served since 2018 after nearly a decade in program management roles within the organization. His work sits at the center of Navy cybersecurity, where NAVWAR develops and sustains information warfighting capabilities across domains stretching from seabed to space and through cyberspace. His profile reflects a long career that combines cybersecurity leadership, program management, military service, and technology transition work.
Before taking on his current role, Compton held leadership positions at Trex Enterprises and spent more than 27 years in the United States Navy in operational and program management posts. The material provided emphasizes both his cybersecurity leadership and his broader influence on workforce development, regional cyber initiatives, and public-private collaboration in San Diego. His name is also tied to efforts around cybersecurity innovation, training, and ecosystem-building, alongside the command’s role in advancing secure software delivery, cyber readiness, and technical authority for the Navy.
Joe McCaffrey — Vice President, Corporate Technology and Chief Information Security Officer, Anduril Industries
Joe McCaffrey is vice president, corporate technology and chief information security officer at Anduril Industries. He first became chief information security officer in 2023 before moving into an expanded role in 2026 that combines corporate technology and security leadership. At Anduril, his work spans information security, information technology, and infrastructure inside one of the best-known defense technology companies in California.
McCaffrey came to the role with a background that includes mission systems security and infrastructure leadership at Anduril, service as a communications officer in the United States Marine Corps, work with Marine Forces Special Operations Command, and a cybersecurity project management role at the National Security Agency. That mix of defense operations, special operations support, national security work, and internal security leadership gives him experience across both traditional military environments and modern defense-sector technology organizations.
Carlos Aguirre — Head of Information Technology and Cybersecurity, Ducommun Incorporated
Carlos Aguirre leads information technology and cybersecurity at Ducommun Incorporated, where he serves in a chief information security officer-equivalent capacity for a global aerospace and defense contractor. In the role, he is leading a hybrid-cloud cyber defense transformation across infrastructure, applications, and cloud environments, while also acting as a trusted advisor to the board and executive leadership on security, compliance, modernization, and enterprise technology roadmap decisions.
Aguirre’s background spans more than 25 years across cloud security, enterprise technology transformation, compliance, and infrastructure leadership. Before joining Ducommun, he held leadership roles connected to Taco Bell, First Team Real Estate, Westfield, Bidz.com, and UCLA. His experience includes work on cloud security architectures, virtualization, networks, systems, data centers, SOX and PCI compliance, mergers and acquisitions, digital forensics, incident response, third-party risk, and frameworks including NIST 800-171, ISO 27001, FedRAMP, GDPR, and CMMC-related efforts.
A Sector Where Security and Mission Readiness Are Tightly Linked
The cybersecurity leaders in California’s aviation, aerospace, and defense sector are working in environments where the stakes extend well beyond ordinary enterprise risk. Their responsibilities touch aircraft development, space systems, naval operations, defense contracting, transportation resilience, and secure digital transformation across highly sensitive programs. Together, they show how security leadership in this sector demands not only technical depth, but also operational judgment, regulatory discipline, and the ability to support mission-critical innovation without losing sight of resilience and trust.
Explore more profiles of the leaders shaping cybersecurity across numerous industries in our CISOs to Watch collection.