SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Ps img 2160
#
Advanced Persistent Threat Protection
#
Supply Chain
#
Risk & Compliance

Tom Kellermann joins HITRUST to drive cyber risk leadership

Fri, 22nd Aug 2025
Author image
By Melvin Hipolito, Editor

Tom Kellermann has been appointed Vice President of Cyber Risk at HITRUST, bringing extensive public and private sector cybersecurity experience to his new role.

The company stated that Kellermann will lead initiatives focused on industry engagement, thought leadership, and expansion into new markets, with particular attention on third-party and supply chain security programmes. His appointment comes as organisations globally face persistent risks from third-party involvement, which feature in 30% of all breaches according to the Verizon 2025 Data Breach Investigations Report.

Background and experience

Kellermann brings over two decades of cybersecurity leadership experience with prior roles in both corporate and governmental settings. He previously served as Chief Cybersecurity Officer for Carbon Black and as Head of Cybersecurity Strategy for VMware, in addition to holding executive positions at Contrast Security, Trend Micro, and Core Security. He was also Deputy CISO for the World Bank Treasury.

In the public sector, Kellermann was appointed to the Cyber Investigations Advisory Board for the United States Secret Service in 2020 and served on the Commission on Cyber Security for the 44th President of the United States in 2008. He has also contributed to the field as an adjunct professor at American University from 2007 to 2015, teaching cybercrime courses, and was appointed a Global Fellow for Cyber Policy at the Wilson Centre in 2017.

Kellermann is a Certified Information Security Manager (CISM) and co-authored "Electronic Safety and Soundness: Securing Finance in a New Age" in 2003.

Role and responsibilities

As Vice President of Cyber Risk, Kellermann will drive the adoption of HITRUST's threat-adaptive information security and AI assessments, as well as operational tools designed to support effective Third Party Risk Management (TPRM). These offerings include electronic results distribution and exchange, concierge onboarding services, and integration with ServiceNow's TPRM platform.

HITRUST highlighted that a major focus for Kellermann will be to guide organisations in enhancing supply chain security and business resilience by integrating threat-adaptive security assessments with operational tools. The company points to its comprehensive approach to TPRM as a means of reducing costs, mitigating risks, and simplifying security programmes.

Kellermann will also provide advice to organisations, industry groups, and governments regarding best practices in cyber risk management, security, and compliance, aiming to bolster resilience and trust across digital ecosystems.

Executive commentary

"We are thrilled to welcome Tom to the HITRUST team," said Blake Sutherland, Executive Vice President, Market Engagement of HITRUST. "His unique combination of government advisory experience and private sector cybersecurity leadership makes him an invaluable addition as we continue to help organizations achieve unmatched cyber resilience. Tom's expertise will be instrumental in advancing our mission to deliver quantifiable proof of risk reduction."

Kellermann expressed enthusiasm for his new responsibilities and the wider mission at HITRUST.

"I'm excited to join HITRUST at a time when organizations need more than ever to demonstrate measurable cybersecurity outcomes," said Kellermann. "HITRUST's vision, practical approach, and record of preventing breaches match my commitment to developing effective security solutions. I look forward to helping advance the industry's understanding of effective cyber risk management."

Industry context

Cybersecurity remains a significant challenge for organisations, particularly as third-party involvement in data breaches persists as a clear risk. Verizon's 2025 Data Breach Investigations Report notes that third-party participation was identified in 30% of incidents.

HITRUST positions its certification programmes as a means of minimising such risks. Findings highlighted in the company's 2025 Trust Report state that organisations with HITRUST certification experienced an incident rate of 0.59% in 2024, in comparison to higher rates among non-certified entities.

This executive appointment is intended to support HITRUST's strategy in expanding its cybersecurity assurance portfolio, with a mandate to accelerate the adoption of tools and processes that aid in risk management and regulatory compliance across industries.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
2026: Resilience, the new foundation of cybersecurity
ADLINK gains IEC 62443-4-1 nod for secure edge R&D
Agentic AI double agents expose dangerous security gaps
Security now central to business decisions, says report
Microsoft patches zero-day, kills legacy Windows drivers

Top stories

Instagram denies breach after 17m user records leak
Target locks down Git after major source code leak
Concentric AI adds AWS GovCloud support for data security
Forrester: AI to drive modest job losses, not apocalypse
Black Hat to debut cyber war room documentary in Vegas