Kevin Scharnhorst
CISSP, CISM, CCSP, CCSK, TOGAF
Download
Resume in:
Resume in:
CHIEF INFORMATION SECURITY OFFICER
Experienced C-level executive offering extensive leadership in cybersecurity, hybrid cloud, enterprise architecture, and risk management. 20+ years of experience with mid-to-large growth-mode technology, healthtech, and analytics companies. Degrees in Medical Informatics and Business. Lifelong passion for cutting-edge Information Security.
Security Program Management
Governance, Risk, & Compliance
Data Privacy and Sovereignty
Business Process Improvement
Risk Management
BCP & DR
Hybrid Cloud
Phishing Prevention
Incident Response
Penetration Testing
Data Loss Prevention
Global Business Growth
Third-Party Risk Management
Business Impact Analysis
Vulnerability Management
Enterprise Solutions Architecture
PROFESSIONAL EXPERIENCE
Chief Information Security Officer (CISO)
2014 – Present
Built Health Catalyst’s cybersecurity program from the ground up, expanding and hardening hybrid public cloud and on-prem data centers with 4,000+ end points globally. Established, grew, and managed annual investment of over 3.5M.
- Established enterprise security strategy and frameworks that consist of NIST risk management and cybersecurity frameworks, and CIS and SANS Critical Security Controls, ISO/IEC 27001/27002, and NIST 800-53.
- Created 12-person Information Security (InfoSec) team structured into Security Engineering (DevSec, purple team, 24/7 security operations center) and Governance, Risk & Compliance (GRC) for audits.
- Secured and maintained 5 independent HITRUST R2 certifications amounting to 600+ total requirements and 4 separate SOC 2 Type II audits that consider 4 of the 5 service trust principles – a key factor in retaining $43M in client revenues.
- Articulated organizational security and compliance risk to executive leadership and BOD Audit Committee).
- Aligned IT/IS with security, privacy, and data sovereignty laws in US, Europe, Singapore, and Middle East in preparation for expansion.
BUSINESS IMPACT
Key player in quadrupling client base from 20 to 80+ clients to become the leading data and analytics provider.
Single-handedly deployed Information Security Management System (ISMS) for a publicly traded healthcare vendor.
Navigated multiple acquisitions and $182M IPO.
VP Cloud Operations
2017 – 2018
Initiated and led transition to Infrastructure as Code (IaC) for 1500-person public company.
- Spearheaded 2-year migration from co-lo facility to Azure cloud, enabling faster deployment to nationwide clients while slashing CapEx investments.
- Co-developed multi-year hardware utilization forecasts to determine long-range hosting capacity requirements, allowing for clients to comfortably scale up to 50% across first year.
BUSINESS IMPACT
Established Health Catalyst’s initial presence in public cloud with data amounting to almost 1 petabyte.
Senior Technical Director | Technical Director
2014 – 2017
As an early hire, co-built and staffed 18-person ProServ program focused on digital transformation and analytics capacity-building for healthcare providers and accountable care organizations (ACOs).
- Directed concurrent client-facing projects on a 10- to 12-month lifecycle from requirements gathering and planning to deployment and execution.
- Teamed with informaticists, clinicians, administrators, and executives to steer analytics, technology roadmapping, and process redesign for data warehouse implementations.
BUSINESS IMPACT
Expedited time form initial deployment to ROI (for clients) from 8 months to 2 weeks.
Blue Cross of Idaho
Leading Insurance Provider | Meridian, ID
2009 – 2014
Software Engineering Manager | Senior Software Engineer
Took charge of 5 Engineering/Development teams, including newly formed Software Engineering group, to modernize the technology stack in a heavily regulated environment. As a well-regarded SME in Analytics, Engineering, and Healthcare, partnered with C-suite to review technology roadmaps and offer counsel on seven-figure investments.
- Instituted Agile and CI/CD, and migrated to n-tier SOA architecture, creating 12 services across 6 service families to eliminate redundancies and slash development costs by $500,000 over 2 years.
- Drove numerous Healthcare IT (HIT) initiatives, including automated member enrollment platform integrated with federal exchange and CMS; ZeOmega Clinical Care Management System; and $1.5M TriZetto Claim Processing tool linked to McKesson CareEnhance Review Manager, saving $150,000 in vendor fees.
- Energized cross-functional ‘tiger team’ to architect and launch Federally Facilitated Marketplace (FFM) Eligibility & Enrollment solution on an extremely tight (external) deadline.
- Guided technical resources across Software Engineering, Information Management, Operations, System Integration, and Network Services, offering training in Informatics and Software Development to 60+ staff.
- Hosted community outreach seminars for Ambassador Program designed to educate public on ACA legislation.
Micron Technology
Memory & Data Storage | Boise, ID
2000 – 2009
Software Engineer I-IV | Coder
Promoted consistently, serving as team lead and Oracle/SQL SME for 5-10 developers, analysts, and QA engineers while working on payment processor and internal/external web applications. Retained through 80% RIF.
- Pioneered realtime alternative credit payment processing system, including integrations with PayPal, SAP, and other SaaS products, achieving full PCI compliance through third-party audit.
- Played an integral role in on-time, on-budget execution of SAP migration (saving $1.5M in annual expenses), including porting over outdated code to new environment.
- Optimized response time over network and between database layers via benchmark testing.
- Innovated a price adjustment tool to completely automate website price modifications, saving $30,000/year.
LEADERSHIP & AFFILIATIONS
2020 – 2021
Featured Contributor
Open Clinical Decision Support (OpenCDS.org)
2013 – 2019
Adjunct Faculty
Northwestern University, Department of Medical Informatics
2013 – 2019
Adjunct Faculty
Treasure Valley Community College, Department of Computer Science
2014 – 2016
Board of Directors
Healthcare Information & Management Systems Society, Idaho Chapter
2014 – 2017
Board of Directors
Idaho Health Data Exchange
2014 – 2017
Founder & Director
BoiseFragFest (local community computer gaming league for youth)
ISC2 Member | ISACA Member | FBI InfraGard Member | The Open Group Member | CompTIA Member | AMIA Symposia Boy Scouts of America Leadership Volunteer & Eagle Scout
EDUCATION
Master of Science in Medical Informatics (MMI)
NORTHWESTERN UNIVERSITY, Evanston, IL
Bachelor of Business Administration (BBA)
BOISE STATE UNIVERSITY,
Boise, ID
Associates of Arts (AA)
BRIGHAM YOUNG UNIVERSITY, Rexburg, ID
TOOLS & TECHNOLOGIES
Security/Regulatory Frameworks
NIST CSF (800-53r4/r5, 800-171, 800-61, 800-34, 800-88), ISO/IEC 27001/27002, HITRUST CSF, HIPAA, PCI/DSS, COBIT, AICPA SOC 2/3, GDPR, CIS, SANS, FAIR
Security Engineering
CrowdStrike Falcon, Proofpoint, Cofense, Dell SecurWorks Taegis, Penetration Testing, Qualys, ObserveIT, Hyperproof, Audit Board, Symantec DCS, Sophos, Security Scorecard, Symantec Data Center Security, Trend Micro Deep Security, Workspace One, Dell KACE, Kali Linux, WireShark, A-SCEND
Healthcare Systems
EPIC, Cerner, Meditech, CPSI, Centricity, Press Ganey, NRC Picker, Blue Cross Anthem, Humana, Midas, CMS Claims Data, Facets, Care Advance, ZeOmega Jiva, McKesson InterQual CERMe
Operational
Jira Service Desk, Jira Confluence, ServiceNow, Ivanti HEAT, OpsGenie, Pager Duty, FootPrints
Operating Systems
Windows (all versions), Mac OS X, Linux, DOS, Novell, VMWare, Microsoft Hyper-V
Data Center Operations
Microsoft Azure, AWS, VMWare, SolarWinds Orion/DPA/Patch Manager, Qualys Vulnerability Scanner / Policy Compliance, Sophos UTM / XG Firewalls, Microsoft Remote Desktop Services, Splunk, Graylog, IDERA, Redgate, Pure Storage, NetApp, Infrastructure as Code, Site Reliability Engineering, Database Reliability Engineering, ITIL, SCCM, WSUS, Ivanti HEAT, CommVault, Rubrik
Programming
C#, VB.NET, Java, Windows Communication Foundation (WCF), Windows Workflow Foundation (WF), Windows Presentation Foundation (WPF), webMethods, DROOLS, ASP.NET, Visual Basic 6, SSIS, Web Services, ASP, SAP ABAP, CSS, PL/SQL, T-SQL, C++, Cold Fusion, Cobol, VBScript, VBA for Office, Crystal Reports, DotNetNuke Web Portals
DBMS/ Data Warehousing
SQL Server 2000-2019, Oracle 9i/10g (SQL Navigator, SQL Developer), Sybase, Microsoft Access, Health Catalyst Data Operating System, SQL Server Analysis Services, Informatica, Red Gate SQL Toolbelt, SSIS, SSAS, SSRS, SSMS, R, BIDS
Development Tools
Azure DevOps, Power BI, Visual Studio 2003-2016, Visual Studio.NET, Eclipse, webMethods, CentraSite, Informatica, Sparx Enterprise Architect, Rapid SQL, ClearQuest, TFS, Subversion, PVCS, Visual Source Safe, SQL Navigator, SQL Developer, Discover, Cognos, ProClarity, Visio.
SDLC
Agile, SCRUM, Waterfall
