Former Alaska CISO Shannon Lawson takes role with Phoenix

Phoenix CIO Matthew Arvay told StateScoop that Lawson, who left the Alaska government in late December, will start with the city in early April.
Shannon Lawson (StateScoop)

Shannon Lawson, who previously served as Alaska’s statewide chief information security officer, was recently hired for a similar role in Phoenix, the city’s chief information officer told StateScoop.

In an interview Friday, Matthew Arvay said Lawson, who resigned from his Alaska job in December, will trade the tundra for the desert when he begins with Phoenix early next month. Lawson will fill a vacancy created last year when the city’s last CISO, Randell Smith, retired after about a decade in the job.

His experience aligned very well and we are excited to have him,” Arvay said of Lawson.

Lawson joined the Alaska state government in September 2017 after serving in a variety of information security roles with the U.S. Navy, the National Security Agency, Science Applications International Corporation and Raytheon. Lawson told StateScoop he will fly south later this week and is looking forward both to a change of climate and security environment.


“It will be nice to go to warm weather and sunshine,” Lawson said. “And it sounds like their security program is more mature than what I walked up to here in Alaska.”

Lawson said his first 90 days in Phoenix will consist of gathering an account of the city’s security and “listening, assessing, understanding the business goals of the city and every department.”

Arvay, who recently marked his second anniversary as Phoenix’s top IT official, said Lawson will be tasked with developing cybersecurity policies and procedures for the municipal agencies Phoenix’s information technology office supports, as well as “driving new ways to protect our data and information.” Arvay added that he was particularly impressed with a project Lawson undertook in Alaska to consolidate state, local, and educational cybersecurity procurement.

Lawson finalized a three-year, $11.6 million contract with the IT provider Evotek in October. Under the agreement, state agencies, courts, cities, boroughs, tribal governments, public universities and libraries would have been able to purchase security tools from a variety of vendors through a shared platform. The Evotek deal replaced a contract with McAfee as the state’s sole IT security provider.

But the Evotek contract was breached shortly after Dunleavy took office and Lawson departed, when the state stopped paying its bills to the firm, according to the Alaska Landmine, a state political news website. The payments were stopped by Peter Zuyus, who served as Alaska’s CIO for less than two months following Dunleavy’s inauguration before being ousted himself.


Evotek told StateScoop Alaska has since payed its outstanding bills and is now implementing the contract.

Colin Wood contributed reporting.

This story has been updated with comment from Evotek.

Benjamin Freed

Written by Benjamin Freed

Benjamin Freed was the managing editor of StateScoop and EdScoop, covering cybersecurity issues affecting state and local governments across the country. He wrote extensively about ransomware, election security and the federal government’s role in assisting states and cities with information security.

Latest Podcasts