Healthcare cybersecurity in Colorado runs the full length of the care continuum. The leaders in this feature are securing academic medical centers, community hospitals, non-emergency medical transportation, and some of the largest health services platforms in the country. The environments are different. The stakes are the same: patient data, care continuity, and the trust that health systems depend on to function.
Fernando Pedroza — Chief Information Security Officer, University of Colorado Health
Fernando Pedroza has been at the University of Colorado Health for nearly twenty-two years, moving from information security officer and director of technology services through VP of technology and security before stepping into the CISO role in 2014, where he has now served for nearly twelve years. Before UCHealth, he spent a decade as director of IS at Sisters of Mercy Health System and seven years implementing patient care systems at McKesson across hospitals nationwide. That career arc, from installation specialist in the 1980s to health system CISO today, reflects an institutional knowledge of how clinical technology and security have evolved together. Few people in Colorado healthcare security have watched that evolution from as many angles.
Robert Malarkey — Chief Information Security Officer, Cottage Health
The path Robert Malarkey took to the CISO seat runs straight through audit. He started in IT audit at Deloitte, moved into senior and director roles at Crowe Healthcare Risk Consulting over nearly a decade, rose to VP of IT audit and risk, then spent nearly six years as senior director of cybersecurity GRC and identity and access management at Banner Health before stepping into the CISO role at Cottage Health in March 2026. That audit-to-security progression produces a particular kind of security leader: one who has spent years inside organizations evaluating whether controls actually work, not just whether they exist on paper. At a community health system, that discipline translates directly into programs built for substance rather than optics.
Jen Vasquez — Vice President and Chief Information Security Officer, Evernorth Health Services
Jen Vasquez has held VP and CISO roles at Kaiser Permanente and Cigna before landing at Evernorth Health Services, where she leads global cybersecurity for a Fortune 50 health services organization whose capabilities include Express Scripts, Accredo, eviCore, and MDLIVE. At Kaiser, she built the Cyber Risk Defense Center from the ground up as deputy CISO, overseeing a 24/7 fusion center capability that integrated threat intelligence, forensics, incident response, and application security testing for a health system serving more than twelve million members. She has led security investment programs exceeding $500 million and managed end-to-end merger and acquisition security projects at billion-dollar scale. She also advises NightDragon on cybersecurity investment strategy. The breadth of that record, across operations, strategy, M&A, and executive advisory, is unusual even by large health system standards.
Travis Aldrich — Chief Information Security Officer and Director of DevSecOps, SafeRide Health
Travis Aldrich came to healthcare security through a DevOps and cloud engineering background, spending six years managing large-scale AWS security and automation at Charter Communications before moving into cloud consulting at Neudesic and then joining SafeRide Health. His dual role as CISO and director of DevSecOps reflects an approach to security that starts at the development layer rather than being applied after the fact. At a non-emergency medical transportation platform where patient data flows through scheduling, routing, and claims systems, embedding security into the development lifecycle rather than bolting it on at the end is not a philosophical preference. It is an operational necessity.
Peter Hastings — Vice President and Chief Information Security Officer, Community Health Systems
Before stepping into the CISO role at Community Health Systems, Peter Hastings spent a decade as VP of cybersecurity at CommonSpirit Health, where he built a new security department from scratch and established threat intelligence, information sharing, and response capabilities across one of the most complex health system environments in the country. At CHS, a $35 billion national organization, he reduced the enterprise risk score by twelve percent through Agile-based risk reduction sprints, addressed eighty-five findings within a single year, and defined the strategy for a next-generation Cyber Fusion Center. He manages an average annual operating budget of $25 million with investment cycles exceeding $11 million annually. A decade at CommonSpirit followed by the CISO role at CHS traces a straight line through some of the largest and most operationally demanding health system security programs in the US.
The Weight of Healthcare Security in Colorado
Colorado’s healthcare security leaders are not operating in a forgiving environment. The sector is heavily regulated, persistently targeted, and operationally dependent on systems that cannot go down. What distinguishes this group is not just their individual credentials but how many of them built their programs rather than inherited them, and how many have done it more than once. That pattern of repeated program-building, across different organizations and different scales of complexity, is what sustained healthcare security leadership actually looks like.
Explore more profiles of the leaders shaping cybersecurity across the healthcare industry: