FAQ: Tom Kellermann's Appointment as HITRUST VP of Cyber Risk and Its Impact on Cybersecurity Assurance

What is the main purpose of Tom Kellermann’s appointment at HITRUST?

Tom Kellermann was appointed as Vice President of Cyber Risk to drive HITRUST’s industry engagement, thought leadership, and expansion into new markets, with a focus on elevating third-party and supply chain security programs.

Why is this appointment significant for cybersecurity and risk management?

Kellermann brings over two decades of cybersecurity leadership experience from both public and private sectors, and his expertise will help organizations strengthen supply chain security, achieve measurable risk reduction, and enhance cyber resilience.

What specific areas will Tom Kellermann focus on in his new role?

He will focus on Third Party Risk Management (TPRM), helping organizations strengthen supply chain security and business resilience using HITRUST’s comprehensive portfolio of threat-adaptive security assessments and operational enablement tools.

What experience does Tom Kellermann bring to HITRUST?

Kellermann has over two decades of cybersecurity leadership, including roles as Chief Cybersecurity Officer for Carbon Black Inc., Head of Cybersecurity Strategy for VMware, and executive positions at Contrast Security, Trend Micro, and Core Security. He also served as Deputy CISO for the World Bank Treasury and held government appointments including the Cyber Investigations Advisory Board for the United States Secret Service.

How will this appointment benefit organizations using HITRUST services?

Kellermann will help accelerate adoption of HITRUST’s comprehensive portfolio, including threat-adaptive information security and AI assessments, operational enablement tools, and integrations like the new ServiceNow TPRM platform, driving cost reductions, risk mitigation, and program simplification.

What is the relevance of third-party risk management in today’s cybersecurity landscape?

According to Verizon’s 2025 Data Breach Investigations Report, third-party involvement is present in 30% of breaches today, making TPRM a critical focus area for enhancing organizational security and resilience.

What educational and thought leadership background does Tom Kellermann have?

Kellermann taught cybercrime courses as an adjunct professor at American University from 2007-2015, was appointed the Wilson Center’s Global Fellow for Cyber Policy in 2017, co-authored ‘Electronic Safety and Soundness: Securing Finance in a New Age’ in 2003, and holds the Certified Information Security Manager (CISM) certification.

How does HITRUST leadership view this appointment?

Blake Sutherland, Executive Vice President of Market Engagement at HITRUST, stated that Kellermann’s unique combination of government advisory experience and private sector cybersecurity leadership makes him an invaluable addition to help organizations achieve unmatched cyber resilience.