Current Threat Level NHISAC Threat Status



Board of Directors

James Routh Aetna, Inc. – James Routh – CISM, CSSLP, Chief Information Security Officer
Mr. Routh leads Global Information Security with over 20 years of experience as a practitioner, management consultant and leader of technology and information security functions for global service firms.  Prior to Aetna, he was the Global Head of Application and Mobile Security for JP Morgan Chase, and CISO for KPMG, Depository Trust and Clearing Corporation, and American Express.  Mr. Routh is also Chairman of the FS-ISAC Products & Services Committee and former Board member.
Nikolay Chernavsky Amgen – Nikolay Chernavsky – CISSP, CISM, CRISC, Director of Information Security
Mr. Chernavsky is responsible for architecting and engineering security solutions to address current and emerging threats in this digital age of borderless communications.  Prior to Amgen, he led IT initiatives at National Oilwell Varco Company.  Mr. Chernavsky holds a Bachelor of Science degree, Belorussian Polytechnic University; a Masters in Information Security from Boston University; and completed the NSA Digital Forensics Program.
Emory University – Brad Sanford, Chief Information Officer
Brad Sanford currently serves as the Chief Information Security Officer for Emory University where he has overarching information security responsibilities for both Emory University and Emory Healthcare. Brad has over 20 years of IT experience working for organizations such as Humana, Vanderbilt University, HCA, and Emory where he has focused on creating and leading Information Security programs and developing innovative Information Security solutions. Brad was a finalist for Southeast Information Security Executive of the Year in 2011 and was the recipient of the 2011 Healthcare Information Security Executive of the Year award for North America. Brad Serves on the Board of Directors for the National Health Information Sharing and Analysis Center (NH-ISAC) and is an active member of the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC). Additionally, Brad serves on the SANS Educational Advisory Board and on Customer Advisory Boards for Lancope and TippingPoint. Brad is also an Emory University faculty member within the Rollins School of Public Health where he teaches a graduate course on Information Security and Privacy.
Michael Wagner Johnson & Johnson – Michael Wagner, Senior Director, IT Risk & Information Management
As a member of the IT Risk Management and Supply Chain Leadership Teams, Mr. Wagner has responsibility for the IT Risk Management Operating Model, Worldwide Information Security, Digital Asset Risk Management and the Worldwide Records and Information Management Program.  Prior to J&J, he was Director of Information Security at Medco Health Solutions.  Mr. Wagner holds a BS degree in Biology, US Air Force Academy; and Master’s of Science degree in Telecommunications Management, University of Maryland.
McKesson Corporation – Chuck Kirk – Director of Security Operations
Chuck has worked in the IT Industry for over 29 years. His career started with main frame computers and data storage. Chuck moved into UNIX administration before getting into Networking and Security. Chuck’s progression moved him into security at some major financial corporations working in the fields of Computer Forensics, eDiscovery, Incident Response and Security Operations. His next step in his career led him into the HealthCare arena. Chuck is the Director of Security Operations at McKesson Corporation.
Terence Rice Merck & Co. – Terence Rice, Associate Vice-President, IT Risk Management and CISO
Mr. Rice is responsible for Information Security, IT Regulatory Readiness, Quality/Technical Assurance, Business Continuity Planning and Policy, and has held multiple roles at Merck, as Executive Director, Information Risk Management & Compliance within the Enterprise Technology & Application Services organization.  Prior to Merck, Mr. Rice served as Director of Global Information Security for Johnson & Johnson, and then in the consulting industry in a variety of roles.  Mr. Rice holds a BS degree from West Point; and a Masters of Science, George Washington University.
Partners Healthcare – Jigar Kadakia Chief Information Security and Privacy Officer CISSP, CIPP, CRISC
Jigar is the Chief Information Security and Privacy Officer for Partners Healthcare. He has more than 17 years of information security experience across multiple industry’s with a focus on healthcare delivery. Jigar holds a Bachelor of Science degree in Chemical Engineering from the University of Cincinnati and a Master in Business Administration from Xavier University.
Pfizer – Brian Cincera – Sr. Director, Worldwide Technology Infrastructure
Brian Cincera joined Pfizer in 2005 after working with the company as a consultant developing its digital credential and identity strategy. In his role in Business Technology Infrastructure, he is accountable for Security and Client Computing Services. This includes all service management for PC’s, printing, Email, Instant Message, IT Security, Identity & Access Management, audio & video conferencing and voice telephones.  Prior to joining Pfizer, Brian spent 15 years as a consultant and service provider, specializing in network, security and computer platform engineering. Brian’s customers included major healthcare, financial services, transportation, energy and telecommunications companies inside and outside the US.  Brian has a Bachelor’s of Science in Business Administration from Penn State University.
St. Luke’s Health System – Reid Stephan – Director IT Security
Mr. Stephan leads the enterprise IT security program at St. Luke’s Health System. He has over 15 years of experience in cyber security, including 9 years leading HP’s global corporate IT security incident response program. He has a Bachelor of Management Information Systems from the University of Idaho and an MBA in Technology Management from the University of Phoenix. He is a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and a Certified Professional in Healthcare Information & Management Systems (CPHIMS).

Stanford Health – Jeanie Larson – Associate Information Security Officer
Jeanie M. Larson, CISSP-ISSMP, CISM, CRISC is the Associate Information Security Officer at Stanford Health Care. Jeanie’s professional experience includes 25 years cyber security experience in both public and private sectors where she served in various leadership roles. In these roles, Jeanie managed both technical and operational information security components for U.S. and global corporations and agencies in various sectors including defense, intelligence, energy, telecommunications and healthcare.  Jeanie is a subject matter expert in cyber incident response, forensics and computer network defense.  She has developed strategies and capabilities to detect, respond to and recover from sophisticated cyber attacks.  As a civil servant, Jeanie led several cyber threat information sharing initiatives, collaborating with over 25 Departments and agencies on national cyber issues.  This effort resulted in an invitation to serve at the Executive Office of the President in 2009, where she established and led a joint agency program to enhance cyber threat information sharing under the National Information Exchange Model to support counterterrorism.

SureScripts – Paul Calatayud – CISO
Mr. Calatayud serves as the head of Information Security, Audit, and Enterprise Risk Management departments as the Chief Information Security Officer (CISO) for Surescripts. Prior to his role with Surescripts, Paul was Director of Information Security for United Health Group, a fortune 15 company, where he managed a department of 50 security professionals supporting over 150 k employees. Paul has 15 years of experience within information security which started by serving in the Army as an information security cryptographer. Paul has held progressive roles in information security at the Department of Defense, Medtronic, Comcast, BAE Systems, Best Buy, and Vesta; where he was head of security for a company processing billions of credit cards online each year. Paul holds multiple certifications including: CISSP, CISA, CISM, and GCIH. Paul was awarded mentor of year where he has been mentoring professionals within hacking certification courses for the last 6 years. Paul holds a B.S. in Information Technology, Masters in Information Security, and a PhD in Leadership. Paul sits on Academic Advisory boards at Capella, ITT-Tech, and Globe College. Paul is on the advisory board for CRAM and board of directors for EHNAC.
DK NH-ISAC – Deborah Kobza – Executive Director
Certified in the Governance of Enterprise IT and US Dept. of Justice Information Exchange Model, Mrs. Kobza has provided industry and government with 25 years of enterprise leading practices in IT, governance, regulatory compliance, pharma/medical device validation, cybersecurity, and education. Ms. Kobza is a member of the US HHS Sector Coordinating Council, Chair – SCC Cyber Legislation Committee, and member of the US DHS Critical Infrastructure Protection Advisory Council, US DHS Cyber Unified Coordinating Group, National Council of ISACs and various working groups. Prior to NH-ISAC, she provided services to US DHS, state government, and the health sector.
Back to Top