Ryan Murray

Arizona CISO Ryan Murray is often a featured speaker at large cyber events, but he also goes on the road each year as part of his outreach across the state. He visits 15 counties during a three- to six-month “roadshow,” sitting down with election officials, IT and cybersecurity practitioners, public safety professionals and utility leaders, among others. For him, cybersecurity is more than infrastructure. It’s community.

The state’s cybersecurity ecosystem is built on “whole-of-state support,” a model that has delivered shared services for about a decade. Murray credits the approach with putting Arizona “in a better space ... and we continue evolving.” He’s been with the state since 2021, and his office sits within the Arizona Department of Homeland Security, which gives him a unique opportunity to reach stakeholders.

The evolution comes with shifting terrain. “The old partnerships we’ve relied on have changed over the past couple of years,” Murray said, referring to shifts in responsibility from the federal government back to states. “We need to collectively figure out how to operate within that reality.” He continues to push back against isolation. “We shouldn’t be doing this work in a silo.”

AI also shapes conversations. Murray warns that adversaries are using AI to scan for vulnerabilities and generate increasingly convincing phishing campaigns and deepfakes. At the same time, he sees value in AI-enabled defensive tools that can help stretched local teams respond faster — if adopted thoughtfully and with strong data protections.

And when systems go down? While agencies must control public-facing communications during an incident, Murray encourages peer agencies and states to communicate openly. Cyber attacks carry stigma, especially when they disrupt services. But, he said, it’s time to “get over the stigma that we are weak or failed.” There is strength in sharing, and cybersecurity “needs to be a community-driven process, and we need to be able to embrace our own vulnerability.”