Board of Directors
Tarik Rahmanovic
Director, Research & Active Measures and Emerging Technologies
Mr. Rahmanovic, the Senior Principal Scientist at AbbVie, has over 25 years of security experience including security research, exploit development, penetration testing, forensics, architecture, and security tool development. In addition to running a world-class cross-organizational cyberthreat intelligence team, he has deep connective tissue to technical ranks and a broad international intelligence network.
Anahi Santiago
Chief Information Security Officer, ChristianaCare
Ms. Santiago has overall responsibility for ChristianaCare’s cybersecurity and assurance program. With 15+ years in cybersecurity leadership, she leads a team of professionals in supporting ChristianaCare’s strategic initiatives by collaborating with clinical/business leaders, managing cybersecurity risks, implementing policies and controls, generating overall awareness, and fostering a culture of security and safety. She previously served as the Information Security and Privacy Officer at Einstein Healthcare Network. She is an active contributor and member of local, state and federal cybersecurity organizations including the Healthcare Sector Coordinating Council’s Cybersecurity Working Group, Delaware Healthcare Cybersecurity Alliance, and Philadelphia’s Women and Cybersecurity group.
Scott T. Nichols
Global Product Security Leader, Danaher
Mr. Nichols has over 25 years of experience in the Information Security and Healthcare technology industries. He leads the Global Product Security program at Danaher Corporation, representing over 30 companies, including 4 medical device manufactures and 8 life sciences companies, focusing on security by design for Danaher’s medical devices, diagnostics, life sciences, water quality, environmental and applied solutions product portfolios. Mr. Nichols is the chairman for the Danaher Global Product Security Council and serves on the steering committee for the Medical Device Innovation Consortium (MDIC). He is a certified healthcare information security and privacy practitioner (HCISPP) and a certified HIPAA privacy security expert (CHPSE).
Brad Carvellas
Vice President and Chief Information Security Officer, The Guthrie Clinic
Brad has 25 years of progressive IT, information security, and cyber risk management experience. He currently serves as the Chief Information Security Officer for The Guthrie Clinic, a rural not-for-profit integrated healthcare system covering 9000 square miles within central New York and Pennsylvania. Previously, Brad was a director, Information Security and Risk Management, at Highmark Health in Pittsburgh, PA. Brad serves on numerous IT and cybersecurity advisory boards including for Vizient, Care Compass Network and Muhlenberg College’s Division of Graduate and Continuing Education.
TJ Bean
Chief Information Security Officer, HCA Healthcare
With over 15 years at HCA Healthcare, TJ Bean currently serves as CISO. Previously, he was the Director of CyberSecurity – Information Protection and Security, focusing on Threat Analytics and Intelligence and Response within the HCA Healthcare Cyber Defense Center. He also has leadership experience in Vulnerability Management, GRC, and DevSecOps, with aligned strategy with areas of Security Architecture, Vendor/Medical Risk Management, Security Risk, Physical Security, Privacy, Internal Audit and Enterprise Emergency Operations Center.
Gregory Barnes
Chief Information Security Officer, Highmark Health
Mr. Barnes is the Chief Information Security Officer at Highmark Health and has over 30 years of experience as a practitioner. He began his security career in the United States Air Force, where he managed classified intelligence and cyber operations systems. Prior to joining Highmark Health, Mr. Barnes worked with Amgen, Horizon Blue Cross Blue Shield of New Jersey, Health Care Service Corporation as the ISO for Blue Cross of Oklahoma, and Lucent Technologies as a Managing Principal. At Lucent, he led multiple highly skilled technology teams, designing advanced technology networks for MCI/Worldcom and conducting numerous program designs, penetration tests, and technology engagements for Exxon, Washington Mutual, Cisco, State Farm, Williams Communications, WalMart, and others. Mr. Barnes served as a former Chair to the Payer Subsector of the Healthcare and Public Health (HPH) Sector Coordinating Council (SCC) and former Blue Cross Blue Shield Association (BCBSA) Cyber Security Subcommittee advisor.
Roisin Suver
Assistant Vice President, Cyber Threat Intelligence, Humana
Ms. Suver’s experience in threat intelligence started in 1999 in the Air Force and continued throughout her career in State and National Homeland Security, Information Sharing and Analysis Centers (ISAC), and private sector in the finance and health sectors. She has been involved in Information Security with a focus on Cyber Threat Intelligence (CTI) for over nine years, including serving as the AVP for CTI with Humana. Ms. Suver has served on multiple trusted committees and working groups over the years.
Nancy Brainerd (CISSP)
Senior Director, Product Security, Medtronic
Ms. Brainerd is an accomplished information security professional employed by a large,global medical device manufacturing organization with diverse regulatory and legal obligations. Her ability to focus on applying strong communication skills and her technical background support translation of IT security risk to business risk, enabling business partners to make informed decisions. Within Medtronic, Ms. Brainerd is a five-time CIO Award winner for Global IT, the highest award an IT professional can earn at Medtronic. She has also earned the Star of Excellence Award within Medtronic Neuromodulation (a Quality award bestowed by a business unit based on exemplary performance on a critical project or initiative). Ms. Brainerd contributes to the community in several ways, including co-chairing the Women in IT hub within the Medtronic Women’s Network, serving on the University of New Haven Cyber Advisory board during the 2020-2021 term, and serving as a quarterly guest lecturer at the University of Minnesota.
Terence Rice
Vice President, IT Risk Management, and Chief Information Security Officer, Merck & Co.
Mr. Rice is responsible for Information Security, IT Regulatory Readiness, Quality/Technical Assurance and Business Continuity Planning and Policy. He has held multiple roles at Merck, including Executive Director, Information Risk Management & Compliance within the Enterprise Technology & Application Services organization. Prior to Merck, Mr. Rice served as Director of Global Information Security for Johnson & Johnson, and then in the consulting industry in a variety of roles. Mr. Rice holds a BS degree from West Point and a Masters of Science degree from George Washington University.
Rishi Tripathi
Chief Information Security Officer, Mount Sinai Health System
Rishi has been leading organizational cybersecurity transformation and regularly engaged with the CEO and Board. Rishi was previously the first Chief Information Security Officer of the NBA. Over his career, Rishi has executed cybersecurity transformations for highly complex environments like SCADA, financial, manufacturing, R&D, cloud, broadcast, and arena systems. Rishi has also held cybersecurity roles at Citi, Tyco International, and Florida Power & Light. He holds an MBA in entrepreneurship from Florida International University, a BS in industrial electronics engineering from India, is part of several advisory boards, and has earned multiple certifications including CISSP, CEH, CISM, QTE & Six Sigma Greenbelt.
Dirk de Wit
Head of Product Security, Philips
Dirk de Wit is Global Product Security & Services Officer at Philips. He leads the global implementation of product security requirements, risk assessments, policies, and procedures to ensure that Philips healthcare products and services are robust against cyber intrusion. He has 16 years of experience as a functional leader, including product security across Philips’ healthcare businesses, markets, and functions. Before joining Philips, Mr. de Wit was a Deloitte cybersecurity organization leader. He holds a Bachelor’s degree in Computer Informatics, a Master’s degree in Informatics Management, and EDP/IT Audit qualification. As the Head of Product Security, Mr. de Wit reports to Philips’ Global Head of Security.
Sahan Fernando
Chief Information Security Officer, Rady Children’s Hospital and Health Center
Sahan Fernando is the CISO at Rady Children’s and has previously worked with multiple healthcare institutions (covered entities, payers, etc.) to guide organizations in creating effective security programs. His current role requires cooperation with multiple disparate business units and levels of stakeholders in addition to regulatory requirements. Other achievements include Tribe of Hackers: Blue Team and San Diego 40 under 40 Finalist.
Dr. Hans-Martin von Stockhausen
Principal Key Expert Cybersecurity, Siemens Healthineers
Dr. Hans-Martin von Stockhausen is a Principal Key Expert in Cybersecurity at Siemens Healthineers. With over 20 years of experience in the medical device industry and a background in medical informatics, he has gained extensive domain knowledge throughout the product lifecycle. Over the past decade, Dr. von Stockhausen has focused on product security, holding various positions such as a member of the Siemens-wide product and solution security board, business line product security officer, senior product manager, and principal key expert for cybersecurity. As a member of the corporate cybersecurity governance organization, he leads a team dedicated to improving and maintaining the security posture of products, vulnerability management processes, and security-related customer communication. Dr. von Stockhausen’s team implements and runs the central product security repository, which serves as the foundation for executing these processes and provides input for board-level reporting of product security KPIs. Dr. von Stockhausen is a frequent participant in cybersecurity-related expert workshops and speaks at conferences held by European and internationally recognized organizations.
Denise Anderson
President and CEO, Health-ISAC
Denise Anderson, MBA, is President and CEO of the Health Information Sharing and Analysis Center (Health-ISAC), a global, non-profit organization dedicated to providing a trusted forum for timely and valuable situational awareness health sector companies can use to make informed, risk-based decisions about the physical and cyber threats they face. Prior to Health ISAC, she was Vice President at FS-ISAC where for almost nine years she helped grow the ISAC and achieve its successful status in the information-sharing community. She has over 30 years of executive-level leadership in the private sector. Denise is currently Chair of the National Council of ISACs, serves on the boards of the Global Resilience Federation (GRF) and Cyber Future Foundation, and is an Advisor to the Cyber Working Group for the Health and Public Health Sector Coordinating Council. In addition, she participates in numerous industry and advisory groups and initiatives and has spoken at events all over the globe. Denise was certified as an EMT (B), and Firefighter I/II and Instructor I/II in the state of Virginia for 20 years and was an Adjunct Instructor at the Fire and Rescue Academy in Fairfax County, Virginia for 10 years. She is a graduate of the Executive Leaders Program at the Naval Postgraduate School Center for Homeland Security.