Oklahoma’s cybersecurity leadership bench reflects a mix of retail, energy, software, public-sector strategy, financial services, healthcare, and defense-aljgned program leadership. The women in this feature show how cyber leadership in the state is built through multiple pathways, from formal CISO roles and enterprise compliance leadership to public-sector transformation, advisory work, and large-scale program execution. Some are leading mature security and risk programs inside highly regulated organizations, while others are helping shape Oklahoma’s broader cybersecurity community through training, education, and strategic consulting. That range matters because Oklahoma’s cyber influence is not confined to one vertical. It is a state where cybersecurity leadership increasingly sits at the intersection of governance, resilience, business enablement, and operational discipline.
Dr. Rebecca Goza — Director IT Security, Cherokee Nation Businesses
Dr. Rebecca Goza is Director IT Security at Cherokee Nation Businesses, bringing a career that spans cybersecurity, internal audit, fraud prevention, and enterprise risk leadership. Before joining Cherokee Nation Businesses, she served as Senior Director of IT Risk Management at Ulta Beauty and earlier led information security as Head of Information Security and CISO at Love’s Travel Stops, where she managed security teams, delivered major security initiatives, oversaw compliance and IT risk management, and advised business and technology leaders on critical security issues. Her background also includes a long tenure at the American Cancer Society, where she built a new internal audit and fraud prevention program and developed risk assessment protocols used throughout the organization. She stands out for her unusual blend of business and technical depth, along with a leadership style built on communication, cross-functional trust, and practical security execution.
Michelle Studie — Director of Security Compliance, ONEOK
Michelle Studie is Director of Security Compliance at ONEOK, where she now leads in a role built on more than two decades of audit, cybersecurity, and risk management experience. Her earlier positions at ONEOK included Audit Director and IT Audit Manager, and before that she held IT audit and security roles at Cherokee Nation Businesses, St. John Health System, Stinnett and Associates, and IBM, where she worked as a firewall engineer supporting hundreds of firewalls and regulated client environments. She has also served in multiple leadership roles with the ISACA Tulsa Chapter, including President and SheLeadsTech Director, reflecting strong engagement with Oklahoma’s cyber community. She stands out for her sustained focus on assurance, risk, compliance, and security awareness, as well as her ability to translate audit rigor into stronger enterprise security practices.
Leah Still Brooks — Senior Director Governance Risk & Information Security, SpyCloud
Leah Still Brooks is Senior Director of Governance, Risk, and Information Security at SpyCloud, where she leads enterprise GRC and information security functions under a unified governance strategy. Her work includes executive advising on risk posture, long-term roadmap ownership for frameworks such as CMMC, SOC 2, ISO 27001, ISO 27701, and ISO 42001, as well as oversight of third-party risk, customer security reviews, and cross-functional information security programs. Before SpyCloud, she held risk, compliance, and audit leadership roles at Hanger, Nuance, KPMG, Bank of Oklahoma, Ernst & Young, and Dollar Thrifty. She stands out for the depth of her GRC and audit background, her strong executive communication, and her ability to scale governance and compliance maturity in fast-growing environments.
Carrie Randolph — Strategic Cybersecurity Leader; BSides OK Co-Founder; vCISO
Carrie Randolph brings a profile that combines cybersecurity consulting, public-sector technology leadership, and deep ties to Oklahoma’s cyber community. Her recent work includes consulting roles at SHI International, CBIZ, and Go Security Pro, where she led risk assessments, authored policies and plans, managed vulnerability scanning, and presented findings to both technical and executive audiences. Earlier, during more than nine years with Oklahoma’s Office of Management and Enterprise Services and the Oklahoma Department of Career and Technology Education, she held roles that included IT Strategist, Director, and CIO for the Oklahoma State Department of Education, leading teams, managing audits and remediation, guiding risk assessments, and improving statewide technology service delivery. She stands out for her Oklahoma roots, her practical risk-based leadership style, and her role in helping shape the local cybersecurity community through BSides Oklahoma and broader advisory work.
Richelle Jones — Senior IT Program Manager, Sierra Nevada Corporation
Richelle Jones is Senior IT Program Manager at Sierra Nevada Corporation, where she leads enterprise-scale transformation, compliance, and delivery efforts across distributed technical teams. Her current work includes aligning IT and security strategy with business objectives, leading regulatory compliance programs tied to PCI, NIST, RMF, and CMMC, and driving large-scale initiatives including M&A integrations, system conversions, and enterprise software deployments. Before Sierra Nevada Corporation, she held security and compliance leadership roles at The Goal and Chickasaw Nation Industries, where she led NIST and CMMC initiatives, implemented cybersecurity tools, managed incident response improvements, and integrated IT risk into broader corporate governance. Her earlier experience at Paycom, Boeing, MidFirst Bank, and DISA adds further depth in project delivery, vendor management, and enterprise transformation. She stands out for her ability to bridge business relationship management, security compliance, and complex program execution, with strong Oklahoma roots running through much of her career.
More Women Leading Cyber in Every Direction
Oklahoma’s cyber leadership story is not defined by one industry or one title path. It is being built by leaders who can assess risk, guide transformation, strengthen compliance, communicate clearly with executives, and help organizations operate with more confidence. The women in this feature reflect that reality. Together, they show why Oklahoma remains an important state to watch as cybersecurity leadership continues to expand across both public and private sectors.
Explore more profiles of the amazing women shaping cybersecurity across numerous industries in our Women’s Month collection.