Maryland Selects New Acting State Cybersecurity Leader

Maryland has tapped a new cybersecurity leader to guide its digital defense efforts starting Monday.

Jon Meadows

Officials have chosen James Saunders, a cybersecurity expert with extensive federal technology experience, as Maryland’s next acting chief information security officer (CISO) following the departure of Greg Rogers, who stepped into the role in August 2023. Rogers recently left the position to pursue an opportunity in the private sector.

“Rogers played an instrumental role leading the agency’s Office of Security Management during a rapid growth phase, bringing in a number of state employees across different cybersecurity specializations who are helping keep Maryland secure,” Nathan Miller, public information officer for the Maryland Department of Information Technology (DoIT), said. “The Department of Information Technology is grateful for his service and leadership during a critical time in our agency’s history.”

Saunders will serve as acting state CISO before being confirmed as state CISO by the Maryland state Senate and officially appointed by Gov. Wes Moore. He’ll oversee DoIT’s Office of Security Management, which is charged with protecting Maryland’s IT systems, infrastructure and sensitive data.

The new cyber leader told Government Technology he’s eager to hit the ground running — focusing on building relationships and scaling what’s already working.

“I’m excited to join the team and to work under the leadership of Secretary Savage as well as the Moore-Miller administration,” Saunders said, referring to Katie Olson Savage, state secretary of information technology. “In my first 90 days, I think I’m going to focus and prioritize on building relationships across all the state agencies as well as with the local counties and governments and municipalities as well.”

His next priority, he said, will be to take a close look at Maryland’s current cybersecurity landscape — identifying what’s working successfully and where there’s room to grow.

“What are we doing amazingly well that we want to continue to highlight? What are we not doing so well that we want to improve upon? That’s my focus — building partnerships, accelerating what we’re doing great, and bringing up what we’re not doing so great.”

“James Saunders is an experienced cybersecurity expert who has helped secure some of our nation’s most important systems,” Savage said Monday in a DoIT news release on LinkedIn. “We are thrilled he is bringing his expertise and leadership to the State of Maryland.”

The acting CISO brings years of executive-level tech experience to the role, most recently serving as deputy chief information officer at the U.S. Office of Personnel Management (OPM). Before that, he held CISO roles at both OPM and the U.S. Small Business Administration, where he helped lead tech security efforts during the early days of the COVID-19 pandemic. He holds a Master of Science in cybersecurity from the University of Maryland Global Campus and a Master of Business Administration from the University of Illinois Urbana-Champaign.

His passion for cybersecurity, he said, was sparked early in his career while working in a help desk role at a small company in Baltimore County, where assisting with malware removal piqued his interest and set him on a path to pursue a master’s degree in cybersecurity.

That past experience, Saunders said, has not only deepened his technical expertise but also helped him develop a clear leadership philosophy he plans to carry into his new role.

“I believe that to be a high-performing organization, you have to have basic cultural foundations,” he explained. “I think it’s really important that you build a security culture — not just a security team — across the board.”