HCISPP Spotlight: Bryan Bell

[ This article was originally published here ]

Bryan Bell HeadshotName: Bryan Bell 
Title: Senior Director, P2PE
Employer: Coalfire Systems, Inc.
Location: Alpharetta, Georgia, U.S.A.
Education: Clayton State University, Computer Science
Years in IT: 25+
Years in cybersecurity and/or privacy: 12+
Cybersecurity certifications: HCISPP, HITRUST CSF, ISO 27001 Lead Auditor, CFCP, PCI QSA (PA-P2PE)


How did you decide upon a career in healthcare security and/or privacy?

I’ve enjoyed working within information technology since high school and through college where I was developing applications and learning systems design and networking. I’ve always been drawn to healthcare security, because there is a continuing dilemma from healthcare providers to balance technology and information security with lifesaving equipment for patients. I’ve enjoyed helping healthcare organizations find this balance by introducing them to information technology and security solutions that are perhaps less expensive than tradition methods, yet no less effective in protecting sensitive information.


Why did you decide to pursue your HCISPP?

(ISC)2 is among the most recognized and respected certifying bodies within the information security field. Professionals who hold (ISC)2 certifications and specifically the HCISPP certification gain instant credibility from clients, because clients understand the dedication required to become a member of this elite group of professionals.


In cybersecurity, no two days are the same – what is your main role in your organization?

As the Senior Director of Coalfire’s Point-To-Point-Encryption practice, I am responsible for program/practice and business development, client partnership strategic alliances and team leadership within the Payment Card Industry (PCI) at Coalfire. I also serve as the Coalfire Systems information security subject matter expert on P2PE.


Tell us about a project that you were particularly proud of –

Perhaps most accomplishments are gauged by size, scope or complexity, but I served as the lead consultant for a moderately sized security and compliance assessment project that was a little unique. After identifying several significant security risks, I produced a non-compliant HIPAA security report and delivered it to the healthcare provider organization’s CTO. While I informed the client that we would gladly reassess their environment after the remediation had been completed, they were not satisfied and felt that addressing their flat network design, lack of system access control, and lack of data encryption was an excessive requirement. As a result, they tracked down the appropriate contacts at the OCR and delivered my report to them looking for their support in not performing the information security remediation activities. Not only did the OCR complement our work on the detail and thoroughness of the report, but they also asked the healthcare provider for a detailed project plan for resolving the security issues. I’m particularly proud of the positive feedback we received from the OCR, but I’m still at a loss as to why the healthcare provider felt it was a good idea to deliver the non-compliant report to the OCR!


What impact has the HCISPP had on your career?

The HCISPP certification has made it much easier to help clients feel a strong sense of confidence in who they have chosen to lead their most sensitive information security projects. Our experience combined with our HCISPP certifications have positioned Coalfire Systems as the leaders in healthcare information security and compliance consulting.


What advice would you give to those aspiring to get their HCISPP?

Don’t wait. Tomorrow never comes. Set a specific date on the calendar, find an accountability partner, and join the elite group of HCISPP professionals.

Show them you’re the health IT security & privacy go-to. Download your free HCISPP Ultimate Guide.