Eric Sorenson

Eric Sorenson Email and Phone Number

Chief Information Security Officer (CISO) at doTERRA International LLC @ doTERRA International LLC
Eric Sorenson's Location
Salt Lake City Metropolitan Area, United States, United States
Eric Sorenson's Contact Details
About Eric Sorenson

CISO | CIO | Cybersecurity Pioneer in Global BusinessAs chief information security officer (CISO) and chief information officer (CIO), I architect, develop, and implement the technologies that keep private data safe from intrusions and theft.It seems that while companies are aware of the need for data security, they react to breaches rather than plan for potential threats. I do not believe that retrospection prevents the problem, so I also evolve my team’s strategies and techniques to stay more than one step ahead. Thus, it was truly exciting for me to join dōTERRA in 2016 to build the organization’s first comprehensive, global cybersecurity strategy. We needed first to manage and eliminate our existing risk and then define a infosec strategy that would both change the way we did business internally and externally as well as shift our culture to be more cognizant of potential threats. Within 2 years, we had a comprehensive program that aligned executive leadership vision and values into long-term information asset protection.To achieve this goal at the highest level, I structured a new way to think about cybersecurity culture first, information security technology second. By bringing our customers and vendors into my vision of cybersecurity culture--essentially, getting their buy-in for the standards and practices I consider critical and working within what they needed to be successful--I changed the way data is transacted among all of us.From my earlier days at HealthEquity to my CIO/CISO dual role at Arches Health Plan, and now as CISO with dōTERRA, I have evolved a set of information security programs and technologies that truly enable business and work within the commercial needs of our organization and our customers.Through this strategy, the private data of every contributor, customer, vendor, and stakeholder is equally protected within a powerful, shared cybersecurity ecosystem. Thus, all participants feel their information is more protected.

Eric Sorenson's Current Company Details
doTERRA International LLC

Doterra International Llc

View
Chief Information Security Officer (CISO) at doTERRA International LLC
Eric Sorenson Work Experience Details
  • Doterra International Llc
    Chief Information Security Officer (Ciso)
    Doterra International Llc Jun 2016 - Present
    Pleasant Grove, Ut, Us
    I was recruited to dōTERRA, as its first chief information security officer (CISO) soon after a major data breach at a third-party vendor compromised significant customer private data. Thus, I was in the position of having to immediately respond to and remediate this critical situation as well as to instill a security culture; technical strategy; and governance, risk, and compliance program to prevent a similar occurrence in the future.Right away, I put an action plan together and worked with our cybersecurity vendor to investigate the scope of the issue, identify indicators of compromise (IOCs), and close any remaining gaps in our strategy. Once we were confident that the immediate risk was well managed, I then reframed the way the organization protected its assets with a global security strategy that established both preventive strategies and technical response protocols. Overall, my plan first included aligning control objectives with ISO 27000, PCI, and EU GDPR, constructing a risk-based ISMS, and hiring an experienced compliance team. One of the biggest challenges—and one of my biggest wins—was ensuring that the executive team and the complete management hierarchy understood the implications of the business choices they were making with respect to information and cybersecurity risk. We collaborated quite well on determining our organizational level of comfort, with my strategic team serving as a business enablement partner throughout the organization. The company now has a comprehensive, global cybersecurity strategy with predictive and responsive components as well as supportive internal governance and communications, protecting us from the inside out (social engineering campaigns) and the outside in (controls and perimeter network security devices).To learn more about my work with building dōTERRA’s cybersecurity program, please connect with me on LinkedIn.
    View
  • Arches Health Plan
    Chief Information Officer (Cio) And Chief Information Security Officer (Ciso)
    Arches Health Plan Apr 2013 - Jun 2016
    When Arches initiated operations in 2013, it had no cybersecurity infrastructure; thus, I was recruited as CISO and CIO to envision, architect, and staff the program from the ground up. Because this was essentially Greenfield space, in terms of both industry and focus, I needed to maximize the information security and risk management as practiced in other industries--and go beyond the typical responsive cybersecurity plan.First, I recruited a top-flight, experienced team and coached them to my vision, which was to architect a system that was predictive and prepared rather than reckless and responsive.Next, I partnered with Armored Online, which provides data and transaction security for the financial industry and repurposed what they were doing for the health information and insurance space. Our success was phenomenal, as our clients were able to access our data via a secure portal providing point-to-point communications (plus digital signatures and digital encryption).At the same time, I ensured that in addition to our data housed locally, our vendor partnerships also were vetted for adherence to security standards as conditions for engagement. The Vendor Risk Assessment protocol, more advanced than the one I developed earlier with HealthEquity, improved our customer trust in a potentially risky environment.Meanwhile, I supported a cybersecurity risk awareness culture across our organization. Often cybersecurity is seen as obstructive; I made it empowering. Additionally, I made this proactive approach less expensive than our competitors’ reactive stance, which cut costs and enabled us to realign our technology spend to more forward-thinking approaches.
  • Secuvant Security Services
    Chief Information Security Officer (Ciso)
    Secuvant Security Services Nov 2015 - May 2016
    Farmington, Utah, Us
    As Secuvant was expanding its customer base, it brought me on as a consulting chief information security officer (CISO) based on my strategic and tactical cybersecurity expertise. We built a security operations center (SOC) with 24-hour event logging, support, and customer alerts.While I supported the executive team with a visionary approach to information security practice and implementation, I also served as a vCISO (virtual CISO) to Secuvant’s clients who need a strong risk assessment protocol and cybersecurity plan that aligns with their business demands.
    View
  • Healthequity
    Information Security Officer | Director Of Data Management
    Healthequity Nov 2008 - Apr 2013
    Draper, Ut, Us
    Similar to what would become my CIO / CISO cybersecurity program architecture experience with Arches, I initiated, designed, and built HealthEquity’s first information security program. I architected the entire program, clearly exceeding the highest cybersecurity standards in place at that time (see below for how we stumped Google’s ethical hackers).Because there was no central information security plan, as revealed by our inconsistent approach to partner security audits, I took the lead. First, I defined the plan, the department structure, and the team (plus securing executive buy-in). Then I outsmarted both our internal team . . . and Google.At one point, I wanted to demonstrate the key reasons a cybersecurity program was essential to our success, going beyond the need to prove our reliability to our partners. Thus, I created a social engineering experiment that sent phishing email (similar look and feel) from an outside server that requested credentials. More than 40% of recipients--both IT people and executives--gave up their private data. I immediately received budget for the proactive program I’d been designing.Around this time, as clients were testing our security system, Google approached us as well. It engaged ethical hackers to try to break into our system. For the first time in Google’s history, the team failed to breach our cybersecurity protocols. I still recall this experience as an incredible win for our group and as the foundation for strong barriers to malicious cyber intruders.
    View
  • Zions Bancorporation
    Senior Database Administrator
    Zions Bancorporation Jan 2006 - Oct 2008
    Salt Lake City, Utah, Us
    As senior database administrator, I managed business units' database systems, providing compliance with CIS (Center for Internet Security) standards and Sarbanes-Oxley. Also, I managed an SQL server consolidation project to reduce 200+ SQL Server 2000/2005 servers to 15 for $800K+ annual savings. In this project my recommended SQL Log Shipping as disaster recovery solution saved $8K/month per business unit.
    View
  • Ibm
    Team Lead | Technical Services Professional
    Ibm Mar 2002 - Jan 2006
    Armonk, New York, Ny, Us
    As Team Lead, I managed a team of 4 database administrators supporting the ING account, valued at $600M. In this position I supervised security requirements, maintained clients' database integrity, and collaborated with IBM management for better customer solutions. Of note, I was chosen by IBM management to assist Hibernia Bank in recovering 58 Intel servers damaged during Hurricane Katrina. During this period, I worked with high profile clients including Moody's Investor Services, Washington Mutual Bank, Williams-Sonoma, American Express, Honeywell International, and Amtrak.
    View

Eric Sorenson Skills

Leadership Management Disaster Recovery Process Improvement Strategic Planning Information Technology Security Team Building Information Security Program Management Customer Service Enterprise Software Computer Security Healthcare Sql Business Strategy Network Security Start Ups Databases Financial Analysis Hipaa Risk Management Data Security Business Process Improvement Ciso Cio Database Security Glba Chief Information Security Officer Health Insurance Operations Management Pci Dss Physical Security Regulatory Compliance Team Management Cyber Security Corporate Culture Health Information Ssae 16 Entrepreneurship Operating Budgets Cybersecurity Payment Card Industry Data Security Standard Ethical Hacking Compliance Indicators Of Compromise Encryption Business Development

Eric Sorenson Education Details

  • Westminster University
    Westminster University
    General
  • Utah State University
    Utah State University
    Business Information Systems

Frequently Asked Questions about Eric Sorenson

What company does Eric Sorenson work for?

Eric Sorenson works for Doterra International Llc

What is Eric Sorenson's role at the current company?

Eric Sorenson's current role is Chief Information Security Officer (CISO) at doTERRA International LLC.

What is Eric Sorenson's email address?

Eric Sorenson's email address is er****@****oof.com

What is Eric Sorenson's direct phone number?

Eric Sorenson's direct phone number is (800) 411*****

What schools did Eric Sorenson attend?

Eric Sorenson attended Westminster University, Utah State University.

What are some of Eric Sorenson's interests?

Eric Sorenson has interest in Beachbody Insanity, Children, Pretty Much Any Sport, Hiking, Science And Technology, Running, Usc Football, Fight On Trojans, Golf, Health.

What skills is Eric Sorenson known for?

Eric Sorenson has skills like Leadership, Management, Disaster Recovery, Process Improvement, Strategic Planning, Information Technology, Security, Team Building, Information Security, Program Management, Customer Service, Enterprise Software.

Free Chrome Extension

Find emails, phones & company data instantly

Find verified emails from LinkedIn profiles
Get direct phone numbers & mobile contacts
Access company data & employee information
Works directly on LinkedIn - no copy/paste needed
Get Chrome Extension - Free

Aero Online

Your AI prospecting assistant

Download 750 million emails and 100 million phone numbers

Access emails and phone numbers of over 750 million business users. Instantly download verified profiles using 20+ filters, including location, job title, company, function, and industry.