California’s retail sector depends on cybersecurity leaders who can protect sprawling store networks, e-commerce platforms, customer data, and increasingly complex corporate technology environments. The leaders in this feature come from companies with very different operating models, from off-price retail and specialty retail to grocery and omnichannel commerce, but they share a similar challenge: keeping security aligned with growth, resilience, and day-to-day execution. Their backgrounds span governance, cyber defense, compliance, identity, business continuity, and enterprise technology strategy inside some of the state’s best-known retail organizations.
Elwin Wong — Senior Vice President & Chief Information Security Officer, Ross Stores, Inc.
Elwin Wong serves as senior vice president and chief information security officer at Ross Stores, where he plays a senior leadership role in guiding cybersecurity strategy for a Fortune 200 retailer with more than 2,000 stores and over 100,000 employees. His work has included close engagement with executive leadership and the board, the development of multi-year security strategies, and the modernization of defenses to address evolving threats such as ransomware, supply chain attacks, and broader regulatory pressures. His remit has expanded over time as Ross has continued to evolve its security organization and broader enterprise security roadmap.
Wong’s tenure at Ross includes earlier roles as group vice president and chief information security officer, and before that as vice president of enterprise architecture and chief information security officer. Across those roles, he led the transformation of the company’s information security program, built out capabilities across governance, risk, compliance, security architecture, identity and access management, security operations, and cyber defense, and helped establish a regular board-level reporting cadence on information security. Before Ross, Wong spent more than a decade at Safeway, where he held a series of senior security and risk leadership roles covering IT compliance, forensics, threat and vulnerability management, PCI governance, and security operations. That background gives him one of the strongest large-scale retail security profiles in the state.
Marty Ray — Vice President & Chief Information Security Officer, Williams-Sonoma, Inc.
Marty Ray is vice president and chief information security officer at Williams-Sonoma, where he now leads security for one of California’s most prominent retail companies. His profile reflects a security leader with experience launching and restructuring global security programs tied to mission-critical business processes, consumer and internal data protection, and retail operations. He is particularly focused on building support across business leadership and using that alignment to drive projects that reduce risk, strengthen compliance, and improve operations.
Before joining Williams-Sonoma in 2024, Ray served as chief information security officer at Fossil Group, where he led a global cybersecurity team supporting 12,000 employees, more than 300 retail outlets, and a major e-commerce operation. Earlier at Fossil, he also served as director of information security. Before that, he was international IT security manager at GameStop, where he oversaw information security governance and risk management for international divisions including 2,200 retail locations. His earlier background at Heartland Payment Systems adds substantial experience in data center and payment security operations, including responsibility for a large security budget and environments supporting hundreds of thousands of merchants. Across those roles, he built a career grounded in retail, payments, and enterprise security transformation.
Kumar Mishra — Chief Information and Digital Officer, Grocery Outlet
Kumar Mishra is chief information and digital officer at Grocery Outlet, where he leads enterprise technology, cybersecurity, digital platforms, data, and AI. While his title is broader than a pure security role, his remit clearly includes cybersecurity and technology risk governance as part of the company’s modernization and enterprise strategy. His current focus is on aligning technology with growth, resilience, operational rigor, and long-term business value in a public-company retail environment.
Mishra brings three decades of experience in complex enterprise settings, including large-scale operating model redesign, ERP and SAP modernization, M&A integration, carve-outs, and enterprise cybersecurity strengthening. Before Grocery Outlet, he served as vice president of information technology at Reynolds Consumer Products and previously held senior technology leadership roles at Nielsen, Olam, AmerisourceBergen, Chamberlain, Grainger, Roche Diagnostics, and CenturyLink. At Nielsen in particular, his responsibilities included leadership and governance across a global corporate platform architecture that covered security alongside business intelligence, testing, applications, vendor management, and IT operations. His inclusion here reflects the growing importance of executives whose role spans both enterprise technology and cyber risk in modern retail.
John Hluboky — CISO, Petco
John Hluboky is chief information security officer at Petco, where he manages all aspects of cybersecurity, including application security, compliance, identity and access management for both customer and workforce environments, and security operations. His background reflects more than 25 years of technical and leadership experience, with a strong emphasis on using security and technology to enable business operations rather than simply constrain them.
Before joining Petco in 2023, Hluboky held several senior roles at Practice Fusion, including principal security architect and chief information security officer. Earlier there, he also served as senior vice president of technical operations, leading teams responsible for technology operations, information security, online and data center services, site reliability, IT support, and DevOps for one of the largest web-based electronic health record platforms in the country. Earlier roles at McAfee, Embark, UCSF Medical Center, and The Picture People broadened his experience across e-commerce, healthcare, infrastructure, and retail operations. His background is notable for combining security governance with deep operational experience in large-scale digital platforms.
Retail security in California is bigger than store protection
The retail leaders in this feature are dealing with much more than traditional storefront or payment-card security. Their responsibilities increasingly stretch across digital platforms, cloud environments, hybrid work, identity, third-party risk, resilience planning, and board-level governance. That is especially true in California, where many of the state’s largest retail organizations operate with national scale and significant technology complexity. Leaders like these are helping define what modern retail security looks like when customer trust, operational continuity, and digital transformation all have to move together.
Explore more profiles of the leaders shaping cybersecurity across numerous industries in our CISOs to Watch collection.