State

Maryland names former federal agency CISO as state’s new cyber chief

Maryland has named James Saunders, a former federal technology official, to serve as its new chief information security officer.

By Colin Wood

May 5, 2025

Listen to this article

0:00

This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.

Maryland Gov. Wes Moore speaks onstage during the 2025 Congressional Black Caucus Ceremonial Swearing-In at The Anthem on The Wharf on January 03, 2025 in Washington, D.C. (Leigh Vogel / Getty Images for Congressional Black Caucus Foundation)

Maryland’s technology department on Monday announced it’s hired James Saunders, a former federal technology official, to serve as its new chief information security officer.

Saunders, who started as acting CISO on Monday and will become the state’s permanent cybersecurity chief after a Senate confirmation, most recently served as deputy chief information officer of the Office of Personnel Management. He also spent nearly three years as OPM’s CISO and nearly three years in various security roles at the Small Business Administration, including one year as its CISO.

In a press release, Maryland Gov. Wes Moore said Saunders’ hire is a “big deal” in light of his administration’s new strategy to create new cybersecurity apprenticeships, with the aim of filling thousands of open cybersecurity jobs and bolstering the economy.

Saunders in the press release called himself a “big advocate” for emerging technologies and partnerships, while Maryland CIO Katie Savage noted the growing cybersecurity threat of agentic AI.

In an interview with FedScoop last year about his role at OPM, Saunders said AI can be used to help the government more quickly detect network anomalies and respond to threats. He said AI can also be used to improve cybersecurity training.

“We want to leverage AI to defend ourselves against those same AI attacks and threats,” he said.

As Maryland’s top cybersecurity official, Saunders is responsible for setting policy that secures the state’s IT systems, infrastructure and private data.

Saunders also served for eight months at the Agency for International Development and has held numerous private sector jobs, including spending nearly three years as the chief technology officer of a company he founded called CodeOrange Security. His LinkedIn profile shows he held roles with Raytheon Foreground Security, the investment management firm T. Rowe Price and the professional services firm CACI International.

In Maryland, he replaces Greg Rogers, who stepped down in February to freelance as a cybersecurity adviser.