Nikki serves as Arapahoe County’s Chief Information Security Officer helping to protect around 655,000 residents in one of Colorado’s largest counties.

Cybersecurity can be acronym-heavy, technical, and intense. Nikki is none of those things in spirit. She is upbeat in a field where a lot of people are not. She leads with strength and resilience, and with the mindset that while she can’t control what happens, she can control her response.

Here is a snapshot of her nominator’s comments:

“The recognition celebrates the remarkable contributions of women who are reshaping the landscape of local government. I would argue that Nicolle Rosecrans is not only making her local government a better place but also influencing her state and nationwide cyber community.”

And:

“She is both a hug and a kick in the butt and she always knows which order to deliver them. The hug is to let you know you're not alone, that she always has your back and the kick in the butt is to remind you that taking action is the only way to make the world a better place.”

In our conversation, Nikki reflects on building structure where there wasn’t any, communicating cyber risk in plain English, and raising two daughters, ages 11 and 13, to lead without comparing themselves to others.

This is part of the 2026 Inspirational Women in Local Government series. The next two honorees will be profiled on the following Thursdays this month.

Q. Is there a book that you've read in the past that was particularly meaningful to you?

Over the past year, I’ve read a wide range of books through Carnegie Mellon’s CISO (Chief Information Security Officer) leadership program, which I attended from January through June. The program covered everything from governance and risk management to leadership, so there was no shortage of reading. 

One book that particularly resonated with me was “Dare to Lead” by Brené Brown. Her message about courage and vulnerability in leadership really struck a chord. In cybersecurity, leadership often requires the courage to have difficult conversations and make tough decisions in high-pressure situations. Brown’s perspective reinforced for me that strong leadership and empathy aren’t opposites; they can and should exist together. That balance is something I try to bring to how I lead my team every day.

This winter, my reading was a little less inspirational and a lot more technical as I was studying for my Certified Information Security Manager (CISM) exam. I worked through study apps and thousands of practice questions through materials from ISACA (formerly the Information Systems Audit and Control Association). That meant most of my reading was on cybersecurity governance and risk management. [Note: Nikki recently learned she passed the CISM exam. She is now CISO and CISM certified]. 

Q. Tell us a little about your community and your role.

I serve Arapahoe County, Colorado. We’re a large, diverse county in the north-central part of the state. Like many counties, we’re navigating very real cyber risks with limited resources.

I was hired by the county in February 2020 under the Division of Homeland Security, supporting cybersecurity initiatives for ten counties in the North Central region. In 2022, I stepped into my current leadership role.

Since then, I’ve led the implementation of several key security initiatives, including new endpoint protection tools, stronger email security, third-party risk management and the development of our county’s cybersecurity incident response plan. I also authored Arapahoe County’s first information security plan, helped update our acceptable use policy, and co-developed the county’s ethical AI policy.

I really don’t see cybersecurity as just a technical risk. I see it as operational resilience and community protection.

Q. What was the path that led you to public service?

Public service has always been part of my world. I grew up in a family of law enforcement officers. My mom retired as a captain with the Denver Sheriff’s Department, my aunt retired as a captain with the Denver Police Department, and my husband is a police officer as well.

However, my path here wasn’t traditional. I started in administrative support in law enforcement. I was involved in emergency management and worked major incidents - wildfires, floods, critical law enforcement events. That shaped how I think about crisis response, leadership under pressure, and the human impact behind every incident.

I have a background in strategic communications. I really thought I wanted to be a public information officer. My aunt kept telling me to step into cybersecurity - but I wouldn’t listen to her! I didn’t think I knew enough about technology. But the more I was exposed to it, the more I realized cybersecurity isn’t just technical. It’s communication. You have to tell a clear story to your board of county commissioners and senior leaders about why it matters. 

I never want to go to my Board of County Commissioners without facts. Facts like: “what is cybercrime globally? What are the impacts that state and local governments are facing? Or, that 44 percent of state and local government agencies are still facing ransomware attacks.” So, I go to them with facts, but I never talk to them in a technical acronym. I really talk to them in a way they understand.

Q. What are you most proud of professionally?

I’m most proud of building structure where there wasn’t any. When I stepped into this role, vulnerability management was largely reactive. We relied on vendor notifications. Now, we have visibility into our infrastructure and can proactively remediate high-impact vulnerabilities.

We also built an internal red team capability — one of the first in Colorado’s public sector — so we can continuously test our environment instead of relying on a once-a-year external assessment. 

But beyond the technical wins, I’m most proud of the cultural shift that has taken place. We’ve moved from viewing cybersecurity as just an IT issue to understanding it as an enterprise-wide risk conversation. It’s about protecting resident services and ensuring operational continuity across the organization.

Ultimately, what matters most to me is knowing that the systems, plans, and culture we’re building today will continue protecting our community long after I move on.

Q. What advice would you give to other women in local government looking to grow their careers?

My first piece of advice would be: don’t wait until you feel perfectly ready. Because I wasn’t ready, and I stepped into it anyway. Growth almost always happens before you feel fully prepared.

Second, understand the organization - not just your function. The women who grow are the ones who really understand how decisions impact the entire organization, not just their lane.

And never compare yourself! There will always be someone smarter than me. There’s always going to be someone prettier than me. There’s always going to be someone generally better at something than I am. Comparison is a trap.

Leadership isn’t about being the best in the room. It’s about being steady. It’s about being courageous. It’s about being authentic in your own lane. I tell my daughters this all the time: Don’t be afraid to try. Don’t be afraid to fail. My success hasn’t come from my wins. It has really come from the times I’ve fallen, learned, and gotten back up.

Q. Where do you go when you want support, education, or mentorship?

I’ve learned that no one succeeds in this field alone, so I rely heavily on the professional networks and peer communities around me.

Locally, I connect frequently with cybersecurity leaders across neighboring counties and municipalities - places like Jefferson County, City of Aurora, Colorado Office of Information Technology, and Boulder County. Those relationships are incredibly valuable because we’re all facing similar challenges. Being able to pick up the phone, talk through a situation, or share lessons learned creates a level of collaboration that strengthens all of our organizations.

I’m also very involved in both local and national professional cybersecurity communities and the broader cybersecurity leadership network. Those organizations provide incredible resources for continuing education, mentorship, and staying current in a field that evolves quickly. 

Beyond formal networks, I’ve found that mentorship often happens through everyday conversations with trusted colleagues and leaders. Whether it’s discussing strategy, talking through how to communicate risk to leadership, or simply sharing experiences from the field, those relationships are invaluable.

We’re all stronger when we learn from each other.

Q: Who else has been an inspirational leader who has had an impact on you?

Jill Fraser, Chief Information Security Officer for Colorado’s Office of Information Technology, has been a significant mentor. She models strength, integrity, and courage in a high-pressure environment.

And the women in my family have shaped me deeply. I grew up around grit, discipline, and service.

Q: What do you hope your legacy will be?

I hope my legacy is one of resilience, service, and people-centered leadership.

In cybersecurity, it’s easy to focus only on the technical side of the work, but what has always mattered most to me is helping organizations understand that security is really about protecting people and preserving the services our communities rely on. If the programs, plans, and partnerships we’ve built continue to strengthen the county’s resilience long after I move on, that would mean a great deal to me.

I also hope I’m remembered as someone who helped others grow. Throughout my career, I’ve benefited from leaders and mentors who took the time to guide me, challenge me, and open doors that I might not have walked through on my own. Being able to offer that same encouragement and support to others—especially those who may not see themselves reflected in traditional cybersecurity paths—is something I care deeply about.

But more than anything, I hope I inspire my daughters. I want them to lead without fear. I want them to know that confidence isn’t built by comparing yourself to someone else - it’s built by knowing who you are. I’ve learned that influence comes from trust more than authority. 

Q: Are there women who you know in public service who deserve a shout-out? Celebrate them here.

Can I shout-out a couple of men as well? I’d like to recognize Ben Edelen, who is the chief information security officer for Boulder County. He has been a real mentor and is a good friend. Tim McCain, chief information security officer for the City of Aurora, has been a huge influence in my life professionally. And then my aunt Sylvia, who recently retired as a captain from the Denver Police Department. Without her persistence I may have missed my calling. And finally, my husband, John Rosecrans, former Green Beret, and a police officer in the Town of Parker. Without my husband’s strength, the very foundations of our home would feel unsteady. 

#WomenInLocalGovernment  #WomenInGovernment #InspirationalWomenInLocalGovernmentHonorees #InspirationalWomenInLocalGovernment #IWLG #IWLG2026 #IWLGHonoreeNicolleRosecrans #ArapahoeCounty #ArapahoeCountyChiefInformationSecurityOfficer #NicolleRosecransProtectingResidentServices #NicolleRosecransArapahoeCountyCISO #LocalGovernmentManagement #LocalGovernmentCybersecurity #CountyCybersecurity #ArapahoeCountyCybersecurity #CountyCybersecurityManagement #CountyCybersecurityPerformance #CybersecurityLeadership #WomenAndCybersecurityLeadership #LocalGovernmentMentorship #StateandLocalLeadership #CountyGovernmentManagement #CountyResilience #CommunicatingCyberRisk #CarnegieMellonCISOLeadership #ArapahoeCountyFirstInformationSecurityPlan #StateandLocalCybersecurityResilience #StateandLocalCybersecurityCommunications #CommunicatingCybersecurityFacts #CountyVulnerabilityManagement #CybersecurityLeadershipNetworks #CybersecurityMentorship #IntergovernmentalCybersecurityCollaboration #BenEdelen #TimMcCain  #PeopleCenteredLeadership #JillFraserColoradoCISO #JohnRosecrans #Envisio #AllianceForInnovation #LeagueOfWomenInGovernment #BarrettandGreeneInc