Brian is a seasoned cyber security and risk management leader with over 30 years of security, technology and healthcare experience. He exhibits exceptional organizational leadership with the ability to think strategically and operationally with practicality and a focus on execution. He has successfully tackled the myriad of challenges associated with protecting sensitive healthcare information both as a leader and implementer of comprehensive programs. With his knowledge of security frameworks, standards, implementation methodologies, technology platforms, organizational processes and budget management, he has helped organizations improve and mature their security posture while mitigating security risks in order to achieve regulatory compliance and security certification.
Brian has led initiatives for many types of customers including health systems, payers, healthcare technology, pharma and life sciences companies. He has developed, managed and collaborated on programs leading to successful compliance and/or certifications for standards such as HIPAA Security and Privacy, HITRUST CSF (Common Security Framework), NIST SP 800-xxx, NIST CSF (Cybersecurity Framework), NIST RMF (Risk Management Framework), CMSR (CMS Minimum Security Requirements), FISMA/FIPS, PCI-DSS, SOC-1 and SOC-2, as well as ISO 27001 and 27002.
He has worked across a broad range of security, IT and business functions, providing strategic vision and leading large program implementations, business process change management and day-to-day operations. He is equally comfortable conversing with business leaders and technologists.
Brian is a frequent speaker, presenter and author on healthcare security topics primarily focusing on building and deploying best-practice security programs (see below). He holds a Bachelor’s in Management Information Systems from Indiana University of PA and a Master’s Certificate in Applied Project Management from Villanova University. Brian resides with his family in eastern Pennsylvania.