DJ McArthur

DJ McArthur is a SANS instructor and a CISO in the healthcare industry and owner of Graymatter Security and Educational Services LLC. He served as a United States Marine, holds multiple security certifications such as CISSP, EnCE, GCIH, CEH, and LPT as well as an MBA in healthcare and information assurance. DJ has served in various technical and leadership roles including security architecture, engineering, and computer forensics.

More About DJ


DJ McArthur has over 20 years’ experience in Information Security, with half of that spent in the healthcare industry. After serving as an administrative support officer in the United States Marines Corps, he began working for a commercial architectural security firm where he managed projects focused on physical access controls across the northwest region of the United States. 

DJ has worked for a Global Fortune 500 Firm, Washington Group International, as an Information Security Analyst. He worked his way up to Senior Security Engineer during his 5 years there.

DJ later worked for the largest healthcare provider in Colorado, Centura Health, as a Data Security Architect and spent 6 years developing a successful security program that received recognition for its implementation of the HiTrust common security framework and PCI-DSS attestation.

DJ became the CISO of another large healthcare provider entering into the position after a breach had occurred where he not only had to start building a security program from the ground up but also had to undergo multiple third-party audits and assessments including the Office of Civil Rights (OCR), Colorado and other State Attorney Generals (AGs), as well as outside legal counsel, to develop appropriate responses and provide evidence of HIPAA compliance.

Data, Privacy, and Compliance has been a strong passion for DJ, which if implemented properly can effectively manage security programs.

Out of all of the trainings and certifications he’s completed in his career, the SANS trainings have always had a higher level of quality, depth, and knowledge. As such, the SANS GIAC GCIH training has been his most valuable certification from a practical application perspective.

As an instructor, DJ takes the content of the material and provides real-world examples for students to relate to and draw from. He has direct experiences in a variety of different roles throughout his career path that aid students in understanding the material covered and why it is important. Regulatory standards such as HIPAA can be difficult to navigate without understanding context, and how to demonstrate evidence to auditors.DJ enjoys teaching information security and compliance-related subjects because of their ever-evolving nature. Technologies and threat actor tactics and techniques can change over time and staying current on these matters is important for his job role as a CISO in healthcare.

Throughout his Information Security Career, DJ has been very involved in education and serving on local and international executive boards for organization such as the Information Systems Security Association (ISSA) as well as planning the Rocky Mountain Information Security Conference (RMISC) for over 10 years in the Denver area and abroad. He continues to develop and teach courses such as Threat Intelligence, Network Forensics, Offensive Security, as well as IT Auditing and Compliance for Regis and other universities across the country. In addition, he’s served as a judge and volunteer for the Rocky Mountain Cyber Collegiate Defense Competition (RMCCDC) including awarding scholarships for education to participants.

DJ has a Bachelor’s degree in Information Security Bachelor’s degree with a minor in Computer Networking and a Master’s degree in Information Assurance in Healthcare. He holds multiple certifications such as CISSP, GCIH, EnCE, CEH, and LPT.

In addition to teaching and developing courses for SANS, he also teaches for the information assurance master’s program at various universities and actively performs speaking engagements at various security conference events.

Prior to the health care industry, he has spent over 15 years on other verticals such as the department of defense, oil and gas, energy, construction, infrastructure, transportation, and architectural industries where he held various security leadership roles and responsibilities.

When DJ isn’t teaching, he enjoys music (drums, bass, guitar), and is an audio recording geek.


RMISC 2016: State of Security on Medical Devices

What We Need to do to Provide Safe and Secure Digital Healthcare