HITRUST Appoints Cybersecurity Veteran Tom Kellermann to Strengthen Third-Party Risk Management Programs

HITRUST has appointed Tom Kellermann as Vice President of Cyber Risk, bringing over two decades of cybersecurity leadership experience from both public and private sectors to expand the organization's market presence and thought leadership in cybersecurity assurance. Kellermann will focus on elevating third-party and supply chain security programs, addressing a critical vulnerability area where third-party involvement is present in 30% of breaches according to Verizon's 2025 Data Breach Investigations Report.

Kellermann's role will accelerate adoption of HITRUST's comprehensive portfolio of threat-adaptive information security and AI assessments, along with operational enablement tools that make effective and efficient Third Party Risk Management (TPRM) practical. These tools include electronic results distribution and exchange, concierge onboarding services, and the company's new integration with ServiceNow's TPRM platform at https://www.servicenow.com/products/third-party-risk-management.html, delivering what the organization describes as the most reliable and measurable information risk management assurances available.

The appointment comes at a time when organizations increasingly need to demonstrate measurable cybersecurity outcomes, particularly in supply chain security where vulnerabilities can have cascading effects across multiple organizations. Kellermann will advise organizations, industry, and governments on best practices in cyber risk management, security, and compliance to enhance resilience and trust in digital ecosystems. His expertise in both government advisory roles and private sector cybersecurity leadership positions him to drive HITRUST's industry engagement and expansion into new markets.

Kellermann's background includes serving as Chief Cybersecurity Officer for Carbon Black Inc. and Head of Cybersecurity Strategy for VMware, along with executive positions at Contrast Security, Trend Micro, and Core Security. His government service includes appointments to the Cyber Investigations Advisory Board for the United States Secret Service in 2020 and the Commission on Cyber Security for the 44th President of the United States in 2008. He also served as Deputy CISO for the World Bank Treasury, bringing international financial security experience to his new role.

This strategic appointment reinforces HITRUST's commitment to maintaining its position as the gold standard in cybersecurity assurance. According to HITRUST's 2025 Trust Report, organizations with HITRUST certifications experience dramatically fewer breaches than those without, with certified organizations reporting an incident rate of just 0.59% in 2024. Kellermann's focus on TPRM will help organizations leverage HITRUST's comprehensive portfolio to drive cost reductions, risk mitigation, and program simplification while strengthening supply chain security and business resilience.

Kellermann has contributed significantly to cybersecurity education and thought leadership throughout his career, having taught cybercrime courses as an adjunct professor at American University's School of International Service and Kogod School of Business from 2007-2015. He was appointed the Wilson Center's Global Fellow for Cyber Policy in 2017 and co-authored the book "Electronic Safety and Soundness: Securing Finance in a New Age" in 2003. He holds the Certified Information Security Manager (CISM) certification, further validating his expertise in information risk management.