Paul Suarez

VP & Chief Information Security Officer | Securing Fortune 500 Retail Operations

Des Moines Metropolitan Area

About

As the Chief Information Security Officer at Casey's, I lead a cybersecurity team that secures the retail operations of a Fortune 300 company with over 2,900 stores and 50,000 team members spread across 19 states. I have over 39 years of experience in cybersecurity, network operations, cyber operations, and telecommunications systems, spanning both the public and private sectors. I leverage my skills in information security, network security, compliance, risk management, strategic leadership, problem solving, and productivity enhancement to support the retail convenience store operations of Casey's and ensure security of our adoption of AI and compliance with PCI, SOX, PII, Privacy, and Anti-Fraud standards. I also provide expertise across all cybersecurity disciplines and collaborate with internal and external stakeholders to drive improvement and innovation in the cybersecurity and cyber operations fields. My mission is to protect Casey's assets, data, and customers from cyber threats and enable its business growth and success.

Experience

  • VP & Chief Information Security Officer at Casey's
    Apr 2021 - Present · 5 yrs 4 mos

    Leads the cybersecurity team securing the retail operations of a Fortune 300 company. Provides expertise across all cybersecurity and security engineering disciplines to support the convenience store operations of Casey's 2,900-store enterprise employing more than 50,000 team members. Responsible for securing the company's use of artificial intelligence (AI) and collaborates across all company functions on compliance efforts for PCI, SOX, PII, Privacy and Anti-Fraud.

  • Board Member at Retail & Hospitality ISAC
    Apr 2026 - Present · 4 mos

    Member of the Retail & Hospitality ISAC Board of Directors with responsibility for reviewing budgets, assessing program performance, and guiding organizational strategy. Provide C‑suite perspective on risk, resilience, and market needs while helping steer investments, partnerships, and go‑to‑market initiatives that support the cybersecurity posture of the global retail and hospitality community.

  • Member of the Board of Executive Advisors at Tenable
    Jan 2022 - Present · 4 yrs 7 mos

    Selected by Tenable’s CEO to serve on its Executive Advisory Board, a small group of enterprise security leaders providing strategic guidance on market trends, customer needs, and product direction. Contribute C‑suite insight to help shape Tenable’s long‑term strategy, competitive positioning, and evolution as a global cybersecurity platform.

  • Walmart (6 yrs 8 mos)
    • CISO, International
      Feb 2018 - Mar 2021 · 3 yrs 2 mos

      Led a distributed team of 105 information security professionals in 26 countries and the US to accelerate the international technology strategy with a focus on Walmart Latin America (Mexico, Central America, Brazil, Chile and Argentina) and the European Union (UK/ASDA). Drove massive effort to remediate over 100 international applications to comply with global identity & access management standards in collaboration with IT Audit. Authored annual cybersecurity strategic plan for international with market-specific actions based on results of ISO 27001, 27002 and NIST Cybersecurity Framework (CSF) assessments. Ensures supporting technologies comply with PCI-DSS, HIPAA, SOx, GDPR and other privacy and financial technology (fintech) related standards. In addition, oversaw business continuity and disaster recovery (BCDR) planning and implementation across Walmart’s international landscape.

    • Senior Director, M&A and International InfoSec
      Feb 2017 - Jan 2018 · 1 yr

      Led a team of 11 engineers, risk analysts and program/project managers to accelerate the integration and business enablement of Walmart eCommerce acquisitions: Jet, Hayneedle, Shoebuy, Moosejaw, Modcloth, Bonobos and Parcel. In addition, worked hand-in-hand with Walmart international tech teams in 10 markets to drive improvement of their security posture based on internal audit, red team, ISO 27001 and/or NIST CSF results and the global vulnerability and risk management systems.

    • Senior Director, Cybersecurity Engineering
      Jan 2015 - Jan 2017 · 2 yrs 1 mo

      Supervised a team of 110+ technicians, engineers and programmers operating, maintaining and modernizing the company's global cybersecurity infrastructure to include network security, internet security, endpoint security, cryptography, cloud security, identity management, access management, authentication and authorization and proof of concept/innovation teams. Leadership face of huge program management effort to manually migrate over 10,000 certificates to the SHA2 standard and transition all company web protocols from SSL to TLS. Advocated for, hired and developed the company’s first cloud security team and oversaw the introduction of cloud access security broker (CASB), cloud DLP, open authentication and PCI HSM services to securely jump-start the company’s move to the cloud. Finally, led the company’s effort to introduce 2-factor authentication/2-step verification (2FA/2SV) through very hands-on and visible engagement with the employee base ensuring rapid adoption.

  • Chief of Staff, Sales then Business Development Manager (DoD/Cybersecurity) at Avaya Government Solutions
    Oct 2012 - Apr 2014 · 1 yr 7 mos

    Executed strategy for US Federal Government (CONUS and OCONUS) sales enablement, field productivity, GTM planning, talent management and operations interlock of over 100 sales representatives, managers and engineers. As BDM, built balanced pipeline of IDIQ and single award DoD, cybersecurity, and Veterans Administration opportunities for IT professional services arm of AvayaGov.