The organizations in this feature operate at the intersection of national security, classified systems, and the defense industrial base. Their security programs are governed by frameworks that most commercial enterprises never encounter: Risk Management Framework, FISMA, DIACAP, CMMC, and the classified system authorization requirements of the Department of Defense and the Intelligence Community. The leaders protecting those programs have built careers inside military service, intelligence agencies, defense contractors, and federal civilian roles, and their work reflects what cybersecurity looks like when the systems being protected are mission-critical in the most literal sense of the term.
Billy Zientek — Chief Information Security Officer, National Reconnaissance Office
Billy Zientek became CISO of the National Reconnaissance Office in December 2024, having served as deputy CISO for the preceding five months. Before the NRO, he spent a year as business information security officer at KPMG US, and before that spent more than ten years as a digital engineer at the Central Intelligence Agency. That decade-plus of technical engineering work inside one of the nation’s most sensitive intelligence organizations gives him a grounded operational understanding of the classified systems and mission environments he now leads from a security perspective at the agency responsible for designing, building, and operating the nation’s reconnaissance satellites.
Timothy Cassibry — IRES Chief Information Security Officer, Amentum
Timothy Cassibry served as IRES CISO at Amentum from September 2024 through May 2025, supporting the Missile Defense Agency’s IT systems and networks through the Integrated Research and Engineering Services contract. Before Amentum, he spent nearly four years at Jacobs as cyber product lead and contract CISO on the same IRES program, leading the cybersecurity product team through RMF, defensive cyber operations, software analysis, and incident response, including guiding the organization through JFHQ-DoDIN’s CORA inspection and remediation. Before his IRES focus, he spent two years as a senior cyber security analyst at KBR supporting Defense Health Agency systems through RMF assessments. He holds a Doctorate of Management in Organizational Development and Change, a PMP, a CISSP, and an ITIL4 Managing Professional certification, and is the author of two books including Change of Mission, a guide for military personnel and their families transitioning to the civilian workforce. His career reflects sustained focus on securing missile defense and military health systems at the program level inside the defense contractor environment.
Gary Buchanan — Chief Information Security Officer, National Geospatial-Intelligence Agency
Gary Buchanan has served as CISO at the National Geospatial-Intelligence Agency since February 2021, following nearly three years as director of cyber engineering and group chief of cyber risk management at the National Reconnaissance Office. His career at NGA spans more than a decade including chief of cyber risk management from 2011 through 2014, and his earlier private sector experience includes six years as a manager of cyber engineering at Northrop Grumman. That career path, built almost entirely inside two of the most sensitive agencies in the intelligence community and one of the nation’s largest defense contractors, reflects a security leader whose entire professional life has been oriented around protecting classified systems and national security missions. At NGA, whose geospatial intelligence supports military operations, national security decision-making, and disaster response globally, his security mandate is as operationally consequential as any in the intelligence community.
Reginald Hall — Chief Information Security Officer, General Dynamics Mission Systems
Reginald Hall joined General Dynamics Mission Systems as CISO in March 2026, bringing a background that spans naval service, consulting, hospitality security, and defense. He served more than twenty-two years as a lieutenant commander in the United States Navy before transitioning to Ernst and Young as a senior manager in IT risk transformation, then to Booz Allen Hamilton as a cyber security executive, then to Carnival Corporation as global director of the office of the CISO and brand IT security officer and subsequently global senior director of security governance and risk. He then served as director of cybersecurity at Berkeley Lights and three years as CISO at Wheels Up, the private aviation company. That arc from naval officer through Big Four consulting, global hospitality security governance, and private aviation CISO to one of the nation’s largest defense systems companies reflects a security leader whose cross-sector depth is directly applicable to an organization whose mission systems programs span land, sea, air, space, and cyber domains.
Christopher Parks — Chief Information Security Officer, Defense Contract Management Agency
Christopher Parks has served as CISO at the Defense Contract Management Agency since November 2010, one of the longer continuous CISO tenures in the defense sector. His responsibilities span information assurance and computer network defense services including network operations monitoring, incident handling, forensic investigations, vulnerability management, and policy development across an agency whose mission is to provide contract administration services to the Department of Defense and other federal agencies. Before DCMA, he spent three and a half years as a senior network security engineer at SAIC managing enterprise vulnerability management, data extrusion prevention, and incident handling programs for DCMA, effectively building the technical foundation for the agency security program he later led as CISO. Before SAIC, he spent two and a half years at General Dynamics AIS and two years at CACI in network engineering roles, and began his career as a microwave systems operator and maintainer in the United States Army, supporting classified and unclassified networks for the Pentagon, the Army Operations Center, and the White House Communications Agency. Fifteen years of continuous CISO service at a single DoD agency reflects a career defined by institutional commitment and sustained operational depth.
Christopher Carter — Chief Information Security Officer, V2X
Christopher Carter has served as CISO at V2X since September 2024, overseeing cybersecurity strategy, governance, risk, and compliance for a defense services company operating within the defense industrial base. His tenure is already marked by notable accomplishments including leading V2X through CMMC certification and achieving an enterprise DIBCAC High 110 score. Before V2X, he served as CIO at WSSC Water, where he orchestrated the successful defense against an advanced persistent threat ransomware attack with no business downtime and no ransom paid, and before that held CIO and CTO roles at Business Integra and Cyber Management. He has run Crucial Cyber, a cybersecurity advisory practice, since 2016, providing advisory services across federal government and defense clients on threat and risk management, cyber defense, and NIST RMF and CMMC compliance. His background spans cyber-physical security integration, critical infrastructure protection, and defense contractor compliance, giving him a grounded understanding of the converged IT and OT security environments that defense services companies increasingly must protect.
Robert Rubeck — Chief Information Security Officer, Katmai Government Services
Robert Rubeck has served as CISO supporting the Defense Health Agency’s Research and Engineering mission through Katmai Government Services since January 2023, leading enterprise cybersecurity strategy across mission-critical DoD healthcare systems and multi-enclave environments. Before Katmai, he spent more than four years as senior manager and CISO at Octo Consulting Group, and before that nearly six years as CISO and special assistant to the CIO at DMI supporting US Army MEDCOM and Defense Centers of Excellence. His earlier career includes technology director for information assurance and cybersecurity at the DoD F-35 Joint Strike Fighter Program Office and senior principal information security manager at the DoD PKI Program Office at DISA. He holds a CISSP, DoD 8570 IAT and IAM Level III certifications, an MCSE, and maintains an active DoD Top Secret clearance. That career path through the F-35 program, DISA, Army medical command, and now Defense Health Agency research systems reflects a security leader whose entire career has been oriented around protecting the most sensitive and operationally critical systems in the DoD enterprise.
The Stakes Are Different Here
In most security environments, a breach means data loss, regulatory exposure, and reputational damage. In the environments represented in this feature, a breach can mean compromised intelligence collection capabilities, disrupted military operations, exposed warfighter identities, or degraded national security systems that adversaries have been targeting for years. The leaders in this feature carry that weight every day, in roles that rarely make headlines and demand exactly the kind of sustained, disciplined, mission-focused security leadership that the nation’s most sensitive programs require.
Discover more CISOs in critical environments:
- Cybersecurity Leaders to Watch in Washington’s Defense & Aerospace Industry
- Female Cybersecurity Leaders to Watch in Aerospace and Defense
- CISOs to Watch in Virginia’s Defense & Space Industry
- Cybersecurity Leaders to Watch in Pennsylvania’s Defense & Space Industry
- Cybersecurity Leaders to Watch in Massachusetts’ Defense & Space Industry
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.