Frank Siepmann, Senior Cybersecurity Advisor, provides strategic consulting support in the areas of planning, implementing and leading enterprise-wide cybersecurity programs. He has more than 20 years of progressive experience in the cybersecurity industry holding senior leadership positions at Fortune 100 companies. In 2013, Auerbach Publications published his book titled “Managing Risk and Security in Outsourcing IT Services: Onshore, Offshore and the Cloud.”
Frank’s leadership experience includes building and leading the security program for 3M HIS, a healthcare SaaS provider; interim director of cybersecurity at the University of Washington Medical Center in Seattle; and security officer at CGI overseeing the U.S. commercial operation. He has built and transformed global cybersecurity programs at the enterprise level to more efficiently and effectively address security risks for medium to large globally operating organizations.
Frank strongly believes that a sustainable risk management program can only be achieved by clear communication of cybersecurity risks to senior management, reaching an acceptable level of risk for the business. Hospitals and health systems, in particular, must align cybersecurity with their top-down business needs and employ metrics to gauge progress.
Further, Frank advocates security should not be viewed as a compliance exercise, which would result in uneconomical expenses, thereby rendering risk reduction efforts less effective. “Cybersecurity must be a strategic initiative—embraced at the highest leadership levels and well-communicated to the entire enterprise,” he says.
Practice Areas:
Security Programs
- Establish, review and transform the program
- Virtual CISO service
- Security employee management and training
Governance Risk and Compliance
- Determine effectiveness of current security program
- Conduct enterprise- level security risk assessment
- Achieve HIPAA, PCI, FISMA and/or PII state/federal specific regulations compliance
Security Frameworks and Standards
- Implement NIST, HITRUST or ISO/IEC 27001/2
- Support security certification for HITRUST and ISO/IEC 27001
- Audit support for SOC2 TYPE2, SSAE-16 (SOC 1), and SOX audits
