Daniel Nutkis

Chief Executive Officer

Daniel Nutkis is the founder and Chief Executive Officer for HITRUST. Mr. Nutkis has more than 20 years of experience in providing strategic advisory services in areas relating to health information technology. His recent focus has been on technologies that enable information protection and strategic business objectives. Prior to founding HITRUST, he held various positions with email encryption and e-prescribing service company Zix Corporation (NASDAQ: ZIXI), including Executive Vice President, Strategy, and President, Care Delivery. He was also with Ernst & Young LLP’s healthcare emerging technology groups as National Director. He has led a number of industry research activities on eHealth vulnerabilities and has been a founding member of work groups and accreditations such as WEDI, CPRI and HCISPP.

Dan has also been recently recognized as a top information security influencer in 2014 by SC Magazine, and in 2015 by Health Information Security Magazine.

Michael Frederick

Vice President – Operations

Michael Frederick has 20+ years’ experience in information security. He is currently the Vice President of Operations at HITRUST. Prior to joining HITRUST he was CEO of The Frederick Group, a professional services firm focused on security risk management in healthcare. He served as Chief Information Security Officer (CISO) for eight years at a large healthcare system. While in this role, he led the organization in becoming the first hospital system to be certified under the HITRUST CSF and was the industry lead in the provider space during the development of the CSF. He has been a speaker at numerous security events and has been published on the topics of risk management, applying security practices within an organization, and how to build an effective security organization. Prior to his CISO role, he was a security architect, security manager in industry and a security consultant in various large accounting firms. He has been a Certified Information System Security Professional (CISSP) since 1999.

Bryan Cline

Vice President – Standards and Analytics

Bryan Cline, Ph.D. is the Vice President for Standards and Analytics and provides thought leadership and guidance for the healthcare industry’s model implementation of the NIST Cybersecurity Framework. Responsibilities include a broad range of HITRUST risk management framework support such as requirements integration, control specification, and the development of standards, methods, processes and tools that healthcare organizations can use to facilitate the integration and assessment of the CSF in their information protection and cybersecurity programs. As a former senior advisor and VP of CSF Development and Implementation, he worked closely with the THSA to develop SECURETexas—the first state program of its kind certifying compliance with federal and state requirements for the privacy and security of health information—and is considered the ‘father’ of the HealthCare Information Security and Privacy Practitioner credential for spearheading its development with (ISC)2. Dr. Cline has also served as the Chief Information Security Officer for Catholic Health East and The Children’s Hospital of Philadelphia in addition to his 20+ years in the Department of Defense as an information systems and information security professional, including the CISO role at the Headquarters, Allied Air Forces Southern Europe. He’s spoken at multiple conferences and symposia on information security and privacy risk management in the healthcare industry and published articles and papers on risk management and security engineering in several journals and proceedings. Dr. Cline’s professional certifications include the CISSP-ISSEP, CISM, CISA, HCISPP, CIPP/US, CCSFP, NSA IAM/IEM, MCIATT and DoD’s CAP in project management.

Ken Vander Wal

Chief Compliance Officer

Ken Vander Wal’s role as Chief Compliance Officer at HITRUST involves providing supervision and oversight to the HITRUST CSF Assurance program. In this capacity, he is responsible for ensuring the quality, completeness and adequacy of the work performed by CSF Assessor organizations. Mr. Vander Wal joined HITRUST after retiring from Ernst & Young where he was a partner in the Technology and Security Risk Services (TSRS) practice and responsible for its global TSRS quality and risk management program. With almost 40 years of IT experience, he has experience in a variety of industries in multiple areas of information systems, including systems development, systems programming, project management, quality assurance, IT auditing and systems security. As the national leader of TSRS quality, Mr. Vander Wal was responsible for ensuring quality was an integral component of Ernst & Young’s methodologies, engagement staffing and service delivery. In this role as well as his previous roles, he served major clients as the IT audit engagement partner or as the quality assurance partner. Mr. Vander Wal is a member of the American Institute of Certified Public Accountants and the Information Systems Audit and Control Association. He is both a Certified Public Accountant and a Certified Information Systems Auditor.

Eric Moriak

Manager – Assurance Services

Eric Moriak has 30+ years’ experience in information systems, IT audit, and information security. He is currently the Manager of Assurance Services at HITRUST. Prior to joining HITRUST he served as both the director of Information Security and the director of IT audit for Children’s Health System of Texas. He has also served as a director of IT audit in both Heavy Manufacturing, and Construction. He has also supported both IT and audit functions in the Oil & Gas and Computer Service industries. While in his role at Children’s, he helped the organization become certified under the HITRUST CSF. He has been a guest speaker at numerous universities and has made presentations at MIS, ISC2/ASIS, and ISACA events. He has also published articles on DLP and SIEM. He is currently a Certified Information System Security Professional (CISSP), a Certified Internal Auditor (CIA), a Certified Information Security Auditor (CISA), a Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT), and a Certified CSF Practitioner (CCSFP).