Current Threat Level NHISAC Threat Status



Board of Directors

James Routh Aetna, Inc. – James Routh – CISM, CSSLP, Chief Information Security Officer
Mr. Routh leads Global Information Security with over 20 years of experience as a practitioner, management consultant and leader of technology and information security functions for global service firms.  Prior to Aetna, he was the Global Head of Application and Mobile Security for JP Morgan Chase, and CISO for KPMG, Depository Trust and Clearing Corporation, and American Express.  Mr. Routh is also Chairman of the FS-ISAC Products & Services Committee and former Board member.
Nikolay Chernavsky Amgen – Nikolay Chernavsky – CISSP, CISM, CRISC, Director of Information Security
Mr. Chernavsky is responsible for architecting and engineering security solutions to address current and emerging threats in this digital age of borderless communications.  Prior to Amgen, he led IT initiatives at National Oilwell Varco Company.  Mr. Chernavsky holds a Bachelor of Science degree, Belorussian Polytechnic University; a Masters in Information Security from Boston University; and completed the NSA Digital Forensics Program.
Emory University – Brad Sanford, Chief Information Officer
Brad Sanford currently serves as the Chief Information Security Officer for Emory University where he has overarching information security responsibilities for both Emory University and Emory Healthcare. Brad has over 20 years of IT experience working for organizations such as Humana, Vanderbilt University, HCA, and Emory where he has focused on creating and leading Information Security programs and developing innovative Information Security solutions. Brad was a finalist for Southeast Information Security Executive of the Year in 2011 and was the recipient of the 2011 Healthcare Information Security Executive of the Year award for North America. Brad Serves on the Board of Directors for the National Health Information Sharing and Analysis Center (NH-ISAC) and is an active member of the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC). Additionally, Brad serves on the SANS Educational Advisory Board and on Customer Advisory Boards for Lancope and TippingPoint. Brad is also an Emory University faculty member within the Rollins School of Public Health where he teaches a graduate course on Information Security and Privacy.
Michael Wagner Johnson & Johnson – Michael Wagner, Senior Director, IT Risk & Information Management
As a member of the IT Risk Management and Supply Chain Leadership Teams, Mr. Wagner has responsibility for the IT Risk Management Operating Model, Worldwide Information Security, Digital Asset Risk Management and the Worldwide Records and Information Management Program.  Prior to J&J, he was Director of Information Security at Medco Health Solutions.  Mr. Wagner holds a BS degree in Biology, US Air Force Academy; and Master’s of Science degree in Telecommunications Management, University of Maryland.
Terence Rice Merck & Co. – Terence Rice, Associate Vice-President, IT Risk Management and CISO
Mr. Rice is responsible for Information Security, IT Regulatory Readiness, Quality/Technical Assurance, Business Continuity Planning and Policy, and has held multiple roles at Merck, as Executive Director, Information Risk Management & Compliance within the Enterprise Technology & Application Services organization.  Prior to Merck, Mr. Rice served as Director of Global Information Security for Johnson & Johnson, and then in the consulting industry in a variety of roles.  Mr. Rice holds a BS degree from West Point; and a Masters of Science, George Washington University.
Medtronic – Patrick Joyce – Vice President – Information Technology, Chief Security & Privacy Officer (CISO)
Patrick Joyce is responsible for all global functions, strategies, operations and execution related to all forms of security and privacy across the company, including IT/cybersecurity, physical/facility and travel security, identity & access management (IAM), the product/device security programs and data privacy. Within Global IT, he is also responsible for the global process teams supporting Master Data Management, IT Quality Management and Legal/Compliance.
Patrick joined Medtronic in 2005 to initially build the Corporate IT Audit function, providing audit and consulting services across Medtronic’s global business units, corporate functions and IT organizations. In subsequent roles, he has also had responsibility for leading Medtronic’s Global IT Program & Portfolio Management Office, as well as Medtronic’s Global Physical Security organization and many of the IT Core Process Teams.
Partners Healthcare – Jigar Kadakia Chief Information Security and Privacy Officer CISSP, CIPP, CRISC
Jigar is the Chief Information Security and Privacy Officer for Partners Healthcare. He has more than 17 years of information security experience across multiple industry’s with a focus on healthcare delivery. Jigar holds a Bachelor of Science degree in Chemical Engineering from the University of Cincinnati and a Master in Business Administration from Xavier University.
Pfizer – Brian Cincera – Vice President, Global Information Security at Pfizer
Brian Cincera joined Pfizer in 2005 after working with the company as a consultant developing its digital credential and identity strategy. In his role in Business Technology Infrastructure, he is accountable for Security and Client Computing Services. This includes all service management for PC’s, printing, Email, Instant Message, IT Security, Identity & Access Management, audio & video conferencing and voice telephones.  Prior to joining Pfizer, Brian spent 15 years as a consultant and service provider, specializing in network, security and computer platform engineering. Brian’s customers included major healthcare, financial services, transportation, energy and telecommunications companies inside and outside the US.  Brian has a Bachelor’s of Science in Business Administration from Penn State University.
Quest Diagnostics – Joe Adornetto – Executive Director IT Security
Joe Adornetto, joined Quest Diagnostics in 2009. With over $8 billion in annual revenue, Quest Diagnostics is the world’s largest provider of diagnostic testing, information & services. Joe is responsible for the strategic development of the company’s comprehensive global IT Security program. He provides the leadership and vision, aligning IT Security with the overall objectives of the business. He is responsible for providing IT Security leadership, vision, policies, technology direction and solution, strategy setting, within a risk based approach. His organization includes: Security Technical Services, Security Management, Identity and Access Management, Security Architecture, Risk Management, and Security Customer Management.
Prior to joining Quest Diagnostics, Joe served 14 years at Automatic Data Processing (ADP), where he was Vice President and Chief Information Security Officer (CISO). Prior to ADP, Joe’s career included executive positions at Public Service Electric and Gas Company (PSE&G), where he was general manager of IT operations, and at Mutual Benefit Life Insurance Company, where his responsibilities included Information Technology development and managing IT Operations.
St. Luke’s Health System – Reid Stephan – CISO
Mr. Stephan the CISO at St. Luke’s Health System. He has over 15 years of experience in cyber security, including 9 years leading HP’s global corporate IT security incident response program. He has a Bachelor of Management Information Systems from the University of Idaho and an MBA in Technology Management from the University of Phoenix. He is a HealthCare Information Security and Privacy Practitioner (HCISPP), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and a Certified Professional in Healthcare Information & Management Systems (CPHIMS).

Stanford Health – Jeanie Larson – Associate Information Security Officer
Jeanie M. Larson, CISSP-ISSMP, CISM, CRISC is the Associate Information Security Officer at Stanford Health Care. Jeanie’s professional experience includes 25 years cyber security experience in both public and private sectors where she served in various leadership roles. In these roles, Jeanie managed both technical and operational information security components for U.S. and global corporations and agencies in various sectors including defense, intelligence, energy, telecommunications and healthcare.  Jeanie is a subject matter expert in cyber incident response, forensics and computer network defense.  She has developed strategies and capabilities to detect, respond to and recover from sophisticated cyber attacks.  As a civil servant, Jeanie led several cyber threat information sharing initiatives, collaborating with over 25 Departments and agencies on national cyber issues.  This effort resulted in an invitation to serve at the Executive Office of the President in 2009, where she established and led a joint agency program to enhance cyber threat information sharing under the National Information Exchange Model to support counterterrorism.

SureScripts – Paul Calatayud – CISO
Mr. Calatayud serves as the head of Information Security, Audit, and Enterprise Risk Management departments as the Chief Information Security Officer (CISO) for Surescripts. Prior to his role with Surescripts, Paul was Director of Information Security for United Health Group, a fortune 15 company, where he managed a department of 50 security professionals supporting over 150 k employees. Paul has 15 years of experience within information security which started by serving in the Army as an information security cryptographer. Paul has held progressive roles in information security at the Department of Defense, Medtronic, Comcast, BAE Systems, Best Buy, and Vesta; where he was head of security for a company processing billions of credit cards online each year. Paul holds multiple certifications including: CISSP, CISA, CISM, and GCIH. Paul was awarded mentor of year where he has been mentoring professionals within hacking certification courses for the last 6 years. Paul holds a B.S. in Information Technology, Masters in Information Security, and a PhD in Leadership. Paul sits on Academic Advisory boards at Capella, ITT-Tech, and Globe College. Paul is on the advisory board for CRAM and board of directors for EHNAC.

Texas Health Resources – Ronald Mehring – Chief Information Security Officer / Senior Director, Information Security for Texas Health Resources
At Texas health Resources, Ron leads IT GRC, security architecture, security operations, and the IT BC DR program. His current initiatives are focused on improving team performance, improving resiliency management, integrating a threat-management architecture that accounts for present and emerging threats, and maturing a technology risk management program that is aligned with the strategic goals of the organization.
Ron began his career in technology for the United States Marine Corps. After 21 years of military service, Ron retired from the Marine Corps and joined the Department of Veteran Affairs where he led Compliance Assessment teams within the newly formed Oversight & Compliance group. He also served as the Department of Veterans Affairs’ Deputy Director for Network & Security Operations
Ron holds an MBA in Risk Management from NYIT and is a Certified Information Systems Security Professional (CISSP).
NH-ISAC – Denise Anderson – Executive Director
Denise Anderson has over 25 years of management level experience in the private sector. Denise is Executive Director of the National Health Information Sharing and Analysis Center (NH-ISAC), a non-profit organization that is dedicated to protecting the health sector from physical and cyber attacks and incidents through dissemination of trusted and timely information.
Denise currently serves as Chair of the National Council of ISACs and participates in a number of industry groups such the Cross-Sector Cyber Security Working Group (CSCSWG). She was instrumental in implementing a CI/KR industry initiative to establish a private sector liaison seat at the National Infrastructure Coordinating Center (NICC) to enhance information sharing between the private sector, CI/KR community and the federal government and serves as one of the liaisons. She is a financial and health sector representative to the National Cybersecurity and Communications Integration Center (NCCIC) — a Department of Homeland Security-led coordinated watch and warning center that improves national efforts to address threats and incidents affecting the nation’s critical information technology and cyber infrastructure. She sits on the Cyber Unified Coordination Group, (UCG) – a public/private advisory group that comes together to provide guidance during a significant cyber event – where she also represents the financial and health sectors.
Back to Top