Our People: ITRM Leadership
Brian Selfridge, Partner
Brian is an experienced healthcare information security leader with roots in “big four” security consulting, having previously worked at PricewaterhouseCoopers’ healthcare security practice. At PwC, Brian advised organizations on the development and execution of information security programs and specialized in identity and access management, IT strategy, web and application security, electronic health records security, and health information exchange services. Prior to joining Meditology, Brian served as the CISO for an industry-leading healthcare provider where he developed and implemented a strategic plan to safeguard the confidentiality, integrity, and availability of patient health information and systems. Brian holds a CISSP certification and is also certified by the NSA in information systems security and information assurance.
Nadia Fahim-Koster, Director
Nadia is an experienced information Privacy and Security leader, bringing over 14 years of directly relevant, operational experience in healthcare privacy and security to her clients. Prior to joining Meditology, Nadia served for almost six years as the CISO at Piedmont Healthcare, one of Atlanta’s premier health systems and as Chief Privacy Officer in her last year with Piedmont. Prior to that, she led the Information Security and Privacy department at Gwinnett Health System, a large regional provider. She has deep experience in the development, implementation, and operation of a corporate information privacy and security compliance programs, including identifying and addressing all applicable regulatory requirements, including HIPAA, HITECH, and PCI, and identifying and integrating privacy and security best practices.
Tyrone Jeffress, Director
Tyrone is an experienced consultant who advises his covered entity and business associate clients on cybersecurity, privacy and compliance matters. His expertise includes HIPAA security risk assessments, HITRUST certification, SOC 2 certification, security governance and strategic planning, vendor risk management and cloud security best practices.
Tyrone has in-depth knowledge of security industry standards such as NIST, ISO 27001, ISO 27002, HITRUST CSF and the Payment Card Industry Data Security Standard (PCI DSS). He is a technical leader in Meditology’s IT Risk Management practice and has led penetration assessments, network vulnerability scans, medical device assessments and firewall configuration reviews. His clients include multi-facility health systems, health insurance payers, and business associate organizations of all sizes and complexities.
Bethany Page, Manager
Bethany advises a variety of healthcare clients on healthcare compliance matters. Her experience includes Meaningful Use compliance, HIPAA privacy and security assessments, remediation planning and project management, Office for Civil Rights investigations, HITRUST Common Security Framework remediation and other pertinent federal and state healthcare technology requirements. She is a lead team member in Meditology’s Privacy Practice and represents the firm on national standards committees, such as ANSI. Her clients range from small physician practices to large health systems.
Ryan Freeman-Jones, West Coast Office Lead
Ryan is an experienced HIPAA Security and Privacy Officer, with over 5 years of experience in IT Risk Management. He serves as a primary Subject Matter Expert in Information Technology and Cyber Security. He also has extensive knowledge in compliance requirements such as HIPAA, HITECH, PCI-DSS, NIST, ISO and other regulatory, and risk standards. Ryan was one of the chief architects of the M.S. in Cyber Security program at Valparaiso University. His combination of both security experience with hands-on operational leadership sets him apart and will make him an especially valuable member of the IT Risk Management community.
Bob Quandt, Nashville Office Lead
Bob Quandt is an experienced healthcare security leader with over 16 years’ experience in both the provider and business associate space. Prior to joining Meditology, Bob was the Vice President of Information Security and ISO at Sharecare (formerly Healthways) where he led the information security function for more than 5 years. He also led an IT audit function and worked in security, application development and internal audit at a Fortune 100 healthcare provider.
Bob is a Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) and a member of the Middle Tennessee ISACA and ISSA organizations. Bob received his degree from Middle Tennessee State University and was honorably discharged from the United States Marine Corps.
Kevin Sacco, Denver Office Lead
Kevin Sacco is a diverse consultant with over 15 years working in the Information Security, Compliance and Privacy fields. He is an information security subject matter expert working on a variety of engagements. Prior to Meditology, Kevin worked in PricewaterhouseCoopers’ security consulting practice where he led and worked on numerous information security engagements. He has experience conducting large complex assessments, advising and project managing remediation efforts, conducting vulnerability scanning and penetration testing, designing program governance and strategy and supporting product engineering teams in the development of technologies to be compliant with required security standards.
At Meditology, Kevin focuses exclusively on penetration testing projects. Kevin has held the following certifications during his career: CIPP/US, PCI ISA, CISA, CISSP, CPISM, GSEC, CCNA, MCSA: Security, Network+, Security+ and A+.