Jay Harmon

CTO, Wellcentive

A 30+ year veteran of business operations and leadership, Jay brings a combination of deep Information Technology, Information Security Management and Business Management experience to help organizations develop effective Information Security, Risk Management and Regulatory Compliance programs.

Not long after relocating to Atlanta as Vice President of Operations for Digital Doctor/MD datacor, Jay discovered his family was a victim of Identity Theft that resulted in over 1 million dollars in fraudulent transactions across multiple jurisdictions. After dedicating over 400 hours in the 6 months following the identity theft, and realizing that many corporations and government entities were ill prepared to help protect their customers private health, financial and personal information Jay became focused on the advocacy of corporate information security management principles. As a result of this experience he helped co-found BorderHawk, a cyber-security firm focused on information protection and security management for state and local government agencies, healthcare and entities deemed a part of the US “Critical Infrastructure” information protection. Often the “First Person In” Jay, is adept at interacting with multiple audiences, from technical resources to executive teams and boards with a goal of helping all parties improve their fundamental understanding of the reality of their information security program, its weaknesses and areas of future focus. He is routinely called on by a leading cyber security liability insurance broker to speak to their new clients to help identify operational, people and process activities that increase the company’s potential vulnerability.

Recently, Jay spent a year meeting & working with over 200 organizations involved in healthcare delivery, from large Covered Entities and Small Pharmaceutical practices; to large Cloud based service providers and small Coding firms operating as business associates to help identify gaps in their Information Security, Privacy and Compliance programs based on regulations mandated within the US Department of Health and Human Services, Office of Civil Rights, HIPAA, Omnibus Security and Privacy rule and the HITECH Act. As an outgrowth of this experience, Jay has authored a soon to be released Workbook & Field Guide for security officers and directors who are brand new to information security management, titled “Information Security Management 101, the beginners guide” an Information Security Management Game Plan for the New Information Security Director or Officer. While this material is introductory, it is mapped to both ISO IEC 27001/2 and NIST 800-30 so as they mature, their program matures with them.

Jay is well known, and highly regarded across both state and local government organizations, as well as the healthcare management community, participating on the National Association of State Chief Information Officers (NASIO) Information Security Committee; The Health Care Compliance Association (HCCA); Healthcare Information Management Systems (HIMSS) and the Healthcare Information Management Association (HFMA).

Jay’s unique combination of experiences, perspectives, and insights around information security and privacy were born in part from his own ID Theft experience and enriched through his work with Borderhawk on Information Security Management projects that span the United States and cross multiple industries.

Sample engagement highlights:
― Conducted State Agency Risk Assessments: FPLS for ST DOL, IRS Pub 1075 for ST DOR, ST DOC Social Engineering and Network Pen Test, ST DOE Audit Failure Remediation Project
― Managed Risk Assessments to include: Social Engineering and Network Penetration, External Vulnerability, Electrical Systems NERC Compliance – Operational and Physical, Network & Systems Penetration & Web App Pen Test; Regional Transit Authority utilizing NIST 800.30 and/or ISO 27001
― Designed, led and executed a Virtual Desktop Infrastructure Use Case and Security Assessment for Visa, Inc.
― Developed HIPAA compliance program for Digital Doctor/MDdatacor
― Led a dynamic information security team in a comprehensive review, analysis, restructuring and finalization of a financial service company’s policies and procedures in anticipation of a pending SOC 1 & 2 audit.
― Successfully lead information risk, information security, and cyber threat intelligence projects in Montana, Alaska, Oregon, California, Florida, New York, Las Vegas and Georgia.