Drummond Group is the top testing and certification body

Brian Gibb is responsible for leading Drummond Group and shaping it’s strategic direction. In this role, he collaborates with clients, industry communities, and standards organizations to understand emerging business challenges and to develop compliance and certification solutions that drive security, interoperability, and financial results across entire value chains. He earned a Bachelor of Science degree in Computer Science from Western Illinois University and a Master of Science degree in Engineering Management from Amberton University.

He has a strong understanding of the business value of interoperable standards and independent certification and has actively contributed within the standards community for nearly 30 years. Brian joined the Drummond Group in 2016 after developing and managing the market leading Business-to-Business integration and Managed File Transfer software portfolios at Sterling Commerce and then with the IBM Corporation. During this period, he also led the Standards and Certification function ensuring product interoperability through close interactions with Drummond Group since 1999.

Lisa Palmer is responsible for surveillance oversight activities for Drummond Group. She has been an integral part of understanding new surveillance requirements and monitoring the compliance of certified health IT. In this role, she works directly with health IT developers on random surveillance, complaint investigation and ongoing surveillance initiatives. Lisa has been in Healthcare for 8 years and has a Master’s degree is Healthcare Law from Loyola University. Prior to joining Drummond Group, she has managed compliance for both health IT and healthcare payors.

Nancy. Spizzo has over two decades of experience assisting clients with their risk management, policy and procedure, business associate management and healthcare compliance needs. Ms. Spizzo understands the daily challenges in the health IT and organizational environment as she has spent much of her career implementing and improving technical systems, as well as the organizations that run them. Ms. Spizzo draws upon her vast auditing experience across many different industries to ensure the risk analysis and related recommendations are appropriate to the organization. She has performed risk analysis and assessments for hundreds of organizations and has successfully supported organizations in regulator oversight discussions. Ms. Spizzo is an author and speaker on topics of security and risk management, and blogs on security audit topics. She is a certified HITRUST CCSFP and holds CISA, HCISPP, and CISSP certificates. She is a graduate of the University of Texas at Arlington with a B.S. in Information Systems. She is a member of Infragard, IAPP, ISACA, and ISC2. To support the healthcare risk management industry, Ms. Spizzo has been named to the HITRUST Assessor Council, as well as its’ Quality Committee. Ms. Spizzo is a trusted advisor to her clients for her objective assessment of control environments, as well as balanced recommendations that are delivered with honesty and integrity.

As the Supply Chain Security Business Unit Leader for Drummond Group, Aaron Gomez has more than 30 years of experience in technology, software design, development, and project management. Gomez earned his Bachelor of Science in Engineering with an emphasis on Digital Computer Design from California State University-Fullerton. He joined Drummond Group in 2002 as a principal in testing, interoperability, and certification.

In 2003, he was instrumental in overseeing the software design, development, and project management of Rik Drummond’s vision of InSitu®, Drummond Group’s patented Interoperability Test Automation System which has been in use for AS1, AS2, and AS3 Interoperability testing since 2004. In the health sector area, he was the primary lead in launching Drummond Group’s Controlled Substance Ordering Systems (CSOS) and electronic prescription of controlled substances (EPCS) Certification programs and continues to lead them. Gomez also leads the technical research activities and new opportunities to form the basis for strategic decisions alongside Brian Gibb.

With more than 25 years of experience in Information Security, Kenneth Rowe’s career includes past positions at Scottsdale Healthcare, Banner Good Samaritan, Boeing, Fannie Mae, and Wells Fargo. He has been involved extensively with compliance, auditing and security assurance.

He is just as comfortable at the Governance level with Enterprise Risk Management (ERM), security policies, standards and operations, and a variety of compliance areas including HIPAA, HIPAA HITRUST, DEA EPCS, FERPA, FFIEC, GLBA, ISO 27001, ISO 27002, SAS 70, SSAE 16, PCI DSS and SOX. Ken is also skilled in the areas of penetration testing and computer forensics.

Ken received his received his Masters in Technology Management from the University of Phoenix, and his Bachelors in Computer Information Systems from Arizona State University. Ken holds the following degrees and certifications: MBA, CISSP, CISA, CISM, CRMA, MCSE, MCT, CIPP, and HITRUST CCSFP.

Chris Nickerson, CEO of Lares, has spent the last 19 years of his career leading, inspiring, and sometimes irritating, the security industry. With Lares co-Founder Eric M. Smith, he created the unique methodology used at Lares to assess, implement, and manage information security realistically and effectively. Collaborating with a group of other InfoSec researchers, he founded the Penetration Testing Execution Standard (PTES), and is working with the Red Team Alliance Training Collective to create a certification for Red Team Testing. He is one of the founders of the Security BSides conferences, he’s been a keynote, speaker, and/or trainer at more than fifty InfoSec conferences worldwide, including DEFCON, CyberWeek, and BlackHat. He’s a member and certification holder with ISACA, on the board of CREST, and holds CISSP, CISA, BS7799, and NSA IAM certifications. His book, Red Team Testing, is upcoming from Elsevier/Syngress. And despite all that, he is perhaps best known for his appearance on the TV show Tiger Team on TruTV, and his TED Talk, Hackers are all about curiosity, and security is just a feeling.

Peter Spier is the Managing Director PCI and Risk Assurance and has been with the company for over 9 years. He is responsible for practice leadership and the completion of client compliance and risk assessments. A Payment Card Industry (PCI) Qualified Security Assessor (QSA), Payment Application Qualified Security Assessor (PA-QSA), and Payment Card Industry Professional (PCIP); Mr. Spier conducts PCI Data Security Standard (DSS), Payment Application DSS (PA-DSS), and industry best practice risk assessments in addition to providing Fortrex clients with subject matter expert consultations.

Peter’s strengths include:

• Developing viable enterprise risk management and information security programs, strategies, policies, procedures, standards, and guidance
• Planning, designing and directing the implementation of complex security architectures
• Reviewing enterprise privacy controls, developing privacy strategies, and implementing supporting infrastructures
• Analyzing enterprise security control systems and collaborating with cross-functional business teams to determine, communicate, and plan for business continuity needs
• Assessing risks and vulnerabilities associated with organizational architecture and design and assigning appropriate mitigation strategies

Peter earned a Bachelors of Science degree in Communications from Ithaca College and a Master of Science degree in Telecommunications and Network Management from Syracuse University.

Additionally, Peter co-authored the Thales eSecurity Limited Edition book, PCI Compliance & Data Protection for Dummies. He has also authored multiple articles featured in such publications as CMSWire, BankInfoSecurity.com and SC Magazine Online.

Peter further served as President of the ISACA Western New York Chapter 2009-2012 and Certification Director of the Atlanta Chapter 2013-2014. He also served as an Adjunct Instructor at the University of Maryland University College 2011-2014 where he instructed courses including: Information Systems in Organizations, Ethics in Information Technology, and Foundations of Information Security.

Accreditations
• CISSP
• CISA
• CRISC
• CISM
• CIPM
• PMP
• QSA
• PA-QSA
• PCIP
• ITILFv3

Areas of Specialty
• Risk Management
• Information Assurance
• Security Strategy
• Governance
• Data Protection
• Privacy
• Vulnerability Management
• Application Security
• Security Awareness
• Business Continuity Planning
• Change Management
• Identity Management