Amgen – Gregory Barnes – Global Chief Information Security Officer
Mr. Barnes is the Global Chief Information Security Officer at Amgen and has over 20 years of experience as a practitioner. He began his security career in the United States Air Force, where he managed classified intelligence and cyber operations systems. Prior to joining Amgen, Mr. Barnes served as the CISO for Horizon Blue Cross Blue Shield of New Jersey, worked for Health Care Service Corporation as the ISO for Blue Cross of Oklahoma, and Lucent Technologies as a Managing Principal. At Lucent, he lead multiple highly skilled technology teams, designing advanced technology networks for MCI/Worldcom and conducting numerous program designs, penetration tests and technology engagements for Exxon, Washington Mutual, Cisco, State Farm, Williams Communications, WalMart and others. Mr. Barnes served as a former Chair to the Payer Subsector of the Healthcare and Public Health (HPH) Sector Coordinating Council (SCC,) and former Blue Cross Blue Shield Association (BCBSA) Cyber Security Subcommittee advisor.
athenahealth – Taylor Lehman – VP, CISO
Taylor Lehman is currently VP, CISO at athenahealth. I’ve been with athenahealth starting July 2019. Prior to athenahealth, I was VP CISO at Wellforce, a large sophisticated academic medical center and system. Both positions are in Boston MA. I’ve spent over 15 years in healthcare and held roles as CISO, CIO, and Director in organizations such at PwC (Consulting), HealthEdge (Health IT), Independent Health (Payor).
BlueCross BlueShield Association – Petar Naumovski, Chief Information Security Officer
With over two decades of cybersecurity experience, Pete Naumovski has successfully led the development and implementation of global security solutions in a wide range of corporate retail, e-commerce, healthcare and wholesale distribution fields and delivered extensive security consulting for Fortune 100 companies. Throughout his career, Naumovski has consistently driven effective organizational change, building highly skilled security teams and instilling security best practices across diverse IT and business processes.
Blue Cross Blue Shield of Western New York – Scott Morris – Chief Information Security Officer
Scott Morris serves as Chief Information Security Officer for Blue Cross Blue Shield of Western New York headquartered in Buffalo, New York. Morris is responsible for the development, governance and assurance of the health insurance company’s technology risk and third party risk programs, as well as the management of all information and cyber security domains. A seasoned information security executive possessing nearly two decades of experience, Morris has a successful track record of developing project methodologies, architectural governance, enterprise documentation, and team development. Morris is actively engaged in the cyber community, serving on the executive board of directors for InfoTech Niagara, the Advisory Board for local accounting firm, and is a frequent speaker at several national and local events and conferences.
HCA Healthcare – TJ Bean, Director of CyberSecurity – Information Protection and Security
With over 15 years at HCA Healthcare, TJ Bean is the Director of CyberSecurity focusing in Threat Analytics and Intelligence and Response within the HCA Healthcare Cyber Defense Center. Prior service and leadership with teams toward Vulnerability Management, GRC, and DevSecOps, with aligned strategy with areas of Security Architecture, Vendor/Medical Risk Management, Security Risk, Physical Security, Privacy, Internal Audit and Enterprise Emergency Operations Center.
Intermountain Healthcare – Karl West – Chief Information Security Officer and Assistant Vice President
Karl West has been involved in information technology and security for more than 30 years. His current responsibilities span all aspects of Cybersecurity and Strategy at Intermountain Healthcare, an integrated delivery network of 22 hospitals and 185 clinics in Utah and Southern Idaho. Security specialties include governance, architecture, risk and compliance, Identity and Access, eDiscovery, forensics, and incident management. He is currently a member of the Utah Health Information Network (UHIN) Privacy and Security Board, a member of the Association for Executives in Healthcare Information Security (AEHIS), which is part of CHIME, and also Weber State College’s Computer Science department.
Johnson & Johnson – Marene N. Allison, Vice President and Chief Information Security Officer
Ms. Allison is responsible for protecting the company’s Information Technology systems and data worldwide through elimination and mitigation of cybersecurity risk. This includes ensuring that the J&J information security posture supports business growth objectives, protects public trust in the J&J brand, and meets legal/regulatory requirements. With 265 companies in 60+ countries, J&J is a leader in consumer health, medical devices and pharmaceutical products worldwide.
MedStar Health – John Rasmussen –Vice President and Chief Information Security Officer. MA, MBA, CISSP
Mr. Rasmussen leads the MedStar Health IT Security program. He has over 20 years of cyber security experience and 15 years of cyber security leadership experience in the healthcare industry. Prior to MedStar, Mr. Rasmussen was the CISO for the Medical University of South Carolina and the CISO and Privacy Officer for Oregon Health and Science University. Mr. Rasmussen’s national healthcare cyber security leadership includes currently serving as a board member for the HIMSS Cyber Security, Privacy and Security Committee, the Cisco Advanced Security Research Advisory Board, and the Maryland Chesapeake Regional Information System for our Patients (CRISP) Advisory Council.
Merck & Co. – Terence Rice – Vice President, Information Risk Management and CISO
Mr. Rice is responsible for Information Security, IT Regulatory Readiness, Quality/Technical Assurance, Business Continuity Planning and Policy, and has held multiple roles at Merck, as Executive Director, Information Risk Management & Compliance within the Enterprise Technology & Application Services organization. Prior to Merck, Mr. Rice served as Director of Global Information Security for Johnson & Johnson, and then in the consulting industry in a variety of roles. Mr. Rice holds a BS degree from West Point; and a Masters of Science degree from George Washington University.
Mylan Pharmaceuticals – Colleen McMahon, VP Chief Information Security Officer, CISM, CISSP
Colleen McMahon is responsible for enterprise security for a 20BN company that puts medicines into the hands of the world’s 8 billion people. Colleen has over 25 years of experience in Information Security with much of that experience gained in support of global healthcare initiatives. Prior to joining Mylan, Colleen spent 20 years in various areas of security at GlaxoSmithKline. Colleen established the information security enterprise risk framework, defined the overall information security strategy and established the information security technology roadmaps. Colleen also delivered various information security services to a diverse portfolio of fortune 500 clients prior to joining GSK as consultant specializing in web development and security.Colleen was a founding board of directors member of the SAFE Biopharma initiative and remains committed to solving the identity challenges in the healthcare space. She is also a strong proponent of encouraging women to pursue careers in cyber security.
Penn Medicine – Daniel Costantino, University of Pennsylvania Health System (Penn Medicine) – Chief Information Security Officer, MBA, CISSP, CISM, CEH
Mr. Costantino is the Chief Information Security Officer at Penn Medicine, an academic medical center consisting of six hospitals and the nation’s leading school of medicine. Dan’s prior experience includes cybersecurity operations leadership roles for the United States Marine Corps and the successful startup of multiple security and privacy consulting firm, serving healthcare organizations in the Philadelphia area. Dan’s teams are multi-year winners of CSO50 awards and were nominated as a top 5 information security team in the U.S. in 2019. Dan currently sits on the Healthcare Advisory Boards for Symantec, Proofpoint, and the ISC2 Philadelphia Chapter.
Pfizer – Brian D. Cincera – Vice President
Brian has global responsibility for Pfizer’s information security and technology risk management program. In his role, Brian oversees strategy development, cybersecurity risk management, policy and governance, protection operations and workforce awareness. As part of Pfizer’s company-wide enterprise risk management program, Brian is responsible for leading its information security risk governance process including regular reporting to Pfizer’s executive leadership and members of its Board of Directors. Brian joined Pfizer in 2005 and works in Collegeville, PA.
Royal Philips – Michael McNeil – Global Product Security & Services Officer
Michael C. McNeil is the current Global Product Security & Services Officer for Royal Philips. In this capacity, McNeil is responsible for leading the global product security program for the company and ensuring consistent repeatable processes are deployed throughout their products and services in the Healthcare market. Prior to this assignment, McNeil was the former Global Chief Privacy & Security Officer at Medtronic responsible for the development and design of their initial product security and incident response management programs; Chief IT Security Officer at Liberty Mutual Group; Global Chief Privacy Officer at Pitney Bowes, and Vice President, Chief Privacy Officer of Data Services for Reynolds & Reynolds.
Takeda – Mike Towers – CISSP – Chief Security Officer
Mike is accountable for designing, implementing, operating and monitoring a comprehensive, global security and risk management program to include the vision, strategy and objectives to ensure that critical assets are adequately protected. He is responsible for managing security risks in a manner that meets compliance, quality, legal and regulatory requirements, and aligns with and supports the risk posture of the company. He develops and implements policies, standards and process to ensure a world class information and cybersecurity program. Prior to Takeda, Mike was CISO at Allergan plc, accountable globally for protecting the confidentiality, integrity and availability of Allergan’s vast information assets across an R&D, supply chain and commercial enterprise. Previously, Mike was VP, Information Security Assurance at GlaxoSmithKline (GSK).
H-ISAC – Denise Anderson – President
Denise Anderson is President of the Health Information Sharing and Analysis Center (H-ISAC). Prior to H-ISAC, she was a Vice President of FS-ISAC where for almost nine years she helped the ISAC grow and achieve its successful status in the information sharing community. She has over 25 years of executive management level experience in the private sector. Denise currently serves as Chair of the National Council of ISACs (NCI). She was instrumental in implementing a CI/KR industry initiative to establish a private sector liaison seat at the National Infrastructure Coordinating Center (NICC) to enhance information sharing between the private sector, CI/KR community and the federal government and serves as one of the liaisons. She is a health sector representative to the National Cybersecurity and Communications Integration Center (NCCIC) — a Department of Homeland Security-led coordinated watch and warning center that improves national efforts to address threats and incidents affecting the nation’s critical information technology and cyber infrastructure. Denise was certified as an EMT (B), and Firefighter I/II for twenty years and as an Instructor I/II and state EMT evaluator in Virginia for over ten years. Denise holds an MBA in International Business and is a graduate of the Executive Leaders Program at the Naval Postgraduate School Center for Homeland Defense and Security.