+ Robert Booker | Senior Vice President & CISO | United Health Group
Robert Booker is the Chief Information Security Officer for UnitedHealth Group. In this role, Mr. Booker is responsible for information risk management and information security operations for all of UnitedHealth Group business segments. He has been with UnitedHealth Group since July of 2008, and his responsibilities are focused upon information risk management in support of the trust and accountability that UnitedHealth Group delivers to bring quality, affordability, access and simplicity to the health care system.
Presently, Robert serves on the Board of Directors of the Health Information Trust Alliance (HITRUST) and has been instrumental in establishing a common security framework for the health industry, the information sharing and analysis organization (ISAO) for the health industry, and CyberRx – a cyber-exercise program for the industry.
Mr. Booker has presented at numerous security conferences including the MIS Training Institute’s CISO Summit, RSA Conference, Gartner Group’s IT Security and IT Summit Conferences, the Burton Group’s Catalyst conference, the Meta Group’s Energy Information Strategies conference and the Minneapolis Cyber Security Summit. Mr. Booker most recently delivered the closing keynote for the 2016 Twin Cities CISO Executive Summit.
+ Omar Khawaja | Chief Information Security Officer | Highmark
Omar Khawaja has spent 15+ years delivering, developing and managing security solutions for startups, service providers, consulting firms and enterprises. Omar is currently VP and Chief Information Security Officer (CISO) at Highmark Health, an integrated health care delivery and financing system, employing more than 35,000 people and serving 40 million Americans in 50 states. Prior to Highmark, Omar was at Verizon Enterprise Solutions, where he had responsibility for their portfolio of security solutions with customers in 72 countries.
Omar currently serves on the board of the Health Information Trust Alliance (HITRUST), on the Governing Body of Evanta, on the CISO Workgroup of the Blue Cross Blue Shield Association, and as adjunct faculty for the Chief Information Security Officer (CISO) program at Carnegie Mellon University. Omar is a regular speaker at industry forums (speaking engagements include RSA Conference, Information Security Forum, Mobile World Conference, Cloud Security Alliance, Carnegie Mellon University / CERT), and has also been quoted in media outlets such as Financial Times, NY Times and CNBC.
Omar's certifications include CPHIMS (Certified Professional in Healthcare Information and Management Systems), CISSP (Certified Information Systems Security Professional), and CCSK (Certificate of Cloud Security Knowledge). Omar has a BS in Electrical Engineering from Georgia Tech and an MBA from University of Virginia's Darden School of Business.
+ John Riggi | Head of Cybersecurity and Financial Crimes Unit | BDO
John Riggi leads BDO’s Cybersecurity and Financial Crimes Unit, having spent nearly 30 years as a highly decorated veteran of the FBI, and a former representative to the White House Cyber Response Group and Financial Services Steering Committee.
During his time at the FBI, John developed mission critical partnerships in the healthcare industry for the investigation and exchange of information related to national security and criminal cyber matters, as well as national initiatives to warn of specific cyber threats. Between 2014 and 2016, he played a strategic role in the investigation of every major healthcare-related cyber incident in the U.S. John also has extensive experience investigating complex healthcare fraud and related financial crime schemes.
John presently works with the American Hospital Association to lead strategic cybersecurity risk management training for the organization’s more than 5,000 hospital CEO members. In partnership with the Health Information Trust Alliance (HITRUST), John, who was named a member of the governing board, played a key role in the development and implementation of the new HITRUST Threat Catalogue, a first-of-its-kind tool aligned with the HITRUST CFS Controls, designed to improve a healthcare organization’s ability to prioritize security program activities based on a greater understanding of the risks they face.
In addition, John is an official private sector validator for the White House’s Presidential Policy Directive (PPD) on U.S. Cyber Incident Coordination, a policy intended to improve collaboration between the public and private sectors to combat significant cyber threats potentially impacting public health and safety, national security or economic security.
Previously in his career, John served in the FBI’s Washington Office Intelligence Division, the New York Office High Intensity Financial Crimes Area Task Force, and was National Operations Manager for its Terrorist Financing Section. He also served at the CIA’s Counterterrorism Center. John is the recipient of the FBI Director’s Award for leading a highly successful classified terrorism financing interdiction program, and also received the CIA George H.W. Bush Award for Excellence in Counterterrorism, the CIA’s highest award in this category. He is frequently quoted in the media as a leading authority on cybersecurity and counterterrorism topics and has presented extensively on both subjects.
+ Brad Carvellas | CISSP, CISM, ALMI | Director, Information Security and Risk Management | HM Health Solutions
Brad is responsible for the Information Security Governance, Risk and Compliance programs at HM Health Solutions serving Highmark Health and the Allegheny Health Network, one of the largest integrated financing and healthcare delivery systems in the United States serving more than 50 million Americans in all 50 states and the District of Columbia. Brad’s team lead HM Health Solutions and United Concordia Dental to HITRUST CSF certification for their Health and Dental claims processing platforms in 2015.
Previously, Brad developed, delivered and managed enterprise IT and information security solutions supporting Fortune 200 life insurance and annuity carriers and their producers. Brad is a graduate of Muhlenberg College and resides in Pittsburgh PA.
+ Robert Pittman | Vice President, Operations | HITRUST
Michael Frederick has 20+ years’ experience in information security. He is currently the Vice President of Operations at HITRUST. Prior to joining HITRUST he was CEO of The Frederick Group, a professional services firm focused on security risk management in healthcare. He served as Chief Information Security Officer (CISO) for eight years at a large healthcare system. While in this role, he led the organization in becoming the first hospital system to be certified under the HITRUST CSF and was the industry lead in the provider space during the development of the CSF. He has been a speaker at numerous security events and has been published on the topics of risk management, applying security practices within an organization, and how to build an effective security organization. Prior to his CISO role, he was a security architect, security manager in industry and a security consultant in various large accounting firms. He has been a Certified Information System Security Professional (CISSP) since 1999.
+ Dr. Bryan Cline | Ph.D. | Vice President, Standards and Analytics | HITRUST
Bryan Cline, Ph.D. is the Vice President for Standards and Analytics and provides thought leadership and guidance for the healthcare industry’s model implementation of the NIST Cybersecurity Framework. Responsibilities include a broad range of HITRUST risk management framework support such as requirements integration, control specification, and the development of standards, methods, processes and tools that healthcare organizations can use to facilitate the integration and assessment of the CSF in their information protection and cybersecurity programs. As a former senior advisor and VP of CSF Development and Implementation, he worked closely with the THSA to develop SECURETexas—the first state program of its kind certifying compliance with federal and state requirements for the privacy and security of health information—and is considered the ‘father’ of the HealthCare Information Security and Privacy Practitioner credential for spearheading its development with (ISC)2. Dr. Cline has also served as the Chief Information Security Officer for Catholic Health East and The Children’s Hospital of Philadelphia in addition to his 20+ years in the Department of Defense as an information systems and information security professional, including the CISO role at the Headquarters, Allied Air Forces Southern Europe. He’s spoken at multiple conferences and symposia on information security and privacy risk management in the healthcare industry and published articles and papers on risk management and security engineering in several journals and proceedings. Dr. Cline’s professional certifications include the CISSP-ISSEP, CISM, CISA, HCISPP, CIPP/US, CCSFP, NSA IAM/IEM, MCIATT and DoD’s CAP in project management.
+ Adrian Christie | CISA, CCSFP | Risk Assurance Director | PwC
Adrian is a Boston-based Risk Assurance Director serving healthcare provider and payer clients in the Northeast and across the country. Adrian’s experience includes more than 10 years of delivering and managing a wide range of audit and advisory services.
He has experience leading information technology (IT) systems and controls audits and assessments for many of the Northeast's most prominent healthcare organizations. This includes IT general controls audits associated with year-end financial reporting, SSAE16/SOC1 and SOC2 reporting engagements, as well as monitoring services in connection with Department of Health and Human Services’ Office for Civil Rights (OCR) resolution agreements and corrective action plans. Adrian has also managed internal audit functions through an outsourcing or co-sourcing relationship. Responsibilities include conducting risk assessments, developing risk-based internal audit plans, defining scope and managing the execution information security audits, and delivering results and recommendations to senior management and audit committees. Finally, Adrian has led various advisory services to assess information security controls specific to HIPAA, HITRUST Common Security Framework (CSF) readiness and certification, as well as provide IT strategy and system implementation guidance.
Adrian has developed and delivered presentations on information security concepts and controls to Boards, Senior Leadership teams and professional organizations. He has also been a speaker on these topics at several external conferences.
+ Lee Penn | Chief Financial Officer & Chief Compliance Officer | PDHI
Lee Penn is Chief Financial Officer, Chief Compliance Officer and HIPAA Privacy Officer and a member of the Risk Management Team at PDHI. PDHI is a technology services organization that develops and distributes the ConXus Platform, a SaaS application, for delivering workplace wellness and population health management programs. The ConXus Platform achieved certification without CAPs under the HITRUST CSF Assurance Program in February, 2015 and is undergoing recertification at this time. Penn is also a founding member of the HITRUST Business Associate Council. He joined PDHI after holding financial management positions at the S/L/A/M Collaborative, Yale University and Xerox Corporation. Penn holds a bachelor of science degree from Cornell University and a master’s of business administration degree from the University of Connecticut.
+ Dr. Earl J. Motzer | Ph.D. | Chair, HHS ASPR Healthcare & Public Health Sector Coordinating Council
Earl J. Motzer, Ph.D. is a retired hospital and nursing home Chief Executive Officer with fifty years of service, and a retired adjunct graduate school faculty member with forty-one years of service. He continues as a community based faculty member at the University of Kentucky College of Public Health.
Earl is Chair of the Healthcare and Public Health Sector Coordinating Council (HPH SCC) for the Department of Health & Human Services (HHS) Office of the Assistant Secretary for Preparedness and Response (ASPR). He is Vice Chairman of the Department of Homeland Security (DHS) National Infrastructure Protection Program (NIPP) Critical Infrastructure Cross-Sector Council, a member and/or Co-Chair of various DHS Working Groups and committees, and a member of the ODNI Trade Association Partnership.
Earl has been a force multiplier for the FBI for the last twenty-eight years. He is a member of the Board of Directors of the InfraGard National Members Alliance (INMA), authored the book titled "The FBI/InfraGard Partnership - 1996 -2016," and served as a Past National President and member of the FBI National Citizens Academy Alumni Association (FBINCAAA) Board of Directors.
In Kentucky, Earl served as Chair and current member of the Kentucky Hospital Association Emergency Preparedness Committee (KHA EPC); member of the Mercer County Board of Health and the Local Emergency Planning Committee; facilitates the Multidisciplinary Committee on Child Sex Abuse Prevention; Past President & current member of the Harrodsburg Rotary Club; Chairs the Senior Citizens Center Advisory Board & the Crime Stoppers Board; Co-Chairs the Sheriff's Office Community Services Division (and is a sworn Special Deputy and serves as an ILO for the FBI Kentucky Joint Terrorism Task Force), Co-Chairs the Citizens Advisory Board and the Neighborhood Watch Program; serves as moderator for the Political Candidate Forums and Spelling Bees, and has a radio show titled "Mercer County's Most Wanted" which highlights crimes committed, persons wanted, interviews with local officials and safety and security tips.
+ Dennis Quandt | CISA, CCSFP | Risk Assurance Director | PwC
Dennis is a Director in Risk Assurance based in Boston, MA. He has over 13 years of experience delivering process enhancement and controls optimization projects for global organizations that deliver products and services into the healthcare value chain.
Dennis is a tenured Director who regularly presents to senior management and industry organizations on a range of topics impacting the global technology and risk landscape. He has experience leading multi-national teams in the development and delivery of information technology (IT) and business process controls and optimization initiatives. This work includes initiatives to prepare for pending regulation or customer demands as well as third party reporting (SOC 1, SOC 2, custom reporting). He regularly works with a variety of constituents including Risk, Internal Audit, Compliance, Information Security, and Controllership functions to develop risk-based roadmaps, organize and perform internal controls testing and reporting, assess controls/processes against industry recognized security frameworks. In this capacity he has worked with various information security frameworks including ISO 27001/2, NIST, and HITRUST.
+ Ken Vander Wal | Chief Compliance Officer | HITRUST
Ken Vander Wal’s role as Chief Compliance Officer at HITRUST involves providing supervision and oversight to the HITRUST CSF Assurance program. In this capacity, he is responsible for ensuring the quality, completeness and adequacy of the work performed by CSF Assessor organizations. Mr. Vander Wal joined HITRUST after retiring from Ernst and Young where he was a partner in the Technology and Security Risk Services (TSRS) practice and responsible for its global TSRS quality and risk management program. With almost 40 years of IT experience, he has experience in a variety of industries in multiple areas of information systems, including systems development, systems programming, project management, quality assurance, IT auditing and systems security. As the national leader of TSRS quality, Mr. Vander Wal was responsible for ensuring quality was an integral component of Ernst and Young’s methodologies, engagement staffing and service delivery. In this role as well as his previous roles, he served major clients as the IT audit engagement partner or as the quality assurance partner. Mr. Vander Wal is a member of the American Institute of Certified Public Accountants and the Information Systems Audit and Control Association. He is both a Certified Public Accountant and a Certified Information Systems Auditor.
+ Daryl Hykel | MS-IA, CRISC, CISA, HITRUST | InfoSec Analyst III - Security Risk Management | HMS
With over 17 years of IT, Audit, and Security Risk experience, Daryl has spent the last three years working at HMS on implementing a HITRUST certification program which includes a Continuous Monitoring component. Other duties include assessing for third-party risk, managing client engagement requests, and working with internal stakeholders to implement risk management processes, with a focus on automation. Previous experience includes stints at Verizon and FedEx, with a humble beginning as a FedEx courier.
+ Travis Good | M.D. | Chief Executive Officer and Co-founder | Datica
Travis Good, M.D., MBA, MS, CEO is co-founder of Datica, formerly Catalyze. He is a speaker, blogger, podcast host and expert in healthcare technology, specifically HIPAA compliance and security issues involved with the field's innovation. In addition to his work as CEO of Datica, which offers a compliant, HITRUST CSF Certified cloud-based infrastructure for enterprise and digital health developers, Dr. Good is also a founding member of the HITRUST Business Associate Council. He also doubles down as host of the Healthcare Innovators Podcast where he interviews and extracts visionary insights from the country's top healthcare CIOs. Additionally, Dr. Good extensively reported on innovations in healthcare technology as a former editor of industry blog HISTalkConnect.