Michael has more than three decades of experience in public-sector cybersecurity, technology leadership, and digital risk governance. He served as the founding Chief Information Security Officer (CISO) for Fairfax County Government, Virginia, from 2002 to 2025, where he led the development of a resilient cybersecurity program that supported essential government operations and public trust for more than 1.3 million residents and 13,000 employees.
His leadership emphasized collaboration, transparency, and mission alignment. He guided countywide initiatives in identity and access modernization, Zero Trust strategy, OT/IoT security, and the responsible introduction of emerging technologies, including early guidance for artificial intelligence use in government service delivery. His approach centered on building sustainable cybersecurity capabilities that strengthened service continuity and integrated cybersecurity into executive and operational decision-making processes.
Michael’s work also strengthened regional and statewide collaboration. He chaired the National Capital Region CISO Committee through the Metropolitan Washington Council of Governments for more than 16 years, advancing cross-jurisdiction coordination and shared cyber readiness across one of the most complex metropolitan regions in the country. He co-chaired the Commonwealth of Virginia Cyber Planning Committee, supporting statewide cybersecurity governance and multi-agency preparedness.
His contributions have been recognized nationally, including being named one of Government Technology’s Top 25 Doers, Dreamers & Drivers, LocalSmart’s Cybersecurity Leader of the Year, and a finalist for the Capital CISO ORBIE Award. These acknowledgments reflect a career focused on public trust, long-term program maturity, and the development of collaborative, mission-driven cybersecurity leadership cultures.
He has also contributed extensively to the broader conversation on cybersecurity leadership and public-sector resilience. His articles and professional commentary published in industry outlets, as well as his widely read LinkedIn work, have focused on leadership accountability, sustainable cybersecurity program design, public-sector collaboration models, and the role of executive decision-making in managing cyber risk. He has emphasized that cybersecurity must be understood not only as a technical discipline, but as a leadership function tied to mission delivery, public trust, and organizational culture.
He continues to support public-sector organizations through CISO360 LLC, advising government executives, practitioner communities, and strategic partners on developing cybersecurity programs that are resilient, practical, and aligned with essential public services. Through this work, he also advises industry partners on how to better support the public sector by aligning solutions with mission needs, operational realities, and sustainable funding models. His role is not to sell products, but to help bridge understanding between government and industry so that solutions are effective, affordable, and strategically aligned. He also works with senior leadership and elected officials to help them understand risk in meaningful business terms and to develop clear, achievable strategies for improving organizational resilience.
