Preview Mode Links will not work in preview mode

The CyberPHIx: Meditology Services Podcast

  1. All Episodes
  2. Making the Cyber-Band: How to Assemble a Team of Security Rock Stars

Making the Cyber-Band: How to Assemble a Team of Security Rock Stars

Mar 18, 2019

Join us for this very special CyberPHIx podcast panel of elite healthcare leaders sharing insights on how to build a team of security rock stars. These seasoned CISOs share their approaches to address two major issues facing healthcare risk management programs: 1) Dealing with a severe worker shortage and 2) Defining the role of automation in their long-term management plans.

Panelists: John Abella, IT Security and Enterprise Architecture at Main Line Health, Chuck Goff, Cyber Security Program Manager at Dartmouth Hitchcock Medical Center and Andrew Seward, CISO at Elliot Health Systems

Our CISO panel discussion explores the following strategies for building the best InfoSec programs:

  • The use of job design and workplace policies to attract and retain valuable talent to work in Information Security functions. Many healthcare organizations often must attract talent away from big cities to smaller communities and smaller organizations. Designing jobs that provide intellectual challenge and personal growth opportunities can help. Also, establishing policies and programs that promote teleworking, flex time and other quality of life benefits helps in competing for workers in a limited labor pool; and don’t forget to add some humor into the mix!
  • The view that automation is very helpful and not a displacement of InfoSec jobs. There are already too few workers to fill the demand for information security positions.  Rather than replacing jobs, automation helps organizations reduce repetitive, labor-intensive tasks and frees employees to spend their work time on the most valuable and impactful projects. The ROI for automation can usually be found within a few years.
  • The downsides to implementing security automation are often in the long-range timeline expectations in healthcare settings. Implementation of security automation in healthcare can be affected by other organizational priorities, buy-in required from other stakeholder departments and developing the internal knowledge to best manage the automation tool.
  • It is imperative to understand the key characteristics of successful Security personnel to make the best hiring decisions. Look for people not just with super-specialized areas of technical expertise.  Instead recruit on the core job skills of communication, ability to learn new tools, desire to take pride in their work, good coaching and teaching skills, passion for the mission and the ability to have fun in the process.