Missouri’s healthcare sector runs from one of the largest managed care organizations in the country to regional health systems, specialty pharmacy platforms, and value-based care companies serving patients well beyond state lines. The CISOs in this feature are securing those environments, each with its own regulatory framework, patient data profile, and operational risk surface. What connects them is accountability to a sector where a security failure is never just a technology problem.
Alan Berry — Senior Vice President and Chief Information Security Officer, Centene Corporation
Alan Berry has spent more than eight years at Centene Corporation, progressing from VP of cyber security through VP and regional VP CISO roles before stepping into the SVP and CISO seat in August 2025. Before Centene, he spent three years as senior director of disaster recovery at CVS Health and more than twenty-six years as a cyber operations officer in the United States Air Force, including command of the AF’s only cyber operations center, where he led 300-plus personnel planning and executing full spectrum cyber operations across the Air Force and DoD. He also served as chief of staff representing the Air Force at US Cyber Command and the NSA, and as CIO for USAFCENT directing cyber and IT efforts across 22 locations in 10 countries during active combat operations. That national security and military command background is not common in managed care security leadership. At Centene, he also serves as president emeritus of the board of CyberUp, a St. Louis nonprofit closing the regional cybersecurity skills gap, and sits on advisory boards at Washington University, Verizon Cyber Security, and InfraGard St. Louis.
Montez Fitzpatrick — Chief Information Security Officer, Navvis
Seven years into his tenure at Navvis, Montez Fitzpatrick has built the company’s enterprise security risk management program from scratch, managed a $1.2 million security budget, and led security initiatives during M&A activities that contributed to an enterprise valuation increase to nearly $750 million. His responsibilities span HIPAA, SOC 2, and HITRUST compliance, incident response, SIEM operations, vulnerability management, and third-party vendor security across a value-based care platform serving major healthcare clients. Before Navvis, he spent a year as business information security officer at Equifax Workforce Solutions managing a $1 billion security portfolio across commercial, government, and international clients, and four years as director of information security and compliance at Keystone Technologies in St. Louis, where he built and led the Security Officer as a Service compliance initiative. His earlier background includes five years in information security engineering at Isle of Capri Casino, where he built the PCI-DSS compliance program and designed a three-tier public key infrastructure environment. That arc from casino security engineering through managed services compliance into healthcare CISO leadership reflects a practitioner who has built security programs across genuinely different regulated environments.
Mike Ehlers — Chief Information Security Officer, Soleo Health
Mike Ehlers stepped into the CISO role at Soleo Health in October 2025, bringing a career built across some of Missouri’s most recognizable organizations. He spent five years as global senior manager of information security at Olin Corporation in St. Louis, leading a layered security model across IT and OT environments and managing a 24/7 SOC, before which he served as CISO at Clearent and spent nearly seven years as global director of information security and networking at ICL. Earlier, he directed information security solutions integration at Mastercard, building the company’s federated single sign-on platform from the ground up and reducing implementation costs by 75 percent. His background at Anheuser-Busch, First Bank, and Mastercard traces a St. Louis career that spans financial services, global manufacturing, and payments before landing in specialty pharmacy. His technical depth covers OT security, IAM, cloud security architecture, SIEM operations, and compliance across CMMC, NIST, PCI, SOC, GLBA, ISO 27001, and HIPAA frameworks.
Matthew Modica — Vice President and Chief Information Security Officer, BJC Health System
Matthew Modica has served as VP and CISO at BJC Health System since June 2017, leading enterprise security for one of the largest nonprofit health systems in the United States. He has been named to Becker’s Hospital Review’s CISO to Know list five times, a recognition that reflects both his sustained contributions to healthcare security and his visibility as a thought leader in the field. He also taught as an adjunct instructor at Washington University in St. Louis. His background before BJC spans director of information risk management at Express Scripts, VP of global client security at Equifax, and eight years as team leader of IS security strategy at Edward Jones, giving him a cross-sector foundation in financial services, data services, and pharmacy benefit management that informs how he approaches security governance in a complex health system environment. Twenty-seven years in cybersecurity, most of it in Missouri, makes him one of the more established security leaders in the state’s healthcare community.
Missouri Healthcare Security Is Personal Work
In healthcare, security leadership carries a weight that most other sectors do not. The data being protected belongs to patients at some of the most vulnerable moments of their lives. The systems being secured are the same ones clinicians depend on to deliver care. The leaders in this feature understand that, and their programs reflect it. Whether securing a Fortune 500 managed care organization, a value-based care platform, a specialty pharmacy company, or a major nonprofit health system, the accountability is the same: protect what matters most to the people the organization exists to serve.
Discover more CISOs securing the healthcare sector:
