Data Privacy Week: 10 Questions with Information Security DirectorData Privacy Week: 10 Questions with Information Security Director

Employee Spotlight: Trey Westphal, Director of Information Security

01/26/2023 Employee Spotlight

“Each associate takes ownership of their ability to protect our clients’ and peers’ interests.”

This is the twelfth in a series of interviews with the Certilytics employees behind our market-leading healthcare predictive analytics solutions.

Trey Westphal joined Certilytics seven years ago, helping build Certilytics’ HITRUST-certified information security programs and ensuring client information is always protected. For Data Privacy Week, Trey sat down with us to talk about what healthcare data protection means to him. Check out his Q&A below.

Q: Hi, Trey! How long have you been at Certilytics?

A: Hey there!  Oh, we’re jumping straight to the hard questions, huh?  Okay, let’s see… and then carry the two… it looks my seven-year work-iversary is coming up, so slightly longer than “American Gladiators” was originally on the air. I KNEW I could beat Nitro at something!

Q: Ha! What led you to pursue a career in information security?

A: Well, that was actually an unexpected pivot in my professional life. I grew up as the “computer in every home” age was just beginning, which meant a lot of my time was spent figuring out how to fix my dad’s computer that I had somehow broken. Thus began my affinity for general “break/fix” IT. This led to me working freelance for a couple of years doing SoHo setup and repair before beginning a long stint with a large company. I spent a little more than a decade wearing a short-sleeved white button down shirt with a clip-on black tie, moving through, and up, the ranks and developing my technical understanding. Eventually, I was hired at Certilytics helping build out the security team.

Q: What does a typical day look like for you?

A: Around 6 a.m., I’m typically signing on to work to review the few dozen emails that came in overnight, looking for items that need immediate attention, while checking in with the team for any issues or blockers. The next hour and a half is spent focusing on any high priority items that were identified, and plating up the workload for the day. Around 8 a.m., meetings with other teams start, including focus sessions for in-flight projects, organizing resources and communications for pending projects, leading change and problem management reviews for the organization, and catching up on the progress of various business initiatives. I try to take a short hour walk with my family’s German Shepherd around noon. Then I grab a bite to eat to take back to my desk. For the remainder of the day, I work on various items such as reviewing tasks and tickets that support our enterprise security framework, ensuring our clients’ data is protected through every step of our operations.  Then I’ll sign off, trading out my nerd hat for my husband and new dad hats.

Q: What is a memorable accomplishment for you during your time at Certilytics?

A: I was fortunate enough to help architect and implement the technical aspects of our security posture during the formative years of Certilytics. My most memorable accomplishment is being a part of our first-in-class organizational security program, validated by achieving and maintaining industry leading certifications from AICPA, HITRUST, and NIST, among others. To de-nerd that, this is similar to going from no college degree to having and maintaining a wall full of college degrees that require re-testing on a regular basis as the criteria for each continually evolves and changes.

Q: It’s Data Privacy Week; what does data privacy mean to you and your work here at Certilytics?

A: Starting with the basics, data privacy is respecting the privacy of your customers, employees, and stakeholders through understandable and transparent disclosure of data usage, and, more importantly, protecting that data from potential disclosure or misuse. Working at Certilytics, my ultimate responsibility over the years has been to help facilitate and foster a culture where each associate understands and takes individual ownership of their influence and power over the ability to protect our clients’ and peers’ interests. This is evidenced through a myriad of efforts: frequent and regular testing and training, collaborative development and validation of platforms to ensure only secure and appropriate access to information, open forum discussions about opportunities in the environment, timely identification and addressing of current and applicable risks, undergoing independent assessments of our security program and business operations, and numerous tools to aid in availing users and platforms from exposure to undesired situations or outcomes.

Q: What do you hope people remember or think about during Data Privacy Week?

A: Your data is valuable – protect it and yourself.  Whether you have an opinion or understanding about the matter, someone is interested in the details of “you,” and these details can be monetized. Will this ultimately affect you in the end?  Maybe, maybe not.  In many cases, we have already lost the right to privacy and have no choice in who has certain information about us, regardless of the potential outcome. In a world where Terms and Conditions have become a monolithic wall of legalese, opt-out is default instead of opt-in, and clear, concise disclosure of data use and data protection measures are scarce, it is a safe bet that you are the product in most apps, online accounts, and social media platforms out there. Where you can, make a conscious decision to understand the tradeoff between privacy and convenience.

Q: What are your hobbies outside of work?

A: My newest hobby is learning how to be a dad to the most amazing baby girl.  Over the last few months, I’ve discovered more about myself and grown in ways I couldn’t have imagined a year ago.  She might let me catch up, one day, but it’s a fun adventure I look forward to almost every day. Aside from that that, delicious food and craft cocktails are a something I enjoy, either making or consuming.

Q: If you could travel anywhere, where would you go? Why?

A: For as long as I can remember, I have had my heart set on visiting, or living, in Australia. As I sit here thinking about it, I believe it comes down to my love for beaches, the ocean, gorgeous scenery, and the laid back, comradery-rich society.

Q: What is a mantra that you live by? Why?

A: “Be the change you wish to see.” For me, it’s all about taking accountability and ownership in being the best you, and not relying on or obligating others to be responsible for your solution – if you lead by example, aspire to be your best, seizing every opportunity, and learning from your missteps as you go along your journey, there’s nothing more you can do without being someone or something you’re not.