Lester Godsey | Top Cybersecurity Leaders 2024
Over the past three decades, Lester Godsey has dedicated himself to serving his communities through his roles in public sector cybersecurity. Godsey took his first cybersecurity job as a Support Center Analyst in the College of Engineering and Applied Sciences at his alma mater, Arizona State University (ASU), while he was an undergraduate studying music. While he initially considered becoming a band teacher, he soon discovered his interest in system administration and cybersecurity, which eventually led him to pursue a security career.
“Security wasn’t a discipline unto itself at the time,” he says. “The internet was just becoming a real thing back then — my first experience with the web was HTML programming for non-graphical browsers. Many of us who entered the field around that time found their way into security without realizing it. We were doing a lot of security without it being an official function.”
After two years, Godsey was brought in to help develop and secure a new campus ASU was building in a former military base, ASU Polytechnic. There, he supported over 200 users and was part of the team of information technology (IT) staff which built their security program from scratch as a Support Systems Analyst.
From there, Godsey oversaw technology services for the ASU Department of Psychology as a Technology Support Analyst, managing a team of IT staff and a sizeable budget, in addition to acting as a primary systems administrator for the department, among other responsibilities. He says his ability to multi-task and manage multiple responsibilities has led to his success in the cybersecurity field.
“My entire IT career has been focused on being more of a ‘jack of all trades,’ as opposed to specializing in a certain discipline. At that campus at ASU, but even in my other jobs, I had responsibilities across the board,” says Godsey.
Following his work in the ASU Department of Psychology, Godsey earned the Division Manager — Information Technology role for the Town of Queen Creek, an Arizona town southeast of Phoenix. There, Godsey led the IT department, supporting a wide range of initiatives from application development to municipal fiber networking. Godsey served the Town of Queen Creek for nearly eight years and managed an annual budget of approximately $1.6 million. A large part of his role consisted of liaising between the government, elected officials and the private sector, ensuring open communication channels between all stakeholders.
“That experience of being a couple of miles wide and, in some instances, a bit more than an inch deep prepared me well for both leadership and cybersecurity. Cybersecurity touches all aspects of any organization, so whether you’re talking about networking, cloud application development, enterprise application support, infrastructure — you name it, there’s a security element associated with it. Having that diverse background has lent itself well in my career,” Godsey says.
From his role at the Town of Queen Creek, Godsey moved into an IT Manager position at the City of Mesa, the third-most populous city in Arizona. Over his nine-year tenure at the City of Mesa, Godsey rose through the ranks and left the city government as Chief Information Security and Privacy Officer, having led Internet of Things (IoT) strategy for the organization; providing enterprise cybersecurity and mobile communications services to the City; and liaising with local, state and federal governments and external stakeholders.
In November 2019, Godsey earned the Chief Information Security Officer role for Maricopa County, which contains the Phoenix metropolitan area and is home to nearly 4.5 million Arizonans.
“Maricopa County has put quite an emphasis on cybersecurity, which is very much appreciated. I know, especially in the local government field, not everybody can say the same thing,” he says. “What was lacking was a coherent program and strategy with regards to information security for Maricopa County. That was something that I had to quickly address.”
In his first 90 days on the job, Godsey structured the information security department by implementing a program strategy and three-year roadmap for the department and the county government as a whole. Today, the department is made up of four functions — Security Operations, Engineering & Architecture, Assurance and Governance.
One of the challenges Godsey identified early on was the need for bespoke incident response playbooks to address the many threats targeting local governments, including mis- and disinformation, election security threats and phishing attempts. He says the department’s response to attacks surrounding the 2020 election has helped prepare them for the 2024 election cycle.
“In 2020, we saw plenty of misinformation, but we also saw virtually every type of attempted cyberattack that you could think of — DDoS attacks, data scraping attacks, vendor supply chain attacks, and active and passive network intrusion attempts. In 2022, we saw a significant reduction in the number of attempted cyberattacks, and we saw an exponential increase in the number of mis-, dis- and malinformation-based attacks,” Godsey says.
According to Godsey, remaining resilient and flexible in the face of evolving cyber threats takes a strong, cohesive team. “I’m very lucky to have the team I have,” he says. “I think a lot of our success has to do with the underlying understanding and commitment to public service. There’s a lot of risk thrown towards Maricopa County, and I think it takes a certain type of person to commit to this work.”
At the end of 2024, Godsey plans to retire from his government role and embark on a new challenge: cybersecurity in the private sector. Reflecting on his career, he credits his successes to the diversity of his teams and his own experience.
“There is no one path to getting into cybersecurity. Even to this day, there’s a perception that if you don’t come up through the technical routes, you can’t add value in terms of a cybersecurity program. That’s simply not the case anymore,” he says. “There are many soft skills that can add a lot of value to cybersecurity programs and also provide opportunities to grow into leadership.”