Nonprofit organizations carry a particular kind of security burden. They protect sensitive donor data, beneficiary records, research classified by government contract, and in some cases the identities and locations of vulnerable people whose safety depends on that data staying secure. They do it with budgets that rarely match the threat surface they face and without the regulatory frameworks that force minimum security standards in banking or healthcare. The CISOs in this feature have chosen to apply serious security expertise inside mission-driven organizations, and their work reflects what it means to protect institutions that exist to serve people rather than to generate profit.
Elizabeth Rodgers — Chief Information Security Officer, RAND Corporation
Elizabeth Rodgers has served as CISO at RAND Corporation since May 2023, overseeing cybersecurity strategy for one of the world’s most influential policy research institutions, whose work spans national security, defense, health policy, and global affairs under contracts with the US government and allied nations. Her responsibilities include enterprise risk management, security operations, incident response, compliance with NIST 800-171, CMMC, DHS, and DoD requirements, governance and policy development, third-party risk, and threat management across an organization whose research sensitivity demands security standards more commonly associated with defense contractors than nonprofits. Her background spans more than twenty years in IT management and security across corporate, federal government, nonprofit, and consulting environments, giving her a cross-sector foundation that is directly relevant to an institution that operates at the intersection of all of them. Embedding security into the technology lifecycle at a research organization where the output itself is often the most sensitive asset requires a particular kind of security discipline, and her career reflects that.
Eric Jordan — Chief Information Officer and Chief Information Security Officer, Harold Grinspoon Foundation
Eric Jordan has served as CIO and CISO at the Harold Grinspoon Foundation since June 2019, building the organization’s first formal enterprise technology roadmap, its first technology governance structure, and a cybersecurity and risk governance framework covering threat detection, incident response, compliance, and resilience. He manages a technology budget of more than $10 million annually, delivered more than $400,000 in annualized savings through vendor negotiation and cloud optimization, and achieved 99 percent-plus threat detection effectiveness with zero material breaches. His transformation work spans enterprise-wide cloud and SaaS modernization, ERP and CRM implementation, and the construction of an enterprise data and AI strategy that replaced ad hoc reporting with a single source of truth for financial and compliance decisions. Holding both the CIO and CISO mandates simultaneously at a multi-entity foundation reflects the operational reality of technology and security leadership in the nonprofit sector, where the boundaries between strategic technology governance and security accountability are rarely separate functions.
Shane Anglin — Chief Information Security Officer, Step Up for Students
Shane Anglin joined Step Up for Students as its first-ever CISO in October 2024, building the security program from the ground up for a Florida nonprofit scholarship funding organization managing more than $1 billion in revenue and Educational Scholarship Accounts for more than 500,000 students. His initial focus has centered on maturing foundational security standards aligned with NIST Cybersecurity Framework and CIS controls, and ensuring compliance with PCI-DSS and the Florida Information Protection Act across an organization handling sensitive financial and educational data at significant scale. His background spans enterprise architecture, security engineering, SOC operations, red and blue team functions, cyber threat intelligence, identity management, fraud security, GRC, and DevSecOps, giving him the operational breadth that a first CISO at a large nonprofit requires. Building a security program from scratch inside an organization managing state scholarship funds for half a million students is not a small mandate, and his arrival reflects Step Up for Students’ recognition that the data it holds demands enterprise-grade protection.
Glenn Berryman — Chief Information Security Officer, World Vision
Glenn Berryman joined World Vision as CISO in March 2025, bringing more than two decades of IT strategy, transformation, and cybersecurity leadership to one of the world’s largest Christian humanitarian organizations, operating in nearly 100 countries and serving millions of vulnerable children and families globally. His background spans comprehensive risk-based cybersecurity program leadership across multiple industries, with a focus on partnering with senior stakeholders and third parties to implement security practices aligned to organizational risk tolerance. World Vision’s global footprint, the sensitivity of its beneficiary data, and the complexity of operating in fragile and conflict-affected environments make its security mandate one of the more demanding in the nonprofit sector, and Berryman’s arrival reflects the organization’s commitment to protecting the people it serves.
Mike Cachine — Chief Technology Officer, Chief Information Officer, and Chief Information Security Officer, International Centre for Missing and Exploited Children
Mike Cachine has served as CTO, CIO, and CISO at the International Centre for Missing and Exploited Children since June 2015, leading technology and security for an organization whose mission is among the most consequential in the nonprofit world. Under his leadership, ICMEC developed and deployed GMCNgine, an AI and machine learning image matching and alerting platform that became the largest missing child alerting system in the world, spanning 30 countries across four continents, generating more than one billion internet child poster media impressions, enabling more than 1.1 million responders to join in the search, and contributing to more than 5,000 recoveries when the technology was used. That is not a security program designed to protect commercial data. It is a technology and security operation built around protecting children, and the stakes attached to every security decision are measured accordingly. He is a 2018 IDG CIO 100 honoree, co-founder of a venture-backed technology startup, and a nonprofit foundation trustee with more than twenty-five years of IT leadership experience across Fortune 500 companies and mission-driven organizations.
The Nonprofit Sector Deserves Better Security Than It Usually Gets
The organizations in this feature are protecting policy research that shapes national security decisions, scholarship funds for half a million children, humanitarian operations across nearly 100 countries, and the technology that has helped recover thousands of missing children. None of them have the regulatory mandates or the budget structures that force minimum security standards in banking or healthcare. What they have instead are leaders who chose to apply serious security expertise to missions that matter, and whose programs reflect that choice. That is worth recognizing.
Discover more CISOs securing the nonprofit sector:
