2020 Cybersecurity Forum - Speakers
Marketing & Communications Consultant
The Activ Consulting Group
Jane Brust is a seasoned marketing, communications and management strategist, expert in advancing organizations to promote growth and prominence.
As principal of her own firm, The Activ Consulting Group, Brust provides counsel to a variety of organizations – small businesses, non-profit charitable organizations, universities and hospitals.
Specifically, she advises on marketing and advertising, website development, social media strategy, media relations, crisis communications, fundraising support, board relations, business development and growth strategy.
In her long healthcare career, Brust has worked closely with executive leaders including CEOs, presidents and deans at M. D. Anderson Cancer Center in Houston, the University of Southern California, Cedars-Sinai Health System and Verity Health System. Among her crisis communications experiences are two patient data breaches and one employee data breach, all occurring within large healthcare organizations.
Chris Convey has extensive leadership experience in information and technology risk, cyber security, IT operations and cloud technologies. Before his current role at Sharp as VP and CISO, he was CIO and CISO at Millennium Health where he led governance, development, operations and security of all company systems. Prior to Millennium Health, Chris was the enterprise HIPAA Security Program leader at Kaiser Permanente, where he launched and led the strategic plan to improve organizational compliance with the HIPAA Security Rule and other regulations. Prior to that Chris was Director, Technology Risk and Security Consulting at PwC, where he advised Fortune 500 companies in all aspects of business and technology improvement.
Clyde Hewitt, CISSP, CHS
Clyde Hewitt is an Executive Advisor at CynergisTek. He brings more than thirty years of executive leadership experience in cybersecurity to his position with CynergisTek, where his many responsibilities include being the senior security advisor and client executive, thought leader and developer of strategic direction for information and cybersecurity services, nationwide business development lead for security services, and contributor to CynergisTek’s industry outreach and educational events.
Hewitt retired from the United States Air Force after serving in various senior IT technology positions, later working in the private sector in various information security management roles. Most recently, he was the Vice President & Chief Security Officer for Allscripts Healthcare where he implemented a global ISO 27001 Information Security Management System. Hewitt’s firsthand executive experience developing, implementing, and evaluating security program strategy provides him with the practical experience to contribute to CynergisTek’s thought leadership around cybersecurity and assist clients in achieving their data protection goals.
Hewitt holds a Bachelor of Arts in International Relations from the University of North Carolina – Chapel Hill, a Master of Science in Engineering from the University of Arkansas, and is a graduate of the Defense Acquisition University’s Program Management Course. He is also a graduate of the Air Command and Staff College and the Air War College. Hewitt’s professional certifications include Certified Information Systems Security Professional (CISSP), ISO 27001 Lead Auditor, Level III Program Manager, and Certified in Healthcare Security (CHS).
David Holtzman is the Executive Advisor for CynergisTek. He is considered a subject matter expert in health information data protection and privacy. Prior to CynergisTek, Holtzman served on the health information privacy team at the Department of Health & Human Services, Office for Civil Rights (OCR/HHS), where he led many OCR initiatives including the effort to integrate the administration and enforcement of the HIPAA Security Rule, and health information technology policies. David has nearly two-decades of experience in developing, implementing and evaluating health information privacy and security compliance programs for government and private sector organizations. He is Co-Chair of the Privacy and Security Workgroup for North Carolina Healthcare Information & Communications Alliance (NCHICA). David also serves as a section lead on the Cybersecurity Information Sharing Act (CISA), 405d joint public-private task group advising HHS on development of best practices and cybersecurity recommendations for the healthcare sector.
John F. Jaymes, CISSP
President & CEO
Standard Procedure Security Consulting, Inc.
John is a former CISO of Good Samaritan Hospital and a career consultant in the information security risk management field. His 24 years of focused information security work began with creating a tier 2 ISP for over 100,000 users in the 13 school districts of Bucks County, PA.
John went on to work as a network security consultant for various worldwide professional services firms serving clients in the financial services, higher education, healthcare, and banking industries. John earned his CISSP certification in 1999, in the earliest days of the now-established benchmark for information security professionals.
John founded Standard Procedure Security Consulting, Inc. in 2003, a unique independent consulting firm designed to offer clients unbiased advisory services without the common conflict of interest associated with product sales. John and Standard Procedure have provided advice and results in risk management, audit management, network security architecture and engineering, policy and program development, and all aspects of the information security risk management lifecycle for clients in almost every industry.
In 2013 John accepted an employment role with Good Samaritan Hospital as Chief Information Security Officer (CISO) for 5 ½ years and returned to full-time consulting with Standard Procedure in 2019.
Today John provides senior management-level advisory services to all industries and clients, including On-Demand CISO ™ services to small to medium business and healthcare organizations who still share the same risks as the largest of organizations, usually with smaller budgets and fewer IT resources available to manage these risks. His hospital and healthcare leadership roles and track record make him uniquely suited to address the challenges that these organizations face in 2020.
HIPAA and Healthcare Partner
Thora Johnson chairs Venable's Healthcare Initiative. She provides counsel on regulatory, compliance, tax, and business matters impacting healthcare providers, hospitals, continuing care retirement communities, health insurers, group health plans, pharmaceutical and medical device companies, and digital health companies. She has a broad knowledge of traditional healthcare regulatory matters, including Health Insurance Portability and Accountability Act (HIPAA) privacy, security, and breach notification requirements; state health information privacy laws; Medicare/Medicaid compliance; and federal and state fraud and abuse rules. She has also closely followed, and provided counsel on, healthcare reform through all of its stages of development and continues to track and provide guidance on it as it evolves. In addition, Thora has extensive experience in health and welfare plan compliance, including the regulatory requirements of the Employee Retirement Income Security Act (ERISA), the Internal Revenue Code, federal and state healthcare coverage continuation laws, the Mental Health Parity and Addiction Equity Act, Genetic Information Nondiscrimination Act, the regulations under the Americans with Disabilities Act (ADA) applicable to employer wellness programs, and the Affordable Care Act (ACA).
Director of Corporate Compliance
Children's Hospital Orange County
Tom Pattara is the Director of Corporate Compliance at CHOC Children’s, a nonprofit pediatric healthcare system in Orange County, California that provides care for over 185,000 children each year. Tom has been at CHOC Children's for 6 years and specializes in multiple areas of compliance, including HIPAA, CMIA, and related patient privacy laws. Tom enjoys the challenge of navigating intricate healthcare regulations through interdisciplinary collaboration and emerging technologies. Tom currently holds a Certification in Healthcare Compliance (CHC) from the Compliance Certification Board. Prior to his employment at CHOC Children's, Tom worked in the legal field and obtained his Juris Doctorate degree from the University of Arizona James E. Rogers College of Law.
President and Founder
Raymond Ribble is the Founder of SPHER, Inc. a leading SaaS cybersecurity solution addressing PHI protection in healthcare. Ray's SPHER solution detects unauthorized access to ePHI and assists healthcare CISO and Compliance Officers in preventing major data breaches. Ray is also co-founder of Fusion Systems Co., Ltd. an international IT Consulting business with operations throughout Asia and across multiple industry verticals.
Ray is active in domestic and international businesses, having lived in Japan and Mainland China for close to 20 years. He is active in a number of PHI privacy groups, speaks at industry seminars and webinars, and works to contribute to the growing awareness of the need to identify external and internal PHI malfeasance and breach detection.
With over 25 years in the systems technology industry Ray started his career as a aerospace engineer at Northrop Corporation, to international financial systems consulting and solution development across Asia for many of the worlds' top investment banks, up to the recent creation of Artificial Intelligence (AI)-based solutions for the US Healthcare markets.
Ray’s firm was prominent in working with the HITECH Program serving over 2000 provider groups across Southern California in attesting to Meaningful Use and addressing the underlying privacy and security concerns those requirements generated.
Program Manager - MDS
Harb Singh is the Medical Device Security Program Manager for Cedars-Sinai Health System. Prior to healthcare, Harb worked in financial sector for 7+ years managing financial risk, data analytics, and developing controls to prevent financial loss. Most recently, he worked at MUFG Union Bank, an international finance company, where he helped and developed financial operational risk and resiliency program and incident reporting and risk mitigation controls and strategies. He also participated at the national level with NTIA government organization’s initiative on Software Component Transparency and collaborated with other Healthcare organizations like Mayo and NYP and published a Healthcare Proof of Concept Report on Software Bill of materials (SBOM).
Sr. Security Engineer
Paul Vinson is an accomplished cybersecurity professional with over 25 years of IT experience. Starting with a strong UNIX background putting in big-iron infrastructures for household companies, then in 2001 delving into perimeter security management with progressive roles into engineering, architecture, customer delivery and then sales, Paul has been around the block with security solutions for enterprise organizations. Paul is currently a Sr. Systems Engineer with CyberMDX focused on helping healthcare organizations discover things about their Medical and IoT infrastructure and what to do about it.
Barry Weber, ITIL, CISM
Barry Weber is an information security and privacy consultant and a partner at AssuredSPC where he leads the privacy practice area that has a focus on practical implementation of California Consumer Privacy Act (CCPA) requirements. His experience uniquely combines decades of experience leading IT organizations as a CIO/CTO crossing multiple industries including Retail, Financial Services, Market Research and Wholesale/Distribution with years of experience leading technology, security and privacy professional consulting services to organizations in financial services, healthcare, hi-tech, power, background check industries. He has a passion for officiating soccer. He describes that as an art of applying as little control as possible to manage a system that is designed to be out of control. He is also a licensed commercial pilot with multi-engine and instrument certifications.