Healthcare cybersecurity carries a weight that most other sectors don’t. A breach isn’t just a compliance failure or a reputational hit. It can delay care, expose the most sensitive personal information people have, and undermine trust in institutions patients depend on. The leaders in this feature are responsible for preventing exactly that, across health insurance, hospital systems, long-term care, and health and wellness platforms where the regulatory bar is high and the operational stakes are higher.
David Valenzuela — Vice President and Chief Information Security Officer, Blue Cross Blue Shield of Arizona
David Valenzuela brings a notably broad technical foundation to his role at Blue Cross Blue Shield of Arizona, where he has served as VP and CISO since October 2023. His background includes security architecture, privileged access management, vulnerability management, application security, logging and integration, and IT risk assessment across both traditional IT infrastructure and industrial control and SCADA environments. Before BCBSAZ, he served as global director of information security and compliance at Rogers Corporation and as director of security technology and tools at HealthEquity. He holds CISSP, CCSP, CISA, and CRISC certifications, a combination that reflects depth across both technical and governance dimensions of the discipline.
Robert Perry — Chief Information Security Officer, HonorHealth
Building a security program from scratch is one thing. Doing it as the first CISO an organization has ever had, with a four-person team, is another. Robert Perry did exactly that at Carilion Clinic, where he spent nearly six years establishing the information security function, reducing incident response times from hours to minutes, and introducing structured security awareness training and monthly phishing testing. He joined HonorHealth as CISO in June 2024, bringing that program-building experience to a large Scottsdale-based health system. His track record suggests he is most effective when the mandate is clear and the organizational support is there to execute it.
Bob Schlotfelt — Former Executive Director and Chief Information Security Officer, Valleywise Health
The numbers at Valleywise are specific enough to be worth stating directly. During Bob Schlotfelt’s tenure as executive director and CISO, he implemented a SIEM and SOC strategy that avoided $1.5 million in incremental spend, and reduced incident response time by 40 percent, protecting approximately $1.3 million in daily revenue. He led cybersecurity modernization for a major public healthcare system while maintaining alignment with legal, privacy, and compliance functions across forensics, investigation, and patient data privacy. His background also includes serving as inaugural CISO for an $85 billion pension fund management organization and earlier healthcare security leadership at St. Joseph Health System. Becker’s Hospital Review named him one of its Top 50 CISOs to Know for 2025. He is also a founding leadership member of the Phoenix CyberRisk Collaborative.
Paul Wolf — Senior Vice President and Chief Information Security Officer, Tivity Health
Paul Wolf has been CISO at Tivity Health since 2017, a tenure that has taken him through two of the more demanding tests a security leader can face: a major acquisition and a subsequent divestiture. When Tivity acquired Nutrisystem, doubling the company’s size from roughly $600 million to $1.1 billion in revenue, he led the security aspects of the combined operations. He then managed the secure divestiture of business divisions that housed the majority of the enterprise’s IT assets and infrastructure. Before that, he established Tivity’s first independent, operational information security and network engineering functions from the ground up. Eight years in, his record at the company reflects what sustained security leadership looks like when the business keeps moving around you.
The Work Behind Arizona’s Healthcare Security Programs
The pressure on healthcare security leaders in Arizona is not abstract. The state’s healthcare sector includes some of the largest insurers, hospital networks, and health services companies in the Southwest, all operating under HIPAA, managing vast stores of patient and member data, and facing a threat environment that has specifically targeted healthcare for years. The leaders in this feature have responded to that pressure with programs built for the long term, not just for the audit cycle.
Explore more profiles of the leaders shaping cybersecurity across numerous industries in our CISOs to Watch collection.