Colorado has built a meaningful concentration of financial services CISOs, spread across banking, mortgage, payments, student lending, and the platforms that serve local governments and financial institutions nationwide. The leaders in this feature are not clustered in one corner of the sector. They represent the full range of what financial services cybersecurity looks like when the client base spans consumers, businesses, municipalities, and some of the largest banks in the country.
Lee Cuevas — Chief Information Security Officer, Community Capital Technology
Lee Cuevas brings more than twenty years of executive IT leadership to his role at Community Capital Technology, a fintech platform building a digital marketplace for community-focused financial institutions. He also serves concurrently as CISO at DTRI Global, where he leads managed security services including threat hunting, cloud security for AWS and Azure, and Cybersecurity Maturity Model Certification work for Department of Defense contractors under NIST 800-171 and 800-53 standards. Running security programs for two organizations simultaneously, one a fintech startup and one a managed security provider, reflects a breadth of operational accountability that most security executives carry in one direction or the other. Cuevas carries both.
Ryan Combs — Chief Information Security Officer, Nelnet
Before joining Nelnet, Ryan Combs commanded a $2 billion network enterprise serving more than 125,000 global customers as a US Air Force cyber operations officer. That is not a credential that shows up often in student loan servicing. He joined Nelnet in 2014 as an IT manager, moved into IT director, and has served as CISO since 2019, leading cyber operations under a philosophy he states plainly: security first, compliance always, audit anytime. His Air Force background shaped how he thinks about scale, operational discipline, and the kind of leadership that holds up under pressure. A decade at Nelnet suggests the translation from military to financial services worked.
Sarah Griffith — Chief Information Security Officer, Euronet
Sarah Griffith has been at Euronet for more than twenty years, spending the first seven and a half in internal audit before moving into the CISO role in 2013, where she has served for the past thirteen years. That audit-to-security transition is less common than the technical-to-security path, but it produces a particular kind of security leader: one who understands control frameworks from the inside, knows what auditors are actually looking for, and has spent years evaluating whether organizations are doing what they say they are doing. At a global payments company operating across dozens of countries, that foundation matters considerably.
Ian Morgan — Chief Information Officer and Chief Information Security Officer, Mortgage Solutions Financial
Ian Morgan has spent his career inside the mortgage vertical, holding CISO roles at Covius and Mortgage Connect before taking on the combined CIO and CISO seat at Mortgage Solutions Financial in October 2023. At Mortgage Connect, he rebuilt the vulnerability management program, implemented the Rapid7 suite across InsightVM, InsightIDR, and InsightAppSec, deployed Azure cloud security controls, and stood up a KnowBe4-based security awareness platform. At Covius, he architected and deployed a SIEM for SOC operations, managed a security budget representing eight percent of overall IT spend, and handled pre- and post-acquisition security due diligence on M&A activity. The mortgage sector’s combination of sensitive financial data, heavy client audit scrutiny, and complex document and title workflows makes it one of the more demanding environments in financial services security. Morgan has built programs across three organizations within it.
Brenden Smith — Chief Information Security Officer, FirstBank
Brenden Smith has been steering FirstBank’s cybersecurity program for more than a decade, stepping into the CISO role in December 2017 after progressing through IT security manager and director of security positions at the same institution. His work spans information security policy, AWS security architecture, threat prevention, incident management, and compliance, all within a Colorado-based community bank where protecting customer data and maintaining operational continuity are the constants. That kind of single-institution tenure in banking security, more than thirteen years in the same organization, produces a depth of environmental knowledge that is genuinely hard to develop any other way.
Ron Sharon — Chief Information Security Officer, PTMA Financial Solutions
At 360SOC, Ron Sharon led a team of thirty-plus cybersecurity professionals, achieved a hundred percent audit success rate across SOC 2, NIST, ISO, and HITRUST frameworks, and built tooling that generated two million dollars in annual revenue while protecting clients from more than 100,000 threats per year. Before that, he rose to VP of information security at Mercer Advisors, directing a six million dollar technology spend and launching a Security-as-a-Service capability. He joined PTMA Financial Solutions as CISO in June 2025, where the mission is protecting financial data for more than 12,000 local governments and 1,000-plus financial institutions nationwide. The scale of that client base makes the role one of the more consequential security positions in Colorado’s financial sector.
Michael Kalac — Chief Information Security Officer, Paymentus
Michael Kalac came to the CISO role at Paymentus with a background that includes building Western Union’s first Cloud Center of Excellence as SVP of infrastructure, operations, and cloud, serving as interim CTO at a Fortune 500 company, and more than a decade in board-facing CISO and SVP positions. He joined Paymentus in June 2021, leading security for a cloud-based bill payment platform processing hundreds of millions of transactions annually for more than 1,300 business clients. His emphasis on making technology an enabler of revenue growth and service delivery, rather than a constraint on it, reflects a security philosophy shaped by years of operating at the intersection of enterprise infrastructure and executive leadership.
A Security Bench Built Across Every Layer of Financial Services
What stands out across this group is how completely they cover the financial services stack. Community banking. Mortgage services. Global payments. Student lending. Local government finance. Bill payment infrastructure. These are not adjacent roles wearing similar titles. They are distinct operating environments, each with its own regulatory framework, client profile, and threat surface. The fact that Colorado has developed strong security leadership across all of them reflects a depth of financial sector talent that goes well beyond what the state’s size might suggest.
Explore more profiles of the leaders shaping cybersecurity across the financial services industry:
- Cybersecurity Leaders to Watch in Tennessee’s Financial Services Industry
- Cybersecurity Leaders to Watch: Louisiana Financial Sector
- Cybersecurity Leaders to Watch in Iowa’s Financial and Insurance Sectors
- Cybersecurity Leaders to Watch in Nebraska’s Financial Services and Insurance Sector
- Cybersecurity Leaders to Watch in Illinois Financial Services Industry
- CISOs to Watch in Texas Finance and Banking: Leaders Securing a High-Stakes Industry