Jim Routh is the Chief Security Officer and leads the Global Security function for Aetna. He is the Chairman of the NH-ISAC Board. He is a former Board member of the FS-ISAC. He was formerly the Global Head of Application & Mobile Security for JP Morgan Chase. Prior to that he was the CISO for KPMG, DTCC and American Express and has over 30 years of experience in information technology and information security as a practitioner, management consultant and leader of technology, analytic and information security functions for global firms.
Jim is the recent winner of the 2016 Security Alliance Award for Innovation, 2016 ISE Luminary Leadership Award, the Northeast and the 2014 North American Information Security Executive of the Year for Healthcare, the 2009 BITS Leadership Award for outstanding leadership of the Supply Chain Working Group sponsored by the financial industry in collaboration with NIST and the Department of Treasury. He was the 2007 Information Security Executive of the Year for the Northeast. He is a widely recognized expert in designing innovative controls using early stage technology companies that improve risk management while also being cost effective. He is a co-author of the FS-ISAC white paper on 3rd Party Software Security Controls and several other industry white papers.
Aetna CISO Jim Routh leads a global information security team for an organization that serves more than 46 million people. That’s a lot of PHI! In this session, the 20-year security veteran explains how a key component of his approach to safeguarding data is to devote 25% of his budget to purchasing new or emerging technology controls from early-stage companies. It’s the best way he knows to discover game-changing solutions, and because emerging technology is less expensive than more mature solutions, this approach is viable for even smaller healthcare organizations with limited resources. In this session, Routh will discuss his approach to building an effective security technology portfolio. Key discussion points will address his investment philosophy, early stage adoption of less mature solutions (taking risks to reduce risks), when to maintain and/or replace legacy technology, and his vendor evaluation and procurement process.