Jonathan Dees is VP of VUMC Enterprise Cybersecurity and serves as the VUMC Cybersecurity Official. He oversees development of cybersecurity policy and compliance initiatives, security review processes for international research projects, business resiliency, cybersecurity risk management, and business information security. He has over 20 years of experience in IT and leadership roles at VUMC, including work in HealthIT and the Vanderbilt University School of Medicine. He holds a J.D. from the Nashville School of Law and numerous industry certifications including Certification in Healthcare Privacy and Security (CHPS).
Salvador Ortega is VP of VUMC Enterprise Cybersecurity overseeing Security Operations and Services. He leads teams who work on the continuous development and improvement of cybersecurity for VUMC. He manages our network security services, cyber intrusion and forensic services, vulnerability assessments services, operations of the security operations center, and directory services.
He holds a B.S. in Business Administration in the Management of Information Systems from the University of Illinois, and a Master's in Emergency Management and Homeland Security from Arizona State University. He joined Vanderbilt University in 2006 and has been with VUMC since 2016. He holds a variety of cybersecurity and technical certifications, including CISSP, CHFI, and CCIDS. Prior to VUMC and VU, he was with Cargill, Inc. and Sygen, Inc., practicing IT and cybersecurity across the globe.
In his current role, John leverages the Cyber Risk Insights (CRI) methodology to help businesses identify information assets that are critical to their value chain. Once assets are identified, they are mapped to the systems where they are stored. He then works with the business to address any gaps that exist between the criticality of the data and the security where the data is stored.
John joined VUMC in 2006 providing technical support to the Office of the Vice Chancellor of Health Affairs (currently the Office of the CEO). Additionally, he has worked in central information technology as a Service Delivery Manager, Project Manager, Business Application Specialist and Associate Director of the Customer Relationship group. Prior to joining VUMC he worked in private healthcare, banking, and higher education.
John is a former member of the U.S. Army where he earned money to become the first in his family to attend college. He holds a master's degree in Business Administration from the University of Arizona Global Campus and holds multiple certifications including CISSP, CRISC, PMP, and Factor Analysis in Information Risk (FAIR).
Bill Schultz is the Senior Director of the Cybersecurity department and brings with him over 20 years of achievement in Information Technology and Cybersecurity. For VUMC's Enterprise Cybersecurity, he heads the Security Architecture program and its development. He also manages risk assessment and risk assessment program development, and manages a team of risk analysts.
Bill provides security architecture and risk management advisory support for both cloud and on-premises-based solutions. He also develops and maintains the relevant policies and procedures for risk management and security architecture systems at VUMC.
Before becoming Senior Director at VUMC, he worked at Vanderbilt University for over a decade in various IT and Cybersecurity roles for the Research Informatics core. He is a frequent public speaker and holds a Masters of Science in Computer Information Systems.
Kevin has over 30 years of Information Technology experience and joined VUMC in 1996 as an Automation Technician. Kevin transitioned to IT Disaster Recovery just in time for Y2K and now manages the VUMC Enterprise IT Disaster Recovery Program. Kevin and his team help departmental leaders assess organizational tolerances for IT downtime and data loss, to prioritize IT service recovery, and collaborate with application and Infrastructure owners to implement, maintain, and test appropriate IT backup and recovery plans, consistent with organizational requirements.
Kevin and his team are also involved in the SaaS contracting process and conduct third party disaster recovery capability assessments to ensure vendor contingency plans are consistent with VUMC backup, planning and testing requirements.
Kevin holds the Disaster Recovery Institute International’s Certified Business Continuity Professional (CBCP) certification and the PECB’s ISO 22301 Lead Implementer accreditation.
Ed has over 20 years of experience in IT, including various leadership roles. Ed joined the VUMC Enterprise Cybersecurity (VEC) team in 2022 and currently serves as the Associate Director of the VEC Policy and Compliance department. In his role, Ed works with VUMC Leadership in the creation, coordination and execution of cybersecurity/privacy policies, procedures, and compliance programs across VUMC.
Ed graduated from the State University of New York (SUNY) with a BT in IT - Application Software Development, and a MBA in IT Management. Ed holds the following certifications: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), GIAC Systems and Network Auditor (GSNA), GIAC Critical Controls Certification (GCCC), and CompTIA Security+.
Prior to his current role, Ed started working at VUMC in 2019 in the Office of Internal Audit as a Senior IT Internal Auditor. Ed has previously worked as an IT Internal Auditor for the New York State Office of Information Technology Services, as the Chief Information Security Officer (CISO) for the New York State Department of Education, and as an IT Security Specialist for the State University of New York Upstate Medical University. Ed has also served in various other IT management, programming, security, and teaching roles at various NYS agencies and NY universities. Prior to his IT career, Ed worked for over 10 years in manufacturing and trades.