Owners

of the Month

Borough resident Keith Kenna and partner Mark Ferrari bring cybersecurity solutions to WC.

W

hat’s your local connection? Mark: My daughter is at WCU, Keith is an alum, and when Keith and I were executives with another information security company we came here to attract talent. The result was great, so when we broke out, we wanted to stay in the borough. Keith: My wife Gabrielle also works in town at Limoncello, and we live in the borough. Do you find West Chester is a draw? Keith: When we’re looking to build business relationships our preference is to always have them come to us. There are two responses when we suggest a client come to West Chester: either they’re excited to come to town, or they’ve never heard of it. If they’d never heard of it, after the meeting their immediate conclusion is, “No wonder your office is here.” What’s your background? Keith: I started my career in the organ donation field working for the Gift of Life Donor Program in Philly. From there I got into project management at Siemens HS. At the time the healthcare industry was seeing some of the first major security breaches. Very few people in the field had healthcare

PHOTO Erik Weber INTERVIEW Dan Mathers security experience, so once I had worked on one or two projects involving security, I quickly became a go-to resource. Mark: After graduating from Villanova, I went into the Air Force where I commanded a minuteman nuclear missile crew. That experience serves me to this day — there’s no better example of an overlapping system of security controls. From there I went into healthcare IT, working for companies such as Shared Medical Systems, Main Line Health, Siemens, ultimately running a cybersecurity practice. Why’d you branch out? Mark: Healthcare data is more valuable, in a criminal sense, than financial data. Coupled with the healthcare industry embracing security relatively late makes for a lucrative target for malicious actors. We recognized the demand and the opportunity. What made you sure you’d be good partners? Keith: We met 15 years ago when volunteering at Uwchlan Ambulance Corps as EMTs and at the Glen Moore Fire Co as firefighters. At our “day jobs” I was working in a clinical capacity, and Mark was in a technical role. We knew how to work together from our volunteer expe-

rience, and when we started together at Siemens it was a great fit — we’ve worked together ever since. What are your services? Keith: There are two primary services we offer: security program development and security assessments. We’ve helped organizations like tech startups get their program up and running and performed enterprise-wide risk assessments for hospitals. If they’re serious, they want experienced professionals who know healthcare and security. Have any free advice? Mark: Choose a framework and stick to it. Two incorrect assumptions are often made: 1. That security controls are inherently expensive, and 2. They require software purchases. There are numerous frameworks to use in building a security program: ISO 27001, the NIST Cybersecurity Framework, and the HITRUST CSF are great examples. Keith: It’s not a matter of “if” there will be a security incident, hack, or data breach — it’s a matter of “when.” If you have a program, great, but assume the worst and ask if you’re prepared to recover with minimal disruption to the business. That advice holds true regardless of your industry.

FEBRUARY 2020 THEWCPRESS.COM

27