Michael Garvin Email and Phone Number

Reports to and works in conjunction with Pendo's Chief Information Security Officer on compliance-related programs, with an initial focus on a FedRAMP Authorization initiative. Works closely with engineering, product, and corporate IT teams using Agile practices to achieve the goals of these programs.Provides analysis and implementation guidance of NIST 800 series, FedRAMP, PCI DSS, HIPAA, and other related compliance requirements and regulations. Plans, implements, and maintains Cloud and endpoint security controls to protect the confidentiality, integrity, and availability of data and information systems. Works closely with engineering and product teams to deliver compliance requirements, provide consultation, and validate implementation. Communicates compliance requirements, deliverables, and project status to stakeholders, leaders and external partners. Drives cross-functional execution and validation of compliance deliverables. Builds, executes, and maintains continuous monitoring functions and deliverables. Drives vulnerability remediation in accordance with compliance requirements. Monitors performance metrics, review logs, and conducts periodic audits to verify the effectiveness of security controls. Writes, edits and manages a wide variety of information security policies, procedures, and other documentation to meet compliance requirements.

Lead a team, in collaboration with various technical and business resources, reporting directly to the CTO that analyzes Health System information technology needs, evaluates existing and new technologies and processes, and drives Information Technology (IT) transformation by creating innovative solutions in partnership with other DHTS teams (Engineering, Service Delivery and Operations, Project Management office, etc.). The new IT landscape includes solutions such as Continuous Integration and Continuous Delivery (CI/CD), DevOps, Containers and Cloud, and APIs, which present new opportunities to better serve patients, their loved ones, and each other.The team, in collaboration with the Duke Institute for Health Innovation (DIHI), the Digital Strategy Office (DSO), and other innovation resources, brings project concepts to life, iterating on and maturing ideas to proofs-of-concept and prototypes working with business partners and other key stakeholders, ultimately turning successful innovation into new products or services that serve customers’ strategic goals. This includes a holistic view of enterprise solutions, taking into consideration operational costs, clinical and/or other workflows, security/compliance, performance and capacity engineering, application development, systems management, etc.

Interim Chief Information Security Officer (CISO) for the Duke University Health System, leading the Information Security Office team which provides services to all of Duke Health's entities as well as academic departments, centers, and research institutes in Duke’s Schools of Medicine and Nursing. Responsible for establishing and managing Duke Health's information security program, including security strategy, governance, risk management, security policies, security awareness, vulnerability management, security event monitoring, and incident response.

Lead a team, in collaboration with various technical and business resources, reporting directly to the CTO that analyzes Health System information technology needs, evaluates existing and new technologies and processes, and drives Information Technology (IT) transformation by creating innovative solutions in partnership with other DHTS teams (Engineering, Service Delivery and Operations, Project Management office, etc.). The new IT landscape includes solutions such as Continuous Integration and Continuous Delivery (CI/CD), DevOps, Containers and Cloud, and APIs, which present new opportunities to better serve patients, their loved ones, and each other.The team, in collaboration with the Duke Institute for Health Innovation (DIHI), the Digital Strategy Office (DSO), and other innovation resources, brings project concepts to life, iterating on and maturing ideas to proofs-of-concept and prototypes working with business partners and other key stakeholders, ultimately turning successful innovation into new products or services that serve customers’ strategic goals. This includes a holistic view of enterprise solutions, taking into consideration operational costs, clinical and/or other workflows, security/compliance, performance and capacity engineering, application development, systems management, etc.

Technical Solutions Engineer addressing the needs of business with healthcare IT solutions.

Michael Garvin is the Director of the Security Simulation line of business within the Cyber Security Services (CSS) business unit, which develops and delivers Symantec's Security Simulation and Cyber Security Exercise offerings as well as Symantec's CyberWar Games. This team, responsible for their P&L, involves product management, engineering and software development, and research and delivery in collaboration with other teams within Symantec.

Senior Manager, Product Management, with Cyber Security Services (CSS) developing and delivering Symantec's CyberWar Games and Cyber Readiness Challenge, as well as cyber ranges.

Senior Principal Security Analyst with the Security Intelligence Group (SIG) / Information Security Services (ISS) developing and delivering Symantec's CyberWar Games and Cyber Readiness Challenge, as well as cyber ranges.

As a member of Symantec's global consulting services team for information security and compliance, Michael has been delivering client engagements around security and compliance including assessment, policy and standards, best practices, and architecture. He has assisted clients with the development of vulnerability management and policy compliance programs centered around risk management. Michael has been responsible for PCI assessments as well as development of Symantec's methodologies and deliverables.

Responsible for architecting, developing and delivering service provider offerings (collocation, managed hosting and data protection) to NCREN constituents. Responsible for security in the environment.

Responsible for installation and operation of a Sun Fire E12K for High Performance Computing (HPC) for genomics, under federal funding. Developed protection profiles for E12K domains to meet HIPAA requirements for medical research. Assisted with general Solaris and Sun related administration, troubleshooting and performance management.

Principal consultant for business clients, focused on IT consulting, design, operations and analysis. Responsible for client consulting and project delivery, and for business development and operation. Performed systems and network administration as well as resource and security audits and planning. Dealt with Windows and UNIX systems, networking, databases and security.

Responsible for designing a reliable, scalable and secure architecture for ISP and OSS operations encompassing networks, systems, applications and security and risk management. Developed vendor relationships, issued RFIs, and performed product evaluation and selection; delivered design, operation and best practices documentation. Installed and administered UNIX-based (Solaris) services and provided digital security expertise. Company ceased operations in 2001.

Responsible for customer engagements in pre- and post-sales technical support and delivery roles for UNIX environments (Solaris and Linux) with @stake, a digital security consulting company. Assessed needs, performed host- and network-based security assessments, and communicated results through verbal and written deliverables.

Responsible as a member of a geographic team for systems administration of worldwide corporate enterprise servers (Sun Solaris and HP/UX). Primary responsibility for a large-scale server and storage project (14-TB+ EMC) nearing go-live. Assisted in standards and best-practice planning. Member of the internal IT security committee.

Architected and implemented the Sun and Solaris infrastructure for xSP operations, and developed best practices and procedures. Sized and architected core business and customer services, and installed, maintained and tuned systems. Assisted with IP-based network design, implementation and management (NMS). Interacted with departments and customers in various roles. Assisted with data security design and implementation. Managed projects and personnel.

Pre-sales technical support as part of Sun's field sales force, covering education and healthcare. Responsible for customer interaction including sales calls, needs analysis, sizing, architecting and performance tuning. Developed familiarity with Sun's products and strategies. One of Sun's High Performance Computing (HPC) ambassadors.

Systems administration and development for Eos and Unity, distributed heterogeneous UNIX environments for education and research with over 1,000 workstations and 100 servers. Administered clients and servers using Kerberos, Hesiod and AFS over an IP network. Developed and maintained critical systems software. Managed full- and part-time staff.

System and network administration and facilities management to support research and administrative computing for Mechanical and Aerospace Engineering, as well as the Mars Mission Research Center. Responsible for developing and maintaining a distributed environment of UNIX systems (Sun, SGI and DEC), PCs and Macs. HPC for CFD/DSMC development. Ethernet and AppleTalk network administration. Hardware troubleshooting and repair. WWW administration and development (HTML and CGI).