2020 AEHIS Board Election

About

Vikrant is a credentialed security executive with over 15 years of global experience developing enterprise security & risk management programs, delivering security “business value” and communicating cyber risks to the BODs. Vikrant has successfully helped Government, Education and Healthcare sectors to become more resilient against cyber-attacks and shift corporate culture accordingly.

In his current role as the Chief Information Security Officer at Hospital for Special Surgery, Vikrant is focused on developing enterprise security strategy while managing business risks from digital innovations and internet of things. Vikrant is developing an enterprise security program with a focus on digital innovation, simplifying security infrastructure and achieving YoY benefits for the Hospital and its patients.

Prior to joining HSS, Vikrant worked at NYC Health+Hospitals as their CISO and ensured a secure & HIPAA compliant implementation of one of the most complex Electronic Medical Record solution in US. Vikrant has also worked with Wipro, Pfizer, Wyeth Pharmaceuticals and Dimension Data in various security & risk management roles.
Vikrant holds a master’s degree in Computer Engineering. He is also CISSP, CISM and SANS GCFA certified, serves on Symantec’s Healthcare Advisory Board and a contributor to the AEHIS Medical Device and Health IT Joint Security Plan. Vikrant was recognized as “61 hospital and health system CISOs to know” by Becker’s in 2019, selected “2016 ISE® North America Security Executive of the Year”, received “2014 Intel Cybersecurity Leadership and Innovation” award was named “Most Valued Professional” at Gartner Peer Connect 2012.

Platform

Given the disruptive changes in digital technology, regulatory requirements and above all the threat landscape, it is extremely important for an organization such as AEHIS to bring together through leaders who are not only solving day to day problems with their organizations but also collaborate to share best practices in a formal manner and provide direction to law makers and security vendors. Cyber security is a matter of national importance and cyber threats to businesses is as real as cyber threats to democracies across the world.

Besides my professional experience, I have been doing similar work with security organizations such as Symantec as well as non-security/IT organizations such as the Ridgewood Public Library where feedback loops are complex for Symantec/RPL to make decisions.  I would like to use my experience helping these 2 organizations as well as all the companies I have worked with in Healthcare and Pharmaceutical sectors over the past 15 years and assist AEHIS in not only fulfilling its mission of providing an education and networking platform to healthcare senior IT security leaders but also make it the platform of choice.

CISO’s role in organization has been changing dynamically.  A typical CISO can report to a CIO, Audit Committee, CTO, CEO, General Counsel or the CFO.  Additionally, the CISO has been challenged to not just be technically proficient but also be proficient in speaking in business and finance terms.  In my opinion the biggest challenge a CISO is going to have is to be objective and realistic in reporting risks while not only aligning with the business but also aligning with his/her moral compass.  Lax privacy practices by some of the companies in the news is as troublesome as high profile security incidents. Over the past 15 years, I have seen an increase in number of security practitioners for whom this role caused a lot of personal stress.  I strongly feel the need for a CISO playbook that formalizes and provides some structure to this complex role, alleviates stress and reduces not just organizational but national cyber risk.  AEHIS is perfectly placed to provide education and learnings for strong and relevant security leaders. And in the process, board members, can significantly improve themselves and add value to their organizations. If selected to serve on the board, I am sure AEHIS and I can mutually and strongly benefit from the alliance.

About

Jeff Bontsas is the Chief Information Security Officer (CISO) and Vice President of Information Security for Ascension Technologies. He is responsible for establishing and maintaining the Ascension information technology (IT) security vision, strategy, and program to ensure information assets and technologies are optimally protected. Jeff is a member of the Ascension Technologies Executive Council, the strategic leadership body for the organization.

Jeff has more than 28 years of experience in the information technology industry, with the majority (18 years) devoted to information and cyber security. He has held several key positions since joining Ascension in 2001. Prior to becoming the first CISO for Ascension 5 years ago, Jeff served as the National Security Director, responsible for directing the development and delivery of the Ascension Health information security program. Prior to that, Jeff was the Regional Security Officer for the Michigan region, as well as the local IT Security & HIPAA Officer for St. John Providence Health System in the metropolitan-Detroit area.

Before joining Ascension, Jeff worked as an engineer and IT consultant, gaining experience across multiple industries and technologies, including the healthcare, automotive, financial, technology and education sectors.

Jeff is a certified information systems security professional (CISSP) and received certifications as a security compliance specialist (CSCS) and a certified HIPAA security specialist (CHSS). He earned a Bachelor of Science degree in electrical engineering from Lawrence Technological University in Southfield, Michigan, and a Master of Science degree in engineering management from Oakland University in Rochester Hills, Michigan.

Jeff has been involved in several cyber security industry workgroups and advocacy initiatives. Most recently, he has taken an active role in the government and industry collaborative on the U.S. Department of Health and Human Services – Section 405(d) of the Cybersecurity Information Sharing Act of 2015 (CISA405(d)).

Platform

I would be honored to serve on the AEHIS board to continue evolving our profession, as well as the protections for our patients and their families.  I have found that AEHIS is among the best associations when it comes to making an impact on healthcare information security.  This group has collaborated more with federal agencies and has influenced policies more than any other association I have been involved with.  I strongly believe we need to expand our working relationships, working together as an industry and as a country, to unite against the adversaries that attack us on a daily basis.  I believe AEHIS will continue to have a leading role in bringing our experience, talent and skills together to make that happen.

About

Christopher Frenz is the AVP of Information Security for Interfaith Medical Center where he worked to develop the hospital’s information security program and infrastructure. Under his leadership the hospital has been one of the first in the country to embrace a zero-trust model for network security. Christopher has also played a role in pushing for the adoption of improved security standards within hospitals and is the author of the OWASP Secure Medical Device Deployment Standard as well as the OWASP Anti-Ransomware Guide. He also currently chairs the AEHIS Incident Response Committee. Christopher has been recognized as a Rising Star amongst healthcare executives and a top healthcare IT leader by Becker’s Hospital Review. He has also been recognized as a top healthcare IT leader by Health Data Management.  Christopher’s security expertise has been highlighted in The Financial Times, CSO Magazine, SC Magazine and many other publications. Christopher shares his expertise at conferences around the world including presentations at VMworld, ASIS GSX, Defcon, HIMSS, and many others. He is also the author of the computer programming books “Pro Perl Parsing” and “Visual Basic and Visual Basic .NET for Scientists and Engineers”.

Platform

Healthcare information security and patient safety have become increasingly intertwined in recent years and as such it is more important than ever that hospitals possess the skills, tools, and guidance necessary to make sound information security decisions.  I’ve been a big proponent of getting effective and actionable guidance into the hands of healthcare security professionals and have done so with past initiatives I have spearheaded such as the OWASP/CSA Secure Medical Device Deployment Standard and continue to with some of the guidance that will soon be released from the AEHIS Incident Response Committee.  If elected to the board, I would like to see AEHIS continue in this vein and become an increasingly valuable resource for healthcare security professionals to learn about best practices and how to effectively deal with the ever-changing threat landscape that we all face.

About

David Smith is a seasoned healthcare executive with over 30 years of experience in working in healthcare information technology and leadership.  David holds various certifications such as: CHCIO, CISA, Lean Six Sigma and Project Management. David participates in organizations such as: CHiME, AEHiS, HIMSS, ISACA.  David currently serves as the Senior Vice President of Technology and Security for PE Gastro Management and prior to that served in IT Leadership roles as CIO/CISO at Capital Digestive Care and AVP of Technology at MedStar Health. David holds two master’s degrees in: Information Technology Management and Healthcare Administration Informatics.

Platform

Interest and challenges in security over the past 6 years has moved from a nice to have to a must to have. While hospitals may have the budge, smaller healthcare facilities and physician practices just to not have the technical resources to even help them know how bad off they are. That sparked me to pursue a certification with ISACA for CISA. An organization cannot really determine why or how to secure their information assets of apply controls to them until they understand:

Regulations, Policies, Procedures, appetite for risk, importance of IT governance, how to assess risk and apply controls. 

I believe my 30+ years of background in healthcare and technology and my more recent roles in security and CISA certification will bring value to the AEHiS board. 

As CHiME and AEHiS are considered to focus on professional development and education, my years as an adjunct professor while working in healthcare will help contribute to expanding the influence that AEHiS can have on their current as well as future members.

.

About

Thanh Tran is the Chief Technology Officer (CTO) of South Shore Health (Hospital).

As CTO, Thanh has health system wide responsibility for developing the Information Technology strategies and roadmap – including the Customer Contact Center, IT Service Desk, IT Field Support, IT Infrastructure and Systems, Cyber Security, and Clinical (Biomed) Engineering Programs.  Thanh leads a team of over 90+ individuals, since South Shore Health has experienced tremendous growth and expansion in the last several years; with its investments in the Epic EMR strategy, the Technology Infrastructure and Cyber Security programs. Thanh has introduced the HITRUST cybersecurity framework and journey to the Health System.  He kicked off the IT innovation program to focus on improving cyber security awareness, risk assessment and cyber controls to enhance the overall Biomedical device security program.

Thanh brings over 21 years of Healthcare IT Leadership and consulting experience across multiple industries and organizations. Prior to joining South Shore Health, Thanh served as Manager of Information Security in the IT Risk Management Practice at Ernst & Young, LLP and Practice Director of Technology Services at Cornerstone Advisors Group, LLP.  From 2000 – 2011, Thanh performed in multiple roles at Emerson Hospital, including Interim CIO, Sr. Director of Technology Services, and HIPAA Security Officer.  From 1998 – 2000, Thanh served as an Information Technology Manager at First Consulting Group, a firm focused on Healthcare specific IT consulting services, and from 1995 – 1998, Thanh started his career in an Information Technology Leadership Development Program at Digital Equipment Corporation.

As an Information Technology executive, Thanh’s passion has been focused on applying his knowledge of IT operations, technology infrastructure, and cyber security, to help protect the privacy and confidentiality of patient health information for the patients served by South Shore Health. Thanh orchestrated the transformation of South Shore Health’s Cyber Security Program, including staffing, program development, and cyber security controls and technology investments. Thanh has obtained a Certified Information Systems Security Professional (CISSP) certification and recently completed a HITRUST Certified CSF (Cybersecurity Framework) Practitioner’s program. Thanh holds a bachelor’s degree from Babson College, Wellesley, MA.

Platform

I would like to apply my experience as an IT executive/leader, knowledge of IT operations, information technology, and passion for cyber security, to help transform our industry and share the knowledge & experiences that will help others protect the privacy and confidentiality of patient health information within their communities and across the country.

I would envision developing a long-term and sustainable program that would engage other individuals across the industry to embrace cyber security programs, as business and clinical enablers. Develop programs that will help future-, young-, and aspirational minds that will apply their knowledge and experience to further improve cyber security programs across our industry and for the next generation.