Nevada’s government, reeling from a devastating ransomware assault that paralyzed dozens of agencies last year, has launched a search for a permanent Chief Information Security Officer to fortify its defenses. The Governor’s Technology Office posted the opening on LinkedIn, framing the role as a Chief IT Manager position within the newly formed Office of Information Security and Cyber Defense. This move comes eight months after a cyber intrusion that began in May 2025 and erupted publicly in August, exposing vulnerabilities in the state’s digital infrastructure.
The job demands expertise in developing security strategies, enforcing risk management, coordinating incident responses, and overseeing governance across executive branch agencies. Candidates must collaborate with state leaders and external partners to protect digital assets and public data, amid a recruitment process that closes based on applicant volume. Government Technology reported the posting on January 29, 2026, highlighting the urgency following a ‘turbulent year in cybersecurity.’
A Year of Cyber Turbulence Ignites the Search
The catalyst traces back to May 14, 2025, when an employee unwittingly downloaded malware from a spoofed website boosted by search engine optimization poisoning. Attackers lurked undetected for months, compressing over 3,200 files—including one with personal data—before deploying ransomware on August 24. The breach hit 60 agencies, forcing office closures, disrupting DMV services, health benefits, and public safety records, and prompting Governor Joe Lombardo to suspend in-person operations.
State teams activated incident response protocols, isolating systems and enlisting federal aid from the Cybersecurity and Infrastructure Security Agency and FBI. No ransom was paid, and core services like payroll persisted, but recovery demanded rebuilding Active Directory and identity systems, costing $1.3 million in vendor fees to firms like Mandiant and Microsoft. Tim Galluzi, State CIO and Governor’s Technology Office executive director, noted the ‘complex, methodical’ data analysis process during press briefings.
From Breach to After-Action Reforms
An November 5, 2025, after-action report from the Governor’s Technology Office detailed the 102-day dwell time and lessons learned, crediting no-ransom recovery to prior investments like cyber insurance and offline backups. It spurred legislative backing for a statewide Security Operations Center during a special session, aimed at aiding under-resourced locales. Government Technology covered the report, quoting officials on diversifying security layers.
The incident accelerated structural changes: In July 2025, Nevada launched the Office of Information Security and Cyber Defense under Deputy Director Adam Miller, who seeks federal-style coordination with playbooks and reviews. Miller, featured at the Nevada Public Sector Cybersecurity Summit, emphasized multi-agency threat hunting. The prior CISO, Bob Dehnhardt, retired May 2, 2025, after eight years; Deron Dahl, ex-CISO from Canada’s Northwest Territories, assumed interim duties. Government Technology confirmed Dahl’s role for continuity.
Strategic Overhaul in the Governor’s Technology Office
Under CIO Timothy Galluzi—a Marine veteran reappointed post-agency transition to the Governor’s Office—the office now prioritizes enterprise-wide monitoring, vulnerability management, and physical access controls. Galluzi told Cybersecurity Dive that rebuilding demanded meticulous verification to eradicate threats. The CISO will chair the State Information Security Committee and serve on the Nevada Commission on Homeland Security’s Resilience Advisory Committee, per the official OISCD page at it.nv.gov .
Nevada’s woes mirror a surge in public-sector attacks, with the state ranking high in per-capita cybercrime losses per the FBI’s 2024 report. Experts like UNLV’s Gregory Moody noted in Las Vegas Weekly the need for ongoing employee training on phishing and secure tools. The after-action report called for expanded simulations and pre-negotiated vendor contracts with strict SLAs.
Job Demands Reflect Hardened Realities
The LinkedIn posting at linkedin.com/jobs urges early applications, signaling competitive recruitment. Requirements emphasize risk governance, incident playbooks, and partnership with entities like UNLV for SOC research. This aligns with Galluzi’s vision of a ‘layer cake’ of defenses, as cited in legislative briefings.
As Nevada eyes full SOC deployment, the new CISO inherits a mandate to centralize strategy amid rising threats. Officials report no leaked data on dark web sites, but monitoring continues. Governor Lombardo praised teams for swift recovery without concessions to criminals, per Reno Gazette-Journal .
Elevating Defenses for a Resilient Future
The hiring underscores Nevada’s pivot from reaction to proactive resilience, building on 2025’s reforms. With OISCD independent under the Governor’s Technology Office, the CISO role anchors efforts to safeguard against evolving tactics like SEO poisoning. Industry watchers see this as a model for states balancing budgets with security, especially as federal support wanes under scrutiny.
Stakeholders from summits, including Clark County and UNLV leaders, highlight collaborative needs. As applications roll in, Nevada positions itself to lead in state-level cyber defense, turning breach scars into fortified strengths.
Leave a Reply
Your email address will not be published.