Profiles search

Steve S.

Cybersecurity Instructor, Consultant, SME and vCISO
Clemson, SC, United States

Details

Education: Bachelor of Arts (B.A.)

History

Furman University

1983 : 1987

High School Diploma

College/University Preparatory and Advanced High School/Secondary Diploma Program

JL Mann High School

1980 : 1983
Experience: Cybersecurity Instructor, thought leader and subject matter expert for InfoSec Institute, the worlds leading information security training and education company. Focus on equipping and enabling students to pass a range of information security related certifications such as CISSP, CISM and other exams through innovative and effective teaching techniques. A member of Infosec's Speakers Bureau, I am a recognized speaker on cybersecurity topics including cybersecurity and compliance, cybersecurity governance, information security program development, information security program leadership, information security and cultural alignment, framework adoption and cybersecurity strategy. I am an author, contributor and consultant on Cybersecurity thought leadership articles and other media.

2021 : Present

Infosec Institute, a division of Cengage Group

Cybersecurity Instructor, Speaker and SME

Provide leadership and program development expertise in CISO-level role as acting fractional CISO and vCISO for healthcare, banking and technology clients. Implemented methodologies for developing and tracking information security programs and leading them to maturity. Developed and lead 3rd party risk management strategies and vendor best practices to protect sensitive information managed by vendors. Developed comprehensive strategies for information security program development including framework implementation, risk assessment methodologies using CIS20 tools and CSET, policy and procedure development workshops, SIEM/SOC deployment on the RocketCyber and other platforms, and incident response procedures. Managed HIPAA compliance, frameworks, and information security compliance using NIST800 CSF, CIS Top 20, and CMMC. Created comprehensive infosec program and strategy with deep knowledge of security frameworks, controls, training, policies and policy review tools, and acculturation into new security environment.

2020 :

Patronus Security LLC

Lead Security Consultant and vCISO

Responsible for creating and managing a new Information Security and Compliance Practice at Huron within the Healthcare Technical Services Group.

2019 : 2020

Huron

Senior Director Security

Elevated standard of conformity, adherence, and authority for compliance function in CISO-level role in which created and executed vision for HIPAA and information security from regulatory compliance from framework perspective. Earned rapid promotion for foresight, leadership, and proactivity in direction of security strategy implementation. Collaborated with technical team leader (dotted-line report) on technical aspects of program management and delivery. Oversaw IT, leading vendor best practices to defend and protect private health information. Managed HIPAA compliance, frameworks, and information security compliance within NIST800 and other relevant frameworks.

Created comprehensive infosec program and strategy with deep knowledge of security frameworks, including required controls, training, policies and policy review tools, and acculturation into new security environment.

Led company successfully through first SOC-2 audit. To prepare, completely rewrote security policies, built policy maps to comply with regulations and to work with required framework. Created standard policy template with all relevant data, standardized for usability and trackability.

Proactively set objective standards for security performance, according to organizational need,

Implemented tool to manage compliance management activities, logging every required controls activity automatically in advance of audits.

Earned stakeholder buy-in for complex infosec program, learning context of users’ and companies’ needs at every level; educated teams across business on nuanced and necessary infosec strategy.

Implemented Better Cloud tool to manage Google Drive implementation created controls on Amazon Web Services; moved system completely to Google Platform while mitigating security concerns.

Delivered phishing testing / simulation campaign and penetration testing that exceeded HIPAA requirements.

2018 : 2019

COTA, Inc.

VP of InfoSec and Compliance & CISO

2018 : 2018

COTA, Inc.

Director of Information Security and Compliance
Company: Infosec Institute, a division of Cengage Group
Years of Experience: 16

Skills

Access Control Management, Access Controls, Analytical Skills, Audits, Business Continuity, Business Continuity Planning, CISO, Compliance, Computer Security, Consulting, Disaster Recovery, Electronic Medical Record (EMR), Executive Leadership, Healthcare, Health Care Consulting, Healthcare Information Technology, Healthcare Information Technology (HIT), Health Information Security, HIPAA, HIPAA Compliance, HITECH (Health Information Technology for Economic and Clinical Health) Act, Hospitals, Information Security, Information Security Awareness, Information Security Consultancy, Information Security Governance, Information Security Management, Information Security Standards, Information Technology, Leadership, Management, Management Consulting, Meaningful Use, Network Security, Penetration Testing, Physician Practices, Program Management, Project Management, Public Speaking, Regulatory Requirements, Risk Analysis, Risk Assessment, Security, Strategy, Team Leadership, Training, U.S. Health Insurance Portability and Accountability Act (HIPAA), Vendor Management, Vulnerability Management, Vulnerability Scanning

About

HEALTH INFORMATION SECURITY | RISK ASSESSMENT | REGULATORY COMPLIANCE

Steve Spearman



I coach health care institutions to craft, implement, and steward effective information security, risk assessment, and HIPAA compliance policies and programs.



Over years of working in this industry, I have helped hundreds of health care organizations prepare for and succeed through risk assessments and audits around HIPAA compliance and health information security. To that end, I also have built a reputation for best-in-class expertise:



➡ Regular contributor to Healthicity’s company blog, publishing on risk assessment, ransomware, and HIPAA compliance.



➡ Conference presenter at HealthCon 2016 on risk assessment and security awareness, HIPAA, and information vulnerability.



➡ Conference presenter at HIMMS Conference 2016 on assessing risk of medical devices.



➡ Presenter to HIPAA Chat radio show, with 300–400 registrants each month.



➡ Presenter to webinars attracting 1000+ registrants. Topics have included HIPAA security essentials and more.



➡ Developer of infographic on successful and failed physician and hospital audits, which was shared thousands of times for tens of thousands of views.



I joined COTA in early 2018, where I currently serve in a CISO-level information security leadership position. Prior, I worked for Healthicity, which purchased my former company, Health Security Solutions, in 2016 (see below). In this company, I lead health information risk assessment strategy and audit preparation practices. To learn more about my work with both organizations, please connect with me on LinkedIn.