I’m honored to share a comprehensive biography that reflects my work across healthcare innovation, operations, technology, and clinical transformation over the past several decades. My passion has always been helping organizations improve patient care, reduce costs, and implement meaningful change through collaborative leadership and thoughtful innovation. Here is my biography.

In high-stakes regulatory environments, most organizations don’t fail compliance—they fail strategy. Too often, GRC consulting delivers junior execution, checkbox documentation, and certifications that collapse under operational reality. True impact comes from expert-level delivery, lifecycle-driven program design, and governance embedded into daily operations—not treated as an audit project. This article breaks down the principles that separate fragile, audit-driven programs from mature, sustainable ones, and shows why organizations that treat certification as an outcome—not the goal—gain stronger security posture, lower compliance debt, and greater executive confidence. When GRC aligns with business strategy, it transforms from a cost center into a competitive advantage.

I’m excited to share my professional biography, which highlights over 20 years of experience leading compliance, governance, and risk management initiatives in healthcare, pharmaceuticals, and health innovation. Throughout my career, I have had the privilege of building global compliance programs, advising executive leadership, and fostering cultures of integrity and operational excellence.

With over 40 years of experience in IT and logistics—15 of those focused in healthcare IT and compliance—I’ve had the privilege of leading organizations through complex regulatory landscapes, from HIPAA and HITRUST to SOC2 and GDPR. My work has always centered on protecting sensitive data and building strong, audit-ready programs that align with evolving security and privacy standards. Now semi-retired, I remain passionate about sharing knowledge, mentoring others, and supporting the next generation of leaders in information security and compliance.

David Cook is a seasoned executive with extensive experience as a Chief Information Security Officer (CISO), advisor, and mentor, specializing in developing and leading world-class security programs for both startups and large enterprises. With a proven track record of scaling a company from $100 million to over $30 billion, Cook has successfully implemented security frameworks such as ISO 27001, SOC 2, HiTRUST, and FedRAMP across multiple organizations. He excels in aligning security strategies with business objectives, driving compliance, and enhancing operational efficiency. His expertise spans information security architecture, risk management, and IT operations, making him a trusted leader in the cybersecurity domain. Currently, as CISO at Sequoia Consulting Group, Cook is responsible for safeguarding the company’s physical and digital assets, while his advisory roles at Wiz and Gigamon further underscore his influence in the industry.

Thomas Tutaj, MBA, CHC, CHPC, is a seasoned compliance and business operations leader with over 30 years of experience in healthcare, insurance, and financial management. Known for his integrity and commitment to fostering ethical practices, Thomas has a proven track record of designing and implementing effective compliance programs across Medicare, Medicaid, and managed care environments. His strategic vision, combined with deep regulatory expertise, enables him to align compliance initiatives with organizational goals, ensuring both operational excellence and regulatory adherence. A skilled communicator and relationship builder, Thomas leverages his leadership to drive business success while maintaining the highest standards of accountability and transparency.