Public sector organizations face increasing cybersecurity risks due to the growing complexity of digital infrastructure, expanding attack surfaces, and evolving threat landscapes. Despite the increasing risk, many Information Technology (IT) leaders continue to struggle with implementing comprehensive and sustainable strategies to protect information systems. Grounded in Ajzen’s theory of planned behavior, the purpose of qualitative pragmatic inquiry was to explore effective cybersecurity strategies IT leaders in the public sector use to protect organizations from cyberattacks, maintain public trust, and prevent financial losses. The project examined how attitudes, subjective norms, and perceived behavioral control influence leaders’ cybersecurity practices. Data were collected from six IT leaders in the public sector, who successfully implemented effective cybersecurity strategies, utilizing a combination of semi-structured interviews and document reviews. Thematic analysis was used to analyze the data, revealing three themes: prioritizing cybersecurity awareness and training, promoting stakeholder collaboration and audits, and embedding adaptive governance and culture. A key recommendation is the implementation of role-based cybersecurity training, tailored to employee responsibilities, to enhance engagement and knowledge retention. The implications for positive social change include improved protection of public digital infrastructure, enhanced public trust in government services, and the promotion of ethical leadership practices in cybersecurity management by IT leaders in public sector organizations.