Mark Goodwin is the Chief Information Security Officer (CISO) for Buncombe County, North Carolina, where he leads enterprise cybersecurity strategy, governance, risk management, security operations, and organizational security awareness initiatives across county government. With more than 25 years of experience spanning public sector leadership, federal consulting, enterprise architecture, and cybersecurity program development, he specializes in helping organizations navigate the intersection of operational resilience, regulatory compliance, privacy, public safety, emergency management, and emerging technologies. As part of the county’s leadership team, Mark works across departments and agencies to help guide conversations surrounding the responsible adoption of artificial intelligence within complex government environments. His work focuses on balancing innovation with the operational realities of cybersecurity, privacy, governance, responsibility/accountability, and public trust. In addition to leading the county’s broader cybersecurity and risk management efforts, he works closely with stakeholders across technology, legal, communications, public safety, and executive leadership to address the organizational and cultural challenges that accompany emerging technologies and digital transformation initiatives. Mark also served as the Local Cyber Representative on the Multi-State Information Sharing and Analysis Center / Elections Infrastructure Information Sharing and Analysis Center (MS-ISAC/EI-ISAC) Executive Committee (2021–2026) and is a current member of the North Carolina Cybersecurity Planning Committee, helping direct federal grant cybersecurity resources under the Infrastructure Investment and Jobs Act (IIJA) State and Local Cybersecurity Grant Program (SLCGP), with a focus on strengthening cyber protections within rural and economically disadvantaged communities. Prior to joining Buncombe County, he spent more than a decade supporting federal healthcare, scientific research, and government organizations in cybersecurity modernization, governance, and enterprise risk initiatives across large and complex operational environments.