Mark Herron Email and Phone Number

Senior Security Consultant at tw-Security, a healthcare information security and privacy consulting group specializing in hospitals, clinics, other medical institutions, and business associates of all size. Services include risk analysis, system assessments, compliance demonstrations with tangible evidence (including crosswalks and dashboards), executive and board reporting, framework planning and implementations (including HIPAA (Security, Privacy, Meaningful Use, and Safe Harbor, etc.) HICP, CSF, NIST SP 800x, ISO 2700x, HiTrust, PCI, GDPR, etc.), incident response, tabletop exercises, 3rd-party risk assessment and management, disaster recovery planning and documentation, security awareness and training, policies and procedures, virtual CISO and security program development and ongoing management, and more.

Associate Vice President and Chief Information Security Officer responsible for direct and indirect institutional information security efforts including information security department and SOC functions and staffing (8 FTEs plus one 1/4 PT consultant). Member of university IT leadership reporting to the CIO. Major projects and sponsorship include endpoint detection and response rollout, 24x7 monitoring and alerting, vulnerability management and attack surface reduction, phishing simulations and awareness training, privileged access management, multifactor authentication, expansion, cyberinsurance readiness, disaster recovery with ransomware tabletop exercises, vendor/3rd-party risk management, identity and access management improvement, email and communications security improvement, patch management/enterprise coordination, etc.

Assistant Vice President and Information Security Officer reporting to the CIO. Leader of the Information Security Office (ISO) and staff. Responsible for all aspects of information security at UB and participant in SUNY and NYSERNET information security activities. The ISO practice consists of Security Operations, Risk & Compliance, Incident Response, Training & Education & Awareness, plus operations of the office itself, interacting with both central and distributed IT organizations and first-responder & support staff across the multiple schools and campuses of UB.

A member of the OIT executive council and HIPAA Security Officer, the CISO is charged with improving, maturing, and communicating the CMU information security program to keep all CMU data, systems, and users safe. Responsibilities include program definitions and direction, continuous monitoring and response, identity management team leadership, implementing information security best practices and frameworks where appropriate, cybersecurity investigations, security awareness, adapting to changing perimeters and threat landscapes, ensuring and demonstrating regulatory compliance with requirements applicable to higher education, and more.

Senior analyst, information professional, and architect in information security with FISMA and HIPAA specialization and experience as applied to scientific research and higher education, in conjunction with leading healthcare industry partners. Information Security responsibilities in building, securing, and maintaining the "Secure Research Environment" including controls to meet HIPAA and FISMA requirements and recommendations, sponsored by the CWRU Information Technology Services department in partnership with enterprise-class IT datacenter and professional services companies, and designed for secured and high-availability use by multiple tenants, including the CWRU School of Medicine, the Institute for Computational Biology, and the Case Comprehensive Cancer Center. Duties include design, planning, building and maintenance, plus consultation, presentation, and interfacing at all levels with multiple administrative and technical departments at Case and with partner institutions, plus incident response and ongoing Information Security responsibilities for all of CWRU.

FISMA official and IT Coordinator for the CWRU National Children's Study, Study Center (Ohio location) in the Department of Environmental Sciences, at Case Western Reserve University School of Medicine. Senior analyst in information assurance with FISMA specialization in scientific research, plus internal institutional consultant for HIPAA Security and other information security matters. FISMA and federal contract and grant-related assurance duties pertaining to human subjects research. Major duties include obtaining and maintaining formal, FISMA authority to operate (ATO), plus creation, maintenance, and submission of all compliance and accreditation (C&A) artifacts to the Federal mission assurance team, including: privacy impact assessments, risk assessments, security plans, security assessments, plans of actions and milestones, continuous monitoring reports, and more. HIPAA Security consultation on institutional matters pertaining to design, implementation, and maintenance of healthcare-related systems and handling of protected health information (PHI) or personally identifiable information (PII). Study center IT coordination including planning, procurement, inventory, change control, documentation, reporting, and implementation of on and off-campus controlled Windows desktop environment and Windows and Linux, virtual server/host and database environment. Coordination of institutional and departmental IT support groups and participation in School of Medicine Administrative Computing Department activities and CWRU ITS Information Security Department activities. Coordination of and presentation in periodic institutional systems administrators meetings. Periodic FISMA, HIPAA, and Compliance-related presentations to faculty, staff, and/or students.The National Children's Study: http://www.nationalchildrensstudy.govCWRU School of Medicine: http://casemed.case.edu/

Director of Information Services' Information Security department, reporting directly to CIO with responsibilities for strategic and daily departmental activities.=============*Major security responsibilities include oversight of security analyst staff, systems access authorization and tracking, Information Systems' risk management and audit response, incident and complaint handling, computer forensics, policy development and publication, security awareness communications, and consultation on information security issues in daily, departmental procedures and operations, as well as major hospital initiatives. *Design and implementation of standards-based (ISO 17799/27002) Information Security program for the hospital’s information systems that also includes HIPAA Security and Payment Card Industry (PCI) compliance, covering disaster recovery, change management, technical risk/vulnerability discovery and management and more. *Project sponsor and manager for major Information Security projects, including email encryption, social security number study and reduction of use initiative, change control process development, portable hard drive and removable media encryption, proper device disposal, and more.*Member of hospital leadership committee, IS Management committee, Continuous Management Process Improvement committee, Institutional Safety committee, and non-voting member of Institutional Review Board (IRB), plus member of as-needed incident response workgroups reporting to COO, CFO, Compliance & Legal Counsel, Human Resources, Marketing and other hospital officials.

Manager of HIPAA PMO for Cleveland Clinic Health System. Also Supervisor and Team Lead for ITD's Network Support Services Enterprise Technologies Team.===============* Management of health system HIPAA PMO program, projects, meetings, and consultant staff, including leadership, coordination and participation in multiple enterprise committees and workshops involving information security, information technology, legal, human resources, corporate compliance, marketing, administrative, research, education, physician/providers, and others. Focus on HIPAA Security, HIPAA Privacy and HIPAA National Provider Identifier (NPI) compliance efforts.*CCHS Information Security Official (ISO) responsible for coordination of enterprise-wide risk assessment and mitigation efforts, including incident response and investigations, risk & technical vulnerability assessments, policy development, disaster recovery and business continuity, and educational awareness training and tools. Also served as departmental, divisional and institutional representative for internal and external meetings and presentations, including organizer/facilitator and presenter for 2005 and 2006, CCHS Information Security Department Strategic Summit, defining and developing annual Information Security strategic & budgetary plans.* 2.5 years as NSS Team Lead, providing daily supervision, leadership, and 24x7 accountability of 14 - 17 full-time positions in multiple, disparate locations. Responsibility for support teams and equipment included 127+ servers and 20,000+ interfaces and the EPIC/MyChart rollout team, MS Citrix server support team, Email support team (Groupwise and MS Exchange), Public Clinical Workstation (PCW) support team, and Remote Access support team.*CCF Family Affairs, Service Excellence, and Service Relations Planning Committees volunteer member (periodic, year-round celebration planning and implementation for corporate events with 1,000-45,000+ attendees).

Manager of Network Services Department and Network Administrator for Baldwin-Wallace College in Berea, Ohio.==============*Departmental management duties including personnel, budgetary, contractual, project planning, management & implementation, student worker, and contractor oversight duties, plus weekly divisional management meetings for strategic and tactical coordination with other IT departments. *Management and Future Technology Planning Committee member with direct technology involvement in most construction and renovation projects, including 2 major new building constructions, 2 major building renovations, ongoing office, lab, and classroom renovations and moves, and periodic student computer lab renovation.*Responsible for all network technology integration, planning, implementation, maintenance, and service duties, including daily management and administration of world class, high-availability (24x7x365) computing network, network services, and server farm, plus connectivity to the Internet. Project accomplishments including: campus network redesign and expansion; network backbone upgrade; wiring/connectivity of all residence halls; creation of discrete 1000+ user residential network (RESNET) with separate services, network closets, and hardware, plus academic network inter-connectivity; Internet traffic shaping to accommodate dynamic academic and residential missions, requirements, and demands; remote campus classroom and lab creation with WAN connectivity; discrete Buildings & Grounds network and IP-based HVAC building monitoring system; remote access system installation and maintenance; Internet and Intranet firewalls and DMZ; network-wide real-time device documentation and performance monitoring; multiple server and database upgrades including Alumni/Development, Food Service, ID Office, Payroll, Financial Aid, college Archive office, and the academic library systems.

IT Project Manager and Analyst for mission critical applications and distributed computing implementations for National City Corporation (bank) in Cleveland, Ohio.

Local Area Network (LAN) Administrator in the Network and Service Support group for manufacturer of wireless inventory control systems in Fairlawn (Akron), Ohio.

Senior Applications Analyst & Programmer in LAN Planning and Operations Division for American Greetings Corporation, a greeting card and other merchandise manufacturing company in Cleveland, Ohio.

Biology and Chemistry Departments, Graduate Teaching Assistant, Biology Graduate Student (3 years). Also part-time science instructor & substitute teacher, and technology assistant at Gilmour Academy (Gates Mills, Ohio) 1991-1994.