This generic qualitative study explored how senior technology leaders at U.S. public research tier-I (R1) higher education institutions, which are classified by the Carnegie Classification as having very high research activity, apply risk management strategies to shadow IT, defined as technology used without formal IT approval. Shadow IT challenges arise from decentralized environments, academic autonomy, and regulations such as the Family Educational Rights and Privacy Act (FERPA). Despite increasing awareness, little research has examined how leaders manage these environments. This study explored how technology executives at public R1 institutions apply risk management strategies to shadow IT. Data were gathered through semi-structured interviews with 11 chief information officers (CIOs) and chief information security officers (CISOs), recruited via direct email. Interviews were conducted on Zoom, transcribed using NVivo Transcription, and thematically analyzed using NVivo 15. Findings revealed that shadow IT often involves unauthorized software, homegrown tools, or independently managed systems. Mitigation strategies included policy enforcement, technical controls, and relationship-based outreach. While participants agreed shadow IT cannot be eliminated, most emphasized that it can be managed through governance reform, improved visibility, and trust-based collaboration. This study extends technology threat avoidance theory (TTAT) by applying it to leaders’ threat perceptions, safeguard evaluations, and mitigation actions. The findings offer insights into how CIOs and CISOs balance innovation and risk.