No as a Service: Why Security Can Stifle Innovation and How to Prevent It
Episode 1912th March 2020 • The New CISO • Steve Moore
00:00:00 00:45:03

Share Episode


Transitioning Into The CISO Role

Learning to balance the executive role with the tactical needs of the team can be tricky to balance. Being able to see to the larger picture within both roles can keep you on track and relevant within both places. Remember the roles you’ve had in the past and draw from those experiences and knowledge. Audits are typically not something anyone wants to have on their plate, but there are values in the audits. Audits not only bring an extra set of eyes to your team, but can also point out the areas of weakness that can use some bulking up before there is a major crisis. It can be very proactive to lean in to the audit and partner with the auditor instead of just trying to get through it unscathed. 


What Is Lacking In The Security Industry

The major points that come to mind when thinking of security might be something like, integrity, confidentiality, availability of data, and protection. But as much as we need to protect we also needs to share, the future of healthcare is being able to safely exchange information, and if it is locked away nothing can be exchanged. Within healthcare security things tend to be more vulnerable, especially for the nurses and caretakers working within hospice care. The have the weight of caring for a patient that is at the end of their life, as a security executive the last thing you want to do is make that caretaker’s jobs more difficult. To be able to put yourself in that caretaker’s position and be able to see what their user experience is like can be pivotal to how your base your security team and program. Take a step back and remember what you’re trying to protect in the first places, behind each client is a real person. 


Designing Solutions For Real Threats

There are many different security strategies for different types of needs. Some companies needs full steam ahead all the time, but many need a different type of solution. Before you build a program that just looks good on paper, get in there and really analyze what the threats and weaknesses are. After those points have been identified then move on to the next steps of building the program around the actual threats. An example of this is knowing how to use automation within your specific needs within the company. Identifying what can safely be automated before just jumping in with all the new automation tools will help everyone involved. Get to know your team; what is the most tedious part of their job is, identify their largest stressor, and what they believe can be automated. Being a CISO means breaking down all the barriers and having the power to show a more practical approach to security and how being able to provide help can influence drastic changes in the way information is protected. 


Steve Moore: Linkedin

Richard Kaufman: Linkedin

Exabeam: Website

Amedisys: Website