Maryland has a new leader in cybersecurity. The state’s technology department announced earlier this week that it has appointed James Saunders, a former federal technology official, as its new Chief Information Security Officer.

Saunders takes over from Greg Rogers, who stepped down in February to pursue freelance work as a cybersecurity adviser. He’s currently the acting CISO, with plans to transition into the permanent position after Senate confirmation.

Before taking on this new role, Saunders was the deputy chief information officer at the Office of Personnel Management. He also held the position of CISO at OPM for nearly three years. He spent another three years in various security roles at the Small Business Administration, including serving as its CISO for one year.

“Rogers played an instrumental role leading the agency’s Office of Security Management during a rapid growth phase, bringing in a number of state employees across different cybersecurity specializations who are helping keep Maryland secure,” said Nathan Miller, public information officer for the Maryland Department of Information Technology. “The Department of Information Technology is grateful for his service and leadership during a critical time in our agency’s history.”

In a press release, Saunders described himself as a “big advocate” for emerging technologies and collaborative partnerships.

“In my first 90 days, I think I’m going to focus and prioritize on building relationships across all the state agencies as well as with the local counties and governments, and municipalities as well,” Saunders said. “What are we doing amazingly well that we want to continue to highlight? What are we not doing so well that we want to improve upon? That’s my focus — building partnerships, accelerating what we’re doing great, and bringing up what we’re not doing so great.”

He’s also a believer in using AI for good. In a 2024 interview, he highlighted the potential of AI to enhance the government’s ability to quickly identify network anomalies and respond to security threats, as well as its role in improving cybersecurity training.