Ohio’s cybersecurity leadership runs deep across higher education, utilities, manufacturing, healthcare, financial services, government, and enterprise technology. The women in this feature reflect that range. Some are leading security programs inside major institutions. Others are shaping cyber resilience for regulated industries, public-sector organizations, and critical infrastructure. Together, they show how Ohio continues to produce cybersecurity leaders with both operational depth and strategic influence.
Katrina Biscay — Associate Vice President & Chief Information Security Officer, University of Cincinnati
Katrina Biscay serves as Associate Vice President and CISO at the University of Cincinnati, where she brings a long record of cybersecurity leadership across higher education, government, K-12, and public service. Before stepping into the top security role, she helped build and lead the university’s incident response, digital forensics, threat intelligence, and security operations capabilities, while also working closely with boards, legal teams, and research leadership on risk, compliance, and major incidents. Her broader experience includes leading technology strategy for the City of Sharonville, shaping statewide K-12 cybersecurity and student privacy frameworks in Ohio, and contributing cyber intelligence work through the Greater Cincinnati Fusion Center.
Carla Donev — Vice President & Chief Information Security Officer, NiSource
Carla Donev is Vice President and Chief Information Security Officer at NiSource, where she leads cybersecurity for a major energy company operating in a critical infrastructure environment. Her background combines enterprise security leadership with deep experience in audit, compliance, resiliency, and risk management. Before joining NiSource, she launched and matured security programs at DSW, including building a dedicated security organization, creating a PCI-compliant environment, and establishing board-level reporting on cyber risk. Earlier roles at Cardinal Health and Deloitte added further depth in IT risk, business continuity, internal controls, and enterprise governance.
Hayley Clarke — Senior Director, Global IT Risk & Cyber Security, The Goodyear Tire & Rubber Company
Hayley Clarke leads global IT risk and cybersecurity at Goodyear, where she is responsible for cyber operations, vulnerability management, identity and access management, third-party risk, privacy, security education, and enterprise-wide strategy for a Fortune 500 manufacturer. Over the years, she has held a series of increasingly senior roles at the company spanning privacy, governance, compliance, audit, SAP controls, and project portfolio leadership, giving her a broad view of how cyber risk connects to global operations. That progression makes her one of Ohio’s strongest examples of a security leader who understands both governance and execution at scale.
Lisa Heckler — Senior Vice President, Cybersecurity, Privacy and Technology Services, CareSource
Lisa Heckler is Senior Vice President of Cybersecurity, Privacy and Technology Services at CareSource, where her remit now spans information security, privacy, business resiliency, and IT infrastructure and operations. She previously served as the organization’s CISO for nearly a decade, building and evolving its security, privacy, and business continuity capabilities in a highly regulated healthcare environment. Earlier leadership roles at LexisNexis and RELX gave her extensive experience in security architecture, cloud security requirements, privileged identity management, ISO 27001 programs, and large-scale information security governance.
Tina Price — Executive Director, Global Security, OCLC
Tina Price is Executive Director of Global Security at OCLC, bringing more than two decades of experience across information security, privacy, governance, risk, compliance, and regulatory oversight. Before joining OCLC, she served as CISO at York Risk Services Group and held leadership roles in internal audit, IT compliance, and GRC consulting, including time at Deloitte. Her career has crossed insurance, healthcare, financial services, retail, public utilities, and government, giving her a broad perspective on security frameworks, risk mitigation, and compliance strategy in complex organizations.
Kristin Lowery — Field Chief Information Security Officer, Optiv
Kristin Lowery is now Field CISO at Optiv after a career that includes major security and technology leadership roles across financial services and critical infrastructure. Most recently, she served as Chief Security Officer and Vice President at American Electric Power, overseeing cybersecurity, physical security, and security compliance. Before that, she held senior roles at Bread Financial, JPMorgan Chase, and Nationwide, where her work spanned IT and data risk, cybersecurity, architecture, cloud efforts, continuity management, and large-scale enterprise transformation. Her background makes her one of Ohio’s more versatile security executives, with experience connecting cyber strategy to business resilience and executive decision-making.
Joy Kenyon — Vice President, IT Security, Victoria’s Secret & Co.
Joy Kenyon is Vice President of IT Security at Victoria’s Secret & Co. and previously served as Vice President and Deputy Chief Information Security Officer at Cardinal Health. Her career reflects a steady rise through large enterprise technology and security leadership roles, covering IT operations, data governance, machine learning initiatives, EDI platforms, analytics, product lifecycle systems, and eventually enterprise cybersecurity leadership. At Cardinal Health, she combined operational and strategic experience across healthcare and IT environments, helping position her as a senior leader with both business and security fluency.
Jenn Zacharias — Chief Information Security Officer, Peoples Bank
Jenn Zacharias is Chief Information Security Officer at Peoples Bank and previously led the Cyber Defense Center at KeyBank, where she oversaw teams spanning data loss prevention, threat intelligence, security operations, insider risk, and escalated cyber incidents. Her experience includes managing major platform migrations, working through Federal Reserve matters requiring attention, guiding teams through federal examinations, and leading incident response and operational improvements in banking environments. She also stands out for her focus on leadership development and community efforts supporting women and girls in STEM.
Deneese Steele — Deputy CISO, Ohio Department of Administrative Services
Deneese Steele serves as Deputy CISO at the Ohio Department of Administrative Services after earlier roles focused on agency security leadership and cybersecurity and privacy frameworks within state government. Her path into cyber leadership includes business development, strategic partnerships, and consulting work, which gives her a different kind of executive profile than many technical-first leaders. That mix of communications, leadership, and public-sector security experience makes her a notable figure in Ohio’s state cybersecurity landscape.
Where Ohio’s Cyber Bench Runs Deep
Ohio’s cybersecurity bench is unusually broad. These leaders are shaping security strategy in universities, utilities, healthcare organizations, manufacturers, banks, retailers, public-sector agencies, and global service organizations. Taken together, they show that Ohio is not just producing technical talent. It is producing senior cyber leaders trusted to guide institutions through risk, regulation, resilience, and change.
Explore more profiles of the amazing women shaping cybersecurity across numerous industries in our Women’s Month collection.