Oregon’s cybersecurity leadership extends well beyond higher education and state government. The leaders in this feature are securing a global sportswear giant, a federal power administration, a public transit agency, an outdoor apparel brand, an emergency response platform, a managed security provider, and a subscription management software company. Their backgrounds span military communications, banking, retail, and public sector security, and their work reflects how broad and consequential Oregon’s private and public sector security landscape has become.
Adam Sealey — Global Chief Information Security Officer, Nike
Adam Sealey joined Nike as a founding member of the security team more than thirteen years ago and has built every major capability the function now has. He progressed from senior information security engineer through director of cyber threat analytics, where he built Nike’s first security analytics team from scratch and consolidated Splunk across five groups saving more than $75 million over three years, through director of information security governance and metrics, senior director in the office of the CISO managing a $100 million-plus security portfolio and developing all executive storylines for Nike’s executive leadership team and board, and deputy CISO, before stepping into the global CISO role in December 2022. As deputy CISO, he established Nike’s first overseas follow-the-sun SOC and incident response capability, leading cross-functional teams analyzing more than 75 terabytes of daily data. That arc, from founding security team member to global CISO over thirteen years at one of the world’s most recognizable brands, reflects a security leader who built the program he now leads from the ground up.
Ryan McGrory — Chief Information Security Officer, Columbia Sportswear Company
Ryan McGrory joined Columbia Sportswear as CISO in April 2022, bringing a background built across financial services, consumer goods, and retail security in the Portland area. He spent five years as SVP and director of cybersecurity at Umpqua Bank, overseeing the SOC, incident response, security engineering, IAM, network engineering, and IT-GRC functions, before moving into a cybersecurity senior manager role at Mars, where he was embedded with the Banfield Pet Hospital IT leadership team and responsible for the cybersecurity program and PCI Level 1 compliance across more than 1,000 pet hospitals and 20,000 associates. He holds a master’s degree in information security and assurance and an active CISSP. His approach is grounded in pragmatic, business-aligned security that translates cyber risk into language that resonates with executives and boards.
Mark Johnston — Chief Information Security Officer, TriMet
Before joining TriMet as CISO in July 2022, Mark Johnston spent nearly four years as director of cybersecurity and security operations center at the State of Oregon, and before that served as information security officer and senior information security advisor at the Oregon Health Authority, supporting two of the state’s largest agencies on all aspects of information security. That deep Oregon public sector background, spanning health authority security, statewide SOC leadership, and now public transit infrastructure, gives him a career shaped by the specific demands of protecting systems that serve Oregon residents directly. At TriMet, which operates bus, light rail, and commuter rail across the Portland metro area, the security program has to protect operational technology, customer data, and transit infrastructure simultaneously.
Jim Viskov — Chief Information Security Officer, Bonneville Power Administration
Jim Viskov stepped into the CISO role at Bonneville Power Administration in September 2025, but his seventeen-year tenure at BPA before that appointment is the foundation everything rests on. Since 2009, he served as founding manager of a vertically integrated organization responsible for BPA’s critical business IT systems, including deal capture, power and transmission scheduling, load forecasting, metering, and hydro operations, running a 24/7 infrastructure operations capability across software design, development, and customer support. Those systems are critical to BPA both in terms of revenue and federal Columbia River Power System reliability. Seventeen years of managing mission-critical operational technology at a federal power administration that serves the Pacific Northwest’s electricity grid gives him an institutional and operational depth that most CISOs arriving from outside could not replicate. He now leads the security team responsible for protecting all of it.
Jorge Zelaya — Chief Information Security Officer, Atmosera
Jorge Zelaya serves as CISO at Atmosera, an Oregon-based managed services provider specializing in Azure, application, data and AI, and security solutions. His work centers on helping organizations shift from reactive to proactive security, with a particular focus on managed extended detection and response, cloud resilience modernization, and supporting cyber insurers in reducing claims frequency and severity through real-time telemetry and faster incident containment. His approach spans enterprise security teams, SMB organizations, and cyber insurance underwriters, giving him a cross-sector view of how security risk translates into business and financial outcomes that most practitioner-side CISOs do not develop. At Atmosera, that perspective informs how the company positions security as a service alongside its broader Azure and technology offerings.
Grant Wyatt — Chief Information Security Officer, Active911
Grant Wyatt has spent more than twelve years at Active911, an Oregon-based emergency response platform serving more than 400,000 clients worldwide, progressing from technical service representative through associate product manager and technical support manager before stepping into the CISO role in September 2022. Active911’s platform is used by first responders, which means the data it handles, dispatch alerts, location information, and response coordination, carries a weight that most software security programs do not. Wyatt’s deep familiarity with how the platform works, how clients use it, and what operational continuity means in an emergency response context gives him a security perspective that is grounded in the mission of the product itself.
Jonah Perez — Chief Information Security Officer, SafePorter
Jonah Perez has served as CISO at SafePorter, a Portland-area data protection software company, since August 2019, where he leads privacy and security architecture for the company’s DataProtected product. His background includes cloud operations management at Zapproved, where he drove SOC 2 Type 2, FedRAMP, and NIST 800-171 compliance from an operations standpoint, and InfoSec and compliance analyst work at Cambia Health Solutions. His technical depth in AWS infrastructure, IAM design, VPC architecture, and compliance framework implementation gives him a practitioner-level understanding of the environments he now helps protect through product security architecture.
Martin Rues — Chief Information Security Officer, Zuora
Martin Rues brings more than twenty years of experience developing, securing, and delivering cloud services to his CISO role at Zuora, a subscription management software company where he has served since November 2023. His background spans cloud service delivery, strategic partnerships, and executive-level communication across complex technical environments, and his approach combines a consulting-rooted strategy development orientation with hands-on operational delivery experience. At Zuora, whose platform manages subscription billing and revenue operations for enterprise clients globally, the security program sits at the intersection of financial data protection, SaaS compliance, and customer trust.
Oregon’s Security Leaders Reflect the State’s Reach
Oregon punches above its weight in security leadership. The leaders in this feature are securing one of the world’s most valuable consumer brands, a federal power grid serving the entire Pacific Northwest, a public transit system serving hundreds of thousands of daily riders, global outdoor apparel operations, and software platforms used by first responders and enterprise clients worldwide. That breadth of consequential security work, concentrated in a state that rarely leads national conversations about cybersecurity, reflects a community of practitioners who have built serious programs in serious environments.
Discover more cybersecurity leaders in Oregon making their mark in their industries:
