Utah’s technology sector has grown fast enough to earn its own nickname, and the security leaders protecting the companies built on Silicon Slopes reflect that growth. The CISOs in this feature are securing global direct sales companies, legal technology platforms, financial services firms, consumer brands, and communications companies that together represent a significant slice of Utah’s private sector economy. Their backgrounds span healthcare, banking, energy utilities, and global manufacturing, and their programs reflect what it takes to build security inside environments that are scaling quickly, operating globally, and navigating regulatory complexity that does not slow down for growth.
Eric Sorenson — Chief Information Security Officer, doTERRA International
The call that brought Eric Sorenson to doTERRA in 2016 was not a routine hire. He was recruited as the company’s first CISO immediately after a major data breach at a third-party vendor had compromised significant customer private data, which meant his first task was incident response and remediation before he could turn to building the program he had been brought in to create. Within two years, he had aligned control objectives with ISO 27000, PCI, and EU GDPR, constructed a risk-based ISMS, and built a global cybersecurity strategy with both predictive and responsive components. Before doTERRA, he served as CIO and CISO at Arches Health Plan, where he built the security and compliance program from scratch for a greenfield health insurance operation, and as information security officer at HealthEquity, where he built that organization’s first information security program and, during a social engineering exercise he designed himself, demonstrated to leadership that more than 40 percent of employees including executives would surrender credentials to a phishing email. That result secured his budget immediately. Google’s ethical hackers subsequently failed to breach the system he built, the first time that outcome had occurred in Google’s testing history at the time.
Matt Huff — Chief Information Officer and Chief Information Security Officer, Tanner
Most CISOs think about AI as a threat vector. Matt Huff is thinking about it as a governance problem, and he is building the frameworks to address it from the inside. At Tanner, a Salt Lake City regional public accounting firm where he has served as CIO and CISO for a decade after spending the previous nine years building the firm’s IT function from the ground up, he is now architecting what he calls an AI Oversight Framework to ensure trustworthy and safe delivery of value in agentic AI workflows. His concern is specific: when software can write its own code and execute autonomous decisions, traditional IT controls that rely on human approval loops become obsolete. He refers to this as permission engineering rather than prompt engineering, and is applying zero trust principles to AI agents that reason and act independently. Alongside that forward-facing work, he has maintained a zero breach record at Tanner for more than twenty-two years and led the firm’s full migration to a cloud-native Azure environment. He also provides security advisory services to enterprise clients across healthcare, financial services, and critical infrastructure.
Brandon Greenwood — Chief Information Security Officer and Vice President of Security and IT, Beyond
Brandon Greenwood has served as CISO and VP of security and IT at Beyond, a Utah-based e-commerce company, since November 2023, where his work spans cybersecurity strategy, IT operations, and risk management across a consumer-facing platform. He serves on the board of SL|CISO, a Salt Lake City security leadership organization, has been an OnDemand subject matter expert at the SANS Institute for more than eighteen years, and sits on Utah’s Personal Privacy Oversight Commission, a state advisory body focused on privacy policy and consumer data protection. That combination of enterprise CISO accountability, long-standing technical education engagement through SANS, and active participation in state-level privacy governance reflects a security leader whose influence extends well beyond his own organization.
Dean Sapp — Chief Information Security Officer, Filevine
Dean Sapp has spent more than six years at Filevine, the leading legal technology company, stepping into the formal CISO title in January 2025 after more than five years as SVP of information security, privacy, risk, and compliance, where he was already performing the duties of a CISO. His expertise in the legal vertical runs deep: he has served as a virtual CISO for law firms through his own practice since 2007, has experience as an expert witness in depositions and trial work, and holds depth across CJIS compliance, eDiscovery and digital forensics, NYDFS, and the full range of frameworks that legal technology companies must navigate. At Filevine, he also serves as data protection officer, a dual mandate that reflects how seriously the company treats the sensitivity of the legal matter data flowing through its platform daily.
Travis Anderson — Chief Information Security Officer, Sorenson Communications
Before arriving in Utah, Travis Anderson spent a decade at Portland General Electric in Oregon, where he was promoted to CISO and information risk director after leading IT risk and compliance, and where he reduced cyber incidents by 60 percent over two years, lowered security-based project delays by 90 percent, and grew PGE’s information security baseline from the bottom quartile to the top quartile of the energy industry. He was ranked in the top 28 percent of CISOs in the United States in 2013. He joined Sorenson Communications in 2017, initially as executive director of information security and privacy, and has served as CISO since September of that year. Sorenson provides communication services for the Deaf and hard-of-hearing community, which means the data it handles is both sensitive and mission-critical to the people who depend on it. His background managing board relationships, regulatory compliance, and law enforcement partnerships across energy and communications gives him a cross-sector credibility that informs how he runs security at Sorenson.
Morian Eberhard — Chief Information and Security Officer, Nu Skin
Morian Eberhard leads both global IT operations and information security at Nu Skin, a global beauty and wellness company, a dual mandate that reflects how closely security and technology strategy are integrated in his approach. His career before Nu Skin includes more than ten years at MUFG in enterprise information security and deputy CISO roles, a year as CISO at Zions Bancorporation, and two years as VP of threat management and monitoring at Charles Schwab. That consecutive run through major financial institutions, each with stringent regulatory environments and significant operational complexity, shaped a security leader who now applies that discipline to a global direct sales organization operating across dozens of countries. He also serves on the board of the Boys and Girls Club of Utah County, reflecting a commitment to community that extends alongside his enterprise responsibilities.
What Utah’s Security Bench Reflects
Silicon Slopes has attracted attention for its startup density and technology growth, but the leaders in this feature are not primarily startup security leaders. They are executives who have built programs inside organizations that are global in reach, regulated in nature, and operationally complex in ways that demand serious security governance. Several of them rebuilt programs after crises. Others built from scratch inside greenfield organizations. All of them are doing it in Utah, a state whose security talent has developed faster than its national reputation might suggest.
Discover more cybersecurity leaders in various states:
