CISO Conversations: Three Leading CISOs in the Modern Healthcare Sector

All three are CISOs in one of the world's most attacked sectors: healthcare.
All three of our CISOs entered cybersecurity via IT. Dougherty had led the creation of an MSP where he became VP operations.
This is a recurring theme in this series of CISO conversations - career progression is often self-initiated: see an interesting gap, step up, and fill it.
The route now is from team member to team leader to manager and - if you tick all the boxes - eventually to CISO. This process naturally teaches management skills - but the CISO also requires exceptional leadership skills.
Most CISOs believe you can also learn leadership skills, but this comes from desire, the advice of mentors, observation of other leaders, and a smidgen of natural charisma.
Obviously, there are certain people who have natural charisma or natural leadership skills that they are born with, but a good leader must spend time focusing on those skills.
Key to being a successful CISO is the ability to recruit and keep - gain and retain - a strong, well-balanced security team.
Different CISOs develop their own methods for recruitment.
All three CISOs take the same approach to keeping a strong team.
Team members stay on the team if they are interested, engaged, have a sense of purpose and fulfillment, and a clear career path.
In some cases, particularly with people who are newer to the industry or new to the role, that person might not know where they want to go.
It includes race, socio-economic background, culture and LBGT. Full diversity is difficult for smaller organizations because the security team isn't large enough to include everyone - and CISOs must choose the best person regardless of background.
Each of the CISOs would welcome neurodiversity into the mix.
Some of the neurodiverse people I've worked with have been incredibly good at data and math and statistics.
There is generally less external company support available, and the CISO must be self-disciplined to prevent personal burnout.
' We think that's important to allow people to take time off to refresh and come back as their best self.
Dougherty cites two pieces of advice: never stop learning; and surround yourself with people you believe have the potential to be better than you while giving them the opportunity to be so.
A good CISO will lead a strong, diverse, and healthy team for one primary purpose: to prevent cyber threats impacting the company's bottom line.
The hardest thing to do is to design systems that allow people to get their work done, while at the same time preventing them from making mistakes.
Human error with the best intentions from people who were just trying to do the right thing and get their job done within a system that promotes productivity but doesn't catch those errors - that's the biggest threat.


This Cyber News was published on www.securityweek.com. Publication date: Tue, 05 Dec 2023 13:13:05 +0000


Cyber News related to CISO Conversations: Three Leading CISOs in the Modern Healthcare Sector

CISO Conversations: Nick McKenzie and Chris Evans - In this edition of CISO Conversations, SecurityWeek discusses the role of the CISO with two CISOs from the major crowdsourced hacking organizations: Nick McKenzie at Bugcrowd and Chris Evans at HackerOne. The purpose, as always, is to help aspiring ...
6 months ago Packetstormsecurity.com
How the Evolving Role of the CISO Impacts Cybersecurity Startups - It helps startups striving to meet the ever-evolving needs of CISOs, who are simultaneously seeking the elusive but paramount buy-in from business users and executives. The CISO role has evolved dramatically in the past few years in response to ...
10 months ago Darkreading.com
The New CISO: Rethinking the Role - Dating back to the 1990s, the role of CISO was more technical and IT-focused. CISOs face more risks than can be resolved, are expected to balance security with operational capability, and must convince leaders to invest in protection. Today, CISOs ...
6 months ago Darkreading.com
Why CISOs and CIOs Should Work Together More Closely - Although there are overlaps in the goals and responsibilities of the CIO and the CISO, there are also challenges that get in the way of a more cohesive relationship, including reporting lines, organizational structures, budgets, and risk appetites. A ...
9 months ago Feedpress.me
Proofpoint's CISO 2024 Report: Top Challenges Include Human Error & Risk - In Proofpoint's 2024 Voice of the CISO report, the cybersecurity company found that CISOs are dealing with people-centric threats more than ever. Plus, cybersecurity budgets often don't change, and AI can help and hurt CISOs' efforts. Regarding the ...
4 months ago Techrepublic.com
CISO Conversations: Three Leading CISOs in the Modern Healthcare Sector - All three are CISOs in one of the world's most attacked sectors: healthcare. All three of our CISOs entered cybersecurity via IT. Dougherty had led the creation of an MSP where he became VP operations. This is a recurring theme in this series of CISO ...
10 months ago Securityweek.com
Human error still perceived as the Achilles' heel of cybersecurity - While fears of cyber attacks continue to rise, CISOs demonstrate increasing confidence in their ability to defend against these threats, reflecting a significant shift in the cybersecurity landscape, according to Proofpoint. CISOs' confidence is ...
4 months ago Helpnetsecurity.com
Cybersecurity in the Healthcare Industry: Protecting Patient Data - In the rapidly advancing era of technology, the healthcare industry faces a critical challenge: protecting patient data from cyber threats. This article will emphasize the significance of cybersecurity in the healthcare industry and explore the ...
8 months ago Securityzap.com
The Role of the CISO in Digital Transformation - Modern-day demands require organizations to be flexible and digitally savvy, getting work done remotely and in the public cloud as often as in a centralized physical location, if not more so. As companies continue to modernize their workflows and ...
10 months ago Darkreading.com
Best Cloud Security Providers for Healthcare Services - Cloud Security Providers for Healthcare offer specialized services to protect data and applications hosted in cloud environments. When picking a cloud security providers for healthcare, it's important to think about things like how well they follow ...
8 months ago Cybersecuritynews.com
Definition from TechTarget - The CISO is a senior-level executive responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external ...
9 months ago Techtarget.com
Overtaxed State CISOs Struggle with Budgeting, Staffing - Though the number of scarily understaffed offices has dropped — just two respondents reported having one to five full-time employees, down from six in 2022 — more than half of state CISOs report that their staff lack the competencies necessary to ...
1 week ago Darkreading.com
Navigating the New Age of Cybersecurity Enforcement - Many equate this move as akin to a bomb going off for people working in the CISO role. CISOs are now faced with unprecedented potential liability risks, prompting the need for a proactive approach to legal exposure for security executives. To shed ...
9 months ago Darkreading.com
Why healthcare data is often the target of ransomware attacks - Healthcare data in recent years has been a very lucrative target for cyberattacks, particularly ransomware, with attackers holding healthcare information, and potentially patient lives, for ransom. Cybercriminals are increasingly focusing on ...
4 months ago Techtarget.com
Soft Skills Every CISO Needs to Inspire Better Boardroom Relationships - In a recent survey of CISOs, 86% of respondents said the role has changed so much that it's almost become a different job altogether from what it once was. In addition to their traditional responsibility of defending organizations from an ...
9 months ago Darkreading.com
The Imperative for Robust Security Design in the Health Industry - COMMENTARY. In an era dominated by digital innovation and technological advancements, healthcare companies find themselves at the intersection of immense opportunity and equally unprecedented risk. The digitalization of patient records, electronic ...
8 months ago Darkreading.com
Research Reveals That Infostealers Target Healthcare Sector Data - New research by Netskope Threat Labs has revealed that infostealers were the primary malware and ransowmare families used to target the healthcare sector. Healthcare was among the top sectors impacted during 2023 by mega breaches, an attack where ...
6 months ago Itsecurityguru.org
How CISOs Can Secure High-Level Executives: Keys to Consider - Securing high-level executives is a difficult task for CISOs for a number of reasons. Executives often have access to a large amount of sensitive data and play a critical role in an organization’s success, so protecting them from cyber threats is ...
1 year ago Csoonline.com
How to Minimize Friction in the Cyber Compliance Certification - Certification has always been a great way for companies to establish trust with their customers. While there's certainly an argument to be made that certification doesn't necessarily make your company more secure, today's buyers need to know that ...
9 months ago Cybersecuritynews.com
Ransomware's appetite for US healthcare sees known attacks double in a year - Following the February 21 attack on Change Healthcare, scores of people in the US have been living with the brutal, real-world effects of ransomware. It has also created skyrocketing pharmacy bills, pushed some healthcare providers to the edge of ...
6 months ago Malwarebytes.com
Changing How Healthcare Works: Big News in Communication - In a pivotal transformation within the healthcare industry, a prominent shift is currently unfolding. Direct Secure Messaging has emerged as a game-changer, modernising the way vital information is shared among healthcare providers, pharmacies, and ...
7 months ago Cysecurity.news
CISO Corner: Deep Dive Into SecOps, Insurance, & CISOs' Evolving Role - Welcome to CISO Corner, Dark Reading's weekly digest of articles tailored specifically to security operations readers and security leaders. We're committed to bringing you a diverse set of perspectives to support the job of operationalizing ...
8 months ago Darkreading.com
Security tools fail to translate risks for executives - Organizations are struggling with internal communication barriers, which hinder their ability to address cybersecurity threats, according to Dynatrace. The results indicate that CISOs encounter challenges in aligning security teams with the C-suite, ...
5 months ago Helpnetsecurity.com
What do CISOs need to know about API security in 2024? - According to Postman's 2023 State of the API Report, roughly 66% of participants indicated that their APIs contribute to generating revenue. A recent ESG survey on API security showed that 92% of organisations using APIs have experienced a breach in ...
9 months ago Cybersecurity-insiders.com
The CISO Role Is Changing. Can CISOs Themselves Keep Up? - The role of chief information security officer has expanded in the past decade thanks to rapid digital transformation. Now CISOs have to be far more business-oriented, wear many more hats, and communicate effectively with board members, employees, ...
6 months ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)