Kevin Scharnhorst

Kevin Scharnhorst web CV

Kevin Scharnhorst

CISSP, CISM, CCSP, CCSK, TOGAF

CHIEF INFORMATION SECURITY OFFICER

Experienced C-level executive offering extensive leadership in cybersecurity, hybrid cloud, enterprise architecture, and risk management. 20+ years of experience with mid-to-large growth-mode technology, healthtech, and analytics companies. Degrees in Medical Informatics and Business. Lifelong passion for cutting-edge Information Security.

Security Program Management
Governance, Risk, & Compliance
Data Privacy and Sovereignty
Business Process Improvement

Risk Management
BCP & DR
Hybrid Cloud
Phishing Prevention

Incident Response
Penetration Testing
Data Loss Prevention
Global Business Growth

Third-Party Risk Management
Business Impact Analysis
Vulnerability Management
Enterprise Solutions Architecture

PROFESSIONAL EXPERIENCE

Healthcare Data Analytics | Salt Lake City, UT

2014 – Present

Chief Information Security Officer (CISO)

2014 – Present

Built Health Catalyst’s cybersecurity program from the ground up, expanding and hardening hybrid public cloud and on-prem data centers with 4,000+ end points globally. Established, grew, and managed annual investment of over 3.5M.

  • Established enterprise security strategy and frameworks that consist of NIST risk management and cybersecurity frameworks, and CIS and SANS Critical Security Controls, ISO/IEC 27001/27002, and NIST 800-53.
  • Created 12-person Information Security (InfoSec) team structured into Security Engineering (DevSec, purple team, 24/7 security operations center) and Governance, Risk & Compliance (GRC) for audits.
  • Secured and maintained 5 independent HITRUST R2 certifications amounting to 600+ total requirements and 4 separate SOC 2 Type II audits that consider 4 of the 5 service trust principles – a key factor in retaining $43M in client revenues.
  • Articulated organizational security and compliance risk to executive leadership and BOD Audit Committee).
  • Aligned IT/IS with security, privacy, and data sovereignty laws in US, Europe, Singapore, and Middle East in preparation for expansion.

BUSINESS IMPACT

Key player in quadrupling client base from 20 to 80+ clients to become the leading data and analytics provider.

Single-handedly deployed Information Security Management System (ISMS) for a publicly traded healthcare vendor.

Navigated multiple acquisitions and $182M IPO.

VP Cloud Operations

2017 – 2018

Initiated and led transition to Infrastructure as Code (IaC) for 1500-person public company.

  • Spearheaded 2-year migration from co-lo facility to Azure cloud, enabling faster deployment to nationwide clients while slashing CapEx investments.
  • Co-developed multi-year hardware utilization forecasts to determine long-range hosting capacity requirements, allowing for clients to comfortably scale up to 50% across first year.

BUSINESS IMPACT

Established Health Catalyst’s initial presence in public cloud with data amounting to almost 1 petabyte.

Senior Technical Director | Technical Director

2014 – 2017

As an early hire, co-built and staffed 18-person ProServ program focused on digital transformation and analytics capacity-building for healthcare providers and accountable care organizations (ACOs).

  • Directed concurrent client-facing projects on a 10- to 12-month lifecycle from requirements gathering and planning to deployment and execution.
  • Teamed with informaticists, clinicians, administrators, and executives to steer analytics, technology roadmapping, and process redesign for data warehouse implementations.

BUSINESS IMPACT

Expedited time form initial deployment to ROI (for clients) from 8 months to 2 weeks.

Blue Cross of Idaho

Leading Insurance Provider | Meridian, ID

2009 – 2014

Software Engineering Manager | Senior Software Engineer

Took charge of 5 Engineering/Development teams, including newly formed Software Engineering group, to modernize the technology stack in a heavily regulated environment. As a well-regarded SME in Analytics, Engineering, and Healthcare, partnered with C-suite to review technology roadmaps and offer counsel on seven-figure investments.

  • Instituted Agile and CI/CD, and migrated to n-tier SOA architecture, creating 12 services across 6 service families to eliminate redundancies and slash development costs by $500,000 over 2 years.
  • Drove numerous Healthcare IT (HIT) initiatives, including automated member enrollment platform integrated with federal exchange and CMS; ZeOmega Clinical Care Management System; and $1.5M TriZetto Claim Processing tool linked to McKesson CareEnhance Review Manager, saving $150,000 in vendor fees.
  • Energized cross-functional ‘tiger team’ to architect and launch Federally Facilitated Marketplace (FFM) Eligibility & Enrollment solution on an extremely tight (external) deadline.
  • Guided technical resources across Software Engineering, Information Management, Operations, System Integration, and Network Services, offering training in Informatics and Software Development to 60+ staff.
  • Hosted community outreach seminars for Ambassador Program designed to educate public on ACA legislation.

Micron Technology

Memory & Data Storage | Boise, ID

2000 – 2009

Software Engineer I-IV | Coder

Promoted consistently, serving as team lead and Oracle/SQL SME for 5-10 developers, analysts, and QA engineers while working on payment processor and internal/external web applications. Retained through 80% RIF.

  • Pioneered realtime alternative credit payment processing system, including integrations with PayPal, SAP, and other SaaS products, achieving full PCI compliance through third-party audit.
  • Played an integral role in on-time, on-budget execution of SAP migration (saving $1.5M in annual expenses), including porting over outdated code to new environment.
  • Optimized response time over network and between database layers via benchmark testing.
  • Innovated a price adjustment tool to completely automate website price modifications, saving $30,000/year.

LEADERSHIP & AFFILIATIONS

2020 – 2021

Featured Contributor

Open Clinical Decision Support (OpenCDS.org)

2013 – 2019

Adjunct Faculty

Northwestern University, Department of Medical Informatics

2013 – 2019

Adjunct Faculty

Treasure Valley Community College, Department of Computer Science

2014 – 2016

Board of Directors

Healthcare Information & Management Systems Society, Idaho Chapter

2014 – 2017

Board of Directors

Idaho Health Data Exchange

2014 – 2017

Founder & Director

BoiseFragFest (local community computer gaming league for youth)

ISC2 Member | ISACA Member | FBI InfraGard Member | The Open Group Member | CompTIA Member | AMIA Symposia Boy Scouts of America Leadership Volunteer & Eagle Scout

EDUCATION

Master of Science in Medical Informatics (MMI)

NORTHWESTERN UNIVERSITY, Evanston, IL

Bachelor of Business Administration (BBA)

BOISE STATE UNIVERSITY,
Boise, ID

Associates of Arts (AA)

BRIGHAM YOUNG UNIVERSITY, Rexburg, ID

TOOLS & TECHNOLOGIES

Security/Regulatory Frameworks

NIST CSF (800-53r4/r5, 800-171, 800-61, 800-34, 800-88), ISO/IEC 27001/27002, HITRUST CSF, HIPAA, PCI/DSS, COBIT, AICPA SOC 2/3, GDPR, CIS, SANS, FAIR

Security Engineering

CrowdStrike Falcon, Proofpoint, Cofense, Dell SecurWorks Taegis, Penetration Testing, Qualys, ObserveIT, Hyperproof, Audit Board, Symantec DCS, Sophos, Security Scorecard, Symantec Data Center Security, Trend Micro Deep Security, Workspace One, Dell KACE, Kali Linux, WireShark, A-SCEND

Healthcare Systems

EPIC, Cerner, Meditech, CPSI, Centricity, Press Ganey, NRC Picker, Blue Cross Anthem, Humana, Midas, CMS Claims Data, Facets, Care Advance, ZeOmega Jiva, McKesson InterQual CERMe

Operational

Jira Service Desk, Jira Confluence, ServiceNow, Ivanti HEAT, OpsGenie, Pager Duty, FootPrints

Operating Systems

Windows (all versions), Mac OS X, Linux, DOS, Novell, VMWare, Microsoft Hyper-V

Data Center Operations

Microsoft Azure, AWS, VMWare, SolarWinds Orion/DPA/Patch Manager, Qualys Vulnerability Scanner / Policy Compliance, Sophos UTM / XG Firewalls, Microsoft Remote Desktop Services, Splunk, Graylog, IDERA, Redgate, Pure Storage, NetApp, Infrastructure as Code, Site Reliability Engineering, Database Reliability Engineering, ITIL, SCCM, WSUS, Ivanti HEAT, CommVault, Rubrik

Programming

C#, VB.NET, Java, Windows Communication Foundation (WCF), Windows Workflow Foundation (WF), Windows Presentation Foundation (WPF), webMethods, DROOLS, ASP.NET, Visual Basic 6, SSIS, Web Services, ASP, SAP ABAP, CSS, PL/SQL, T-SQL, C++, Cold Fusion, Cobol, VBScript, VBA for Office, Crystal Reports, DotNetNuke Web Portals

DBMS/ Data Warehousing

SQL Server 2000-2019, Oracle 9i/10g (SQL Navigator, SQL Developer), Sybase, Microsoft Access, Health Catalyst Data Operating System, SQL Server Analysis Services, Informatica, Red Gate SQL Toolbelt, SSIS, SSAS, SSRS, SSMS, R, BIDS

Development Tools

Azure DevOps, Power BI, Visual Studio 2003-2016, Visual Studio.NET, Eclipse, webMethods, CentraSite, Informatica, Sparx Enterprise Architect, Rapid SQL, ClearQuest, TFS, Subversion, PVCS, Visual Source Safe, SQL Navigator, SQL Developer, Discover, Cognos, ProClarity, Visio.

SDLC

Agile, SCRUM, Waterfall

INDUSTRY CERTIFICATIONS