Higher education sits in an uncomfortable position in cybersecurity. The data CISOs protect is among the most sensitive imaginable: student records, financial aid information, research data, health records, and the personal information of tens of thousands of people at various stages of life. The networks are deliberately open by academic tradition. The budgets are rarely commensurate with the threat surface. And the user population changes every year. The leaders in this feature are navigating all of that, across research universities, state systems, and education technology platforms serving schools far beyond Colorado’s borders.
Brad Judy — Chief Information Security Officer, University of Colorado System Administration
Brad Judy has spent more than fourteen years at the University of Colorado, moving from information security officer through deputy CISO before stepping into the system CISO role in December 2024. His earlier work as ISO included implementing multifactor authentication across more than 20,000 employees to reduce financial fraud risk, standing up the system’s first SIEM, and driving ERP security patching from a low organizational priority to what the university describes as industry-leading capability. Those are not headline-grabbing initiatives. They are the unglamorous fundamentals that determine whether a security program actually holds up. His current remit covers multicampus policy and standards, shared cybersecurity services, monitoring and incident response, vulnerability management, and compliance across a system serving more than 60,000 students.
Steve Lovaas — Chief Information Security Officer, Colorado State University System
Twenty years at Colorado State University before stepping into the system CISO role in 2021 gives Steve Lovaas a depth of institutional knowledge that is almost impossible to replicate. He holds a CISSP and a master’s degree in information assurance from Norwich University, and his approach to security reflects both: he is direct about the fact that security is about people, processes, and policies as much as it is about technology. His experience spans PCI-DSS evaluation and remediation, network security, firewall planning, and security awareness campaign development across environments where the human element is as consequential as any technical control.
Alain Bouit — Associate Vice Chancellor and Chief Information Security Officer, University of Denver
Before joining the University of Denver in 2022, Alain Bouit spent more than seven years as CISO at Oregon State Treasury, where he was responsible for securing more than $110 billion in state fund investments, $10 billion in bond issuances, and $350 billion in banking services transactions annually. That is a meaningful contrast to the higher education environment he now operates in, and it shapes how he thinks about risk governance, vendor security management, and executive reporting. At Oregon State Treasury, he built the agency’s information security program from the ground up, launched a Security Champions organization, established an application security program with embedded threat modeling, and developed a comprehensive IAM program. He brought all of that into a university environment that demands a different kind of security leadership but benefits considerably from the discipline he developed in financial services.
Julie Chickillo — Vice President and Head of Cybersecurity, Guild Education
Julie Chickillo has led cybersecurity at Guild Education since December 2019, overseeing a program that spans information security governance, risk and compliance, DevSecOps, threat and vulnerability management, data privacy, and legal alignment across a platform that helps working adults access education and career advancement through employer partnerships. Before Guild, she served as VP of information security, risk and compliance and data privacy officer at Beeline, where she built the security and privacy program to meet GDPR, CCPA, ISO 27001, and NIST 800-53 requirements. She also spent time as an information system security risk and compliance analyst at Colorado’s Governor’s Office of Information Technology, where her team’s work contributed to a 2015 NASCIO State IT Recognition Award for cybersecurity. That public sector foundation gives her a regulatory fluency that informs how she builds programs in the private education technology space.
Mike Hart — Chief Information Security Officer and Executive Director of Cybersecurity and Data Assurance, Metropolitan State University of Denver
Mike Hart has been at MSU Denver since 2011, building and leading the university’s cybersecurity and data assurance function for more than fifteen years. His background includes IT leadership in the US Air Force and director-level technology roles in telecommunications, banking, and tolling, the last of which he held at E-470 Public Highway Authority for nearly eight years before moving into higher education. That cross-sector foundation, spanning defense, financial services, infrastructure, and now academia, gives him a practical, operationally grounded perspective on security that is less common in university environments. Fifteen years of continuity at a single institution means he knows the environment, the people, and the constraints better than almost anyone.
What Colorado’s Education Security Leaders Have in Common
Institutional tenure is the thread that runs through this group. Several of these leaders have spent a decade or more inside the same organization, which means their security programs are not inherited frameworks applied to unfamiliar environments. They are programs built from direct experience of how the institution actually operates, where the data lives, and where the real risks are. In higher education, where trust and continuity matter as much as technical controls, that kind of sustained commitment is not incidental. It is the foundation.
Discover more cybersecurity leaders securing educational institutions:
- Where Arizona’s Higher Education CISOs Are Setting the Standard
- Cybersecurity Leaders to Watch in Washington’s Higher Education Industry
- Cybersecurity Leaders to Watch in Georgia’s Higher Education Sector
- CISOs to Watch in North Carolina’s Higher Education Industry
- CISOs to Watch in the State of New York’s Higher Education Industry