Kentucky’s cybersecurity leadership spans government, academic medicine, community healthcare, manufacturing technology, banking, and global software platforms. The CISOs in this feature have built programs inside environments as different as a city government and a Fortune-level enterprise acquisition, but they share a common thread: careers shaped by the specific demands of the institutions and industries Kentucky depends on most.
James Meece — Chief Information Security Officer, Louisville Metro Government
James Meece has led cybersecurity for Louisville Metro Government since 2015, building and sustaining the city’s risk management, compliance, information security, and security awareness programs across a complex municipal environment. What sets his profile apart is the depth of his parallel military career: he served in the Kentucky Army National Guard for more than three decades, including as a Cyber and Electronic Warfare Officer at the Major rank, and completed a tour with US Cyber Command supporting the 780th Military Intelligence Brigade and Cyber Mission Forces. That combination of municipal security leadership and offensive and defensive cyber operations experience at the national command level is genuinely uncommon in a city government CISO role.
Stephen Burr — Chief Information Security Officer, University of Kentucky and UK HealthCare
Nearly twenty-five years at the University of Kentucky precede Stephen Burr’s move into the enterprise CISO role in 2024, covering a progression from systems programmer through business intelligence lead, enterprise architect, executive director of enterprise systems, and associate CIO and enterprise CISO. His background in enterprise architecture, analytics, cloud operations, and ERP systems gives him an unusually complete picture of the infrastructure he now secures. Holding the CISO role for both the university and UK HealthCare simultaneously means his security program spans academic, administrative, and clinical environments under one leadership mandate, a scope that demands both breadth and operational precision.
Michael Erickson — Chief Information Security Officer, Baptist Health
Thirty-one years at Baptist Health System tells its own story. Michael Erickson has been CISO since 2016, stepping into that role after serving as executive director and corporate director of IT infrastructure and security for more than a decade. Before that, he spent years as a senior infrastructure analyst and client/server analyst inside the same organization. His current responsibilities span enterprise information security policy, strategy, architecture, operations, and risk management across a health system operating in both Kentucky and Indiana. That level of institutional continuity in a healthcare environment where systems, regulations, and threat landscapes have all changed dramatically over three decades reflects a rare combination of adaptability and organizational commitment.
Justin Denton — Deputy Chief Information Security Officer, Lexmark
Justin Denton has spent nearly eighteen years at Lexmark, moving from global manager of audit and compliance through senior manager of cybersecurity governance, risk, and compliance before stepping into the deputy CISO role in December 2023. Before Lexmark, he spent more than four years in audit and compliance at PricewaterhouseCoopers. His CISA certification and long governance and compliance background give him a program discipline that is visible in how Lexmark’s security function has matured over his tenure. Nearly two decades inside a single global technology organization is a form of institutional expertise that rarely shows up on a resume but matters considerably in practice.
Michael Good — Chief Information Security Officer, Hearthside Bank
Michael Good arrived at Hearthside Bank in September 2022 after more than five years as a senior managing consultant at BKD CPAs and Advisors and a brief stint at FORVIS, where he advised organizations on IT controls, compliance, and security strategy. That consulting background shapes how he approaches the CISO role: with a clear-eyed view of control frameworks, audit readiness, and the practical gap between documented security programs and operational reality. His CISM certification and twenty-five-plus years in IT strategy round out a profile built on governance discipline and systems-level thinking in a community banking environment.
Jennifer Hartman — Informatica CISO and Head of Privacy Protection, Salesforce
Jennifer Hartman spent more than seven years at Informatica, rising from senior director of information security strategy through deputy CISO and then VP and CISO before the company’s acquisition by Salesforce in 2026, where she now leads Informatica’s security function within the combined organization. During that time, she achieved ISO 27001 certification with zero findings, built a global Critical Asset Protection Program securing more than 130 crown-jewel environments, and designed a global crisis management framework that engaged board-level stakeholders in simulation exercises. She also founded Informatica’s Women in Security employee resource group. The acquisition transition itself became a demonstration of her program’s resilience: she maintained certifications, compliance obligations, and team continuity through one of the more operationally demanding events a CISO can face.
Jannette Baker — Chief Information and Security Officer, Bluegrass Care Navigators
Jannette Baker stepped into the combined chief information and security officer role at Bluegrass Care Navigators in November 2022, bringing nearly a decade of clinical systems IT management at the same organization. Before healthcare, she spent fifteen years at Lexmark as director of worldwide managed print services and more than two years at Staples in managed print services operations. That background in complex service delivery, global operations, and clinical systems gives her a pragmatic, operationally grounded approach to security leadership in a palliative and hospice care environment where data sensitivity and care continuity are inseparable priorities.
Security Leadership Rooted in Kentucky’s Industries
What this group reflects is how closely cybersecurity leadership develops in relationship to the industries it serves. These are not interchangeable executives who could be dropped into any sector. Their careers were shaped by healthcare systems, municipal government, academic institutions, global manufacturing technology, community banking, and enterprise software, and that specificity shows in how they lead. Kentucky’s security bench is stronger for it.
Discover more CISOs across the U.S.A.: