HITRUST Appoints Cybersecurity Veteran Tom Kellermann to Strengthen Third-Party Risk Management Initiatives

HITRUST has appointed Tom Kellermann as Vice President of Cyber Risk, bringing over two decades of cybersecurity leadership experience to strengthen the organization's market expansion and thought leadership initiatives. Kellermann will focus on elevating third-party and supply chain security programs, a critical area given that third-party involvement is present in 30% of breaches according to Verizon's 2025 Data Breach Investigations Report.

Kellermann's role will accelerate adoption of HITRUST's comprehensive portfolio of threat-adaptive information security and AI assessments, along with operational enablement tools that make effective third-party risk management practical. These tools include electronic results distribution and exchange, concierge onboarding services, and the company's new integration with ServiceNow's TPRM platform, delivering reliable and measurable information risk management assurances.

Blake Sutherland, Executive Vice President of Market Engagement at HITRUST, stated that Kellermann's unique combination of government advisory experience and private sector cybersecurity leadership makes him an invaluable addition to help organizations achieve unmatched cyber resilience. Kellermann's expertise will be instrumental in advancing HITRUST's mission to deliver quantifiable proof of risk reduction.

Kellermann's extensive background includes serving as Chief Cybersecurity Officer for Carbon Black Inc., Head of Cybersecurity Strategy for VMware, and executive positions at Contrast Security, Trend Micro, and Core Security. His government service includes appointments to the Cyber Investigations Advisory Board for the United States Secret Service in 2020 and the Commission on Cyber Security for the 44th President of the United States in 2008.

The appointment reinforces HITRUST's commitment to maintaining its position as the gold standard in cybersecurity assurance. According to HITRUST's 2025 Trust Report, organizations with HITRUST certifications experience dramatically fewer breaches than those without, with certified organizations reporting an incident rate of just 0.59% in 2024.

Kellermann emphasized the timing of his appointment, noting that organizations need more than ever to demonstrate measurable cybersecurity outcomes. He expressed alignment with HITRUST's vision, practical approach, and record of preventing breaches, stating his commitment to developing effective security solutions and advancing the industry's understanding of cyber risk management.