Health-ISAC Board of Directors
Tarik Rahmanovic, Director, Research & Active Measures and Emerging Technologies, AbbVie
Mr. Rahmanovic is the Director of Research & Active Measures and Emerging Technologies at AbbVie. He has over 25 years of security experience including security research, exploit development, penetration testing, forensics, architecture and security tool development. Mr. Rahmanovic has experience running a world-class cross-organizational cyberthreat intelligence team, as well as, deep connective tissue to technical ranks, and a broad international intelligence network.
Anahi Santiago – CISO, ChristianaCare
Ms. Santiago has overall responsibility for ChristianaCare’s cybersecurity and assurance program. With 15+ years in cybersecurity leadership, she leads a team of professionals in supporting ChristianaCare’s strategic initiatives by collaborating with clinical/business leaders, managing cybersecurity risks, implementing policies and controls, generating overall awareness and fostering a culture of security and safety. Prior ChristianaCare, she served as the Information Security and Privacy Officer at Einstein Healthcare Network. She is an active contributor and member of local, state and federal cybersecurity organizations including the Healthcare Sector Coordinating Council’s Cybersecurity Working Group, Delaware Healthcare Cybersecurity Alliance and Philadelphia’s Women and Cybersecurity group.
Scott T. Nichols – Global Product Security Leader, Danaher
Mr. Nichols has over 25 years of experience in the Information Security and Healthcare technology industries. He leads the Global Product Security program at Danaher Corporation, representing over 30 companies, including 4 medical device manufactures and 8 life sciences companies. Focusing on security by design for Danaher’s medical devices, diagnostics, life sciences, water quality, environmental and applied solutions product portfolios. Mr. Nichols is the chairman for the Danaher Global Product Security Council and serves on the steering committee for the Medical Device Innovation Consortium (MDIC). He is a certified healthcare information security and privacy practitioner (HCISPP) and a certified HIPAA privacy security expert (CHPSE).
Brad Carvellas – VP and CISO, The Guthrie Clinic
Brad has twenty-five years of progressive IT, information security and cyber risk management experience. He currently serves as the Chief Information Security Officer for The Guthrie Clinic, a rural not-for-profit integrated healthcare system covering 9000 square miles within central New York and Pennsylvania. Previously, Brad was a director, Information Security and Risk Management at Highmark Health headquartered in Pittsburgh, PA. Brad serves on numerous IT and cybersecurity advisory boards, including for Vizient, Care Compass Network, Muhlenberg College’s Division of Graduate and Continuing Education, and was a board director and governance chair for the Northeastern Pennsylvania Philharmonic.
TJ Bean, Chief Information Security Officer (CISO), HCA Healthcare
With over 15 years at HCA Healthcare, TJ Bean is the CISO. He has also held the Director of CyberSecurity – Information Protection and Security position, focusing on Threat Analytics and Intelligence and Response within the HCA Healthcare Cyber Defense Center. Prior service and leadership with teams toward Vulnerability Management, GRC, and DevSecOps, with aligned strategy with areas of Security Architecture, Vendor/Medical Risk Management, Security Risk, Physical Security, Privacy, Internal Audit and Enterprise Emergency Operations Center.
Gregory Barnes – Chief Information Security Officer, Highmark Health
Mr. Barnes is the Chief Information Security Officer at Highmark Health and has over 30 years of experience as a practitioner. He began his security career in the United States Air Force, where he managed classified intelligence and cyber operations systems. Prior to joining Highmark Health, Mr. Barnes worked with Amgen, Horizon Blue Cross Blue Shield of New Jersey, Health Care Service Corporation as the ISO for Blue Cross of Oklahoma, and Lucent Technologies as a Managing Principal. At Lucent, he led multiple highly skilled technology teams, designing advanced technology networks for MCI/Worldcom and conducting numerous program designs, penetration tests and technology engagements for Exxon, Washington Mutual, Cisco, State Farm, Williams Communications, WalMart and others. Mr. Barnes served as a former Chair to the Payer Subsector of the Healthcare and Public Health (HPH) Sector Coordinating Council (SCC,) and former Blue Cross Blue Shield Association (BCBSA) Cyber Security Subcommittee advisor.
Roisin Suver, AVP, Cyber Threat Intelligence, Humana
Ms. Suver’s experience in threat intelligence started in 1999 in the Air Force and continued throughout my career in State and National Homeland Security, Information Sharing and Analysis Centers (ISAC) and private sector in the finance and health sectors. She has been involved in Information Security with a focus on Cyber Threat Intelligence (CTI) for over 9 years. And more recently, has been a part of the health sector serving as the AVP for CTI with Humana. Ms. Suver has served on multiple trusted committees and working groups over the years.
Nancy Brainerd (CISSP)- Senior Director, Product Security, Medtronic
Ms. Brainerd is an accomplished information security professional employed by a large, global medical device manufacturing organization with diverse regulatory and legal obligations. Her ability to focus on applying strong communication skills and technical background which supports translation of IT security risk to business risk for enabling business partners to make informed decisions. Within Medtronic, Ms. Brainerd is a five-time CIO Award winner for Global IT, the highest award an IT professional can earn at Medtronic. She has also earned the recognition of the Star of Excellence Award winner within Medtronic Neuromodulation (a Quality award bestowed by a business unit based on exemplary performance on a critical project or initiative). Ms. Brainerd contributes to the community in several ways, including serving as a co-chair for the Women in IT hub within the Medtronic Women’s Network, serving on the University of New Haven Cyber Advisory board during the 2020-2021 term, and acting as a quarterly guest lecturer at the University of Minnesota for “Introduction to Information Technology in Business” undergraduate course on the topic of Cybersecurity.
Terence Rice – VP, IT Risk Management and CISO, Merck & Co.
Mr. Rice is responsible for Information Security, IT Regulatory Readiness, Quality/Technical Assurance, Business Continuity Planning and Policy, and has held multiple roles at Merck, as Executive Director, Information Risk Management & Compliance within the Enterprise Technology & Application Services organization. Prior to Merck, Mr. Rice served as Director of Global Information Security for Johnson & Johnson, and then in the consulting industry in a variety of roles. Mr. Rice holds a BS degree from West Point; and a Masters of Science degree from George Washington University.
Rishi Tripathi – Chief Information Security Officer (CISO), Mount Sinai Health System
Rishi has been leading organizational Cybersecurity transformation and regularly engaged with the CEO and Board. Rishi was previously the first Chief Information Security Officer of the NBA.
Over his career, Rishi has executed cybersecurity transformations for highly complex environments like SCADA, financial, manufacturing, R&D, cloud, broadcast, and arena systems. Rishi has held cybersecurity roles at Citi, Tyco International, and Florida Power & Light, in addition to the NBA.
Rishi holds an MBA in entrepreneurship from Florida International University, a BS in industrial electronics engineering from India is part of several advisory boards, and has held multiple certifications, including CISSP, CEH, CISM, QTE & Six Sigma Greenbelt.
Dirk de Wit – Head of Product Security, Philips
Dirk de Wit is Global Product Security & Services Officer at Philips. He leads the global implementation of product security requirements, risk assessments, policies, and procedures to ensure that Philips healthcare products and services are robust against cyber intrusion. He has 16 years of experience as a functional leader, including product security across Philips’ healthcare businesses, markets, and functions.
Before joining Philips, Mr. de Wit was a Deloitte cybersecurity organization leader. He holds a Bachelor’s degree in Computer Informatics, a Master’s degree in Informatics Management, and a Post Graduate EDP/IT Audit qualification. As the Head of Product Security, Mr. de Wit reports to Philips’ Global Head of Security.
Sahan Fernando – Chief Information Security Officer (CISO), Rady Children’s Hospital and Health Center
Sahan Fernando is the CISO at Rady Children’s and have previously worked with multiple healthcare institutions (covered entities, payers, etc.) to guide organizations in creating effective security programs. I have served on public boards before in other verticals and believe I can provide effective leadership bridging technical and stakeholder conversations. My current role requires cooperation with multiple disparate business units and levels of stakeholders in addition to regulatory requirements. Other achievements include Tribe of Hackers: Blue Team; San Diego 40 under 40 Finalist.
Dr. Hans-Martin von Stockhausen, Siemens Healthineers, Principal Key Expert Cybersecurity
Dr. Hans-Martin von Stockhausen is a Principal Key Expert in Cybersecurity at Siemens Healthineers. With over 20 years of experience in the medical device industry and a background in medical informatics, he has gained extensive domain knowledge throughout the product lifecycle. Over the past decade, Dr. von Stockhausen has focused on product security, holding various positions such as a member of the Siemens-wide product and solution security board, business line product security officer, senior product manager, and principal key expert for cybersecurity. As a member of the corporate cybersecurity governance organization, he leads a team dedicated to improving and maintaining the security posture of products, vulnerability management processes, and security-related customer communication. Dr. von Stockhausen’s team implements and runs the central product security repository, which serves as the foundation for executing these processes and provides input for board-level reporting of product security KPIs. Dr. von Stockhausen is a frequent participant in cybersecurity-related expert workshops and speaks at conferences held by European and internationally recognized organizations.
Denise Anderson – President and CEO, Health-ISAC
Denise Anderson, MBA, is President and CEO of the Health Information Sharing and Analysis Center (Health-ISAC), a global, non-profit organization dedicated to providing a trusted forum for timely and valuable situational awareness health sector companies can use to make informed, risk-based decisions about the physical and cyber threats they face. Prior to Health ISAC, she was Vice President at FS-ISAC where for almost nine years she helped grow the ISAC and achieve its successful status in the information-sharing community. She has over thirty years of executive-level leadership in the private sector. Denise is currently Chair of the National Council of ISACs and serves on the following Boards: Global Resilience Federation (GRF), Cyber Future Foundation, and is an Advisor to the Cyber Working Group for the Health and Public Health Sector Coordinating Council. In addition, she participates in numerous industry and advisory groups and initiatives and has spoken at events all over the globe. Denise was certified as an EMT (B), and Firefighter I/II and Instructor I/II in the state of Virginia for twenty years and was an Adjunct Instructor at the Fire and Rescue Academy in Fairfax County, Virginia for ten years. She is a graduate of the Executive Leaders Program at the Naval Postgraduate School Center for Homeland Security.