This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

Thanks as always to our partner Fortified Health Security. No matter where you're at in your cybersecurity journey, Fortified can help you improve your cybersecurity posture through their 24 7 threat defense services or advisory services delivered through Central Command, a first of its kind platform that simplifies cybersecurity management and provides the visibility you need to mature your program.

Learn more at fortifiedhealthsecurity. com

Dan Dodson: (Intro) We all operate on grocery store budgets, so we got to maximize it. Every dollar we deploy for cyber is moving away from the bedside and it's got to be able to reduce risk.

Bill Russell: My name is Bill Russell. I'm a former CIO for a 16 hospital system and creator of This Week Health, where we are dedicated to transforming healthcare one connection at a time.

Now, let's jump right into the episode.

Drex DeFord: (Main) hey everyone, I'm Drex from This Week Health and today's a good day for me because I get to spend some time with my good friend Dan Dodson, the CEO of Fortified Health Security. Dan, thanks for being here.

I'm glad you're on the show today.

Dan Dodson: Yeah, absolutely, Drex. Happy to to hang out with you again virtually and thanks for all you guys are doing at 229. Really appreciate it.

Drex DeFord: Yeah, of course. A lot of people know you. I always have a great time every time I see you, whether it's at the gum wall in Seattle or, the epic UGM parties or something, we seem like our paths cross pretty regularly.

I've gotten to know you quite a bit. You have a really interesting background. Tell me a little bit about your background and how you wound up as CEO at Fortified.

Dan Dodson: Yeah, absolutely. Appreciate the question. I think it's interesting. I always wanted to be in healthcare. And as a kid, actually, my neighbor had a medical billing company and I saw him build that company as I was growing up and long story short, I went to college, Texas tech.

It's hard to say that right now because our football team is not performing as we want, but. I went there specifically because they had a health organization management program, and that's what my neighbor did, so I've always been intrigued by health care, not on the clinical side, but the business side.

And been intrigued by that, got out of school, worked at Perot Systems. At the time, the largest IT outsourcer got a ton of exposure to what was happening from that perspective, different business operating models that were designed to help, IT at the time. And then as healthcare digitized, cyber became a huge part of that.

And what I realized that at the kind of market level was, there's a lot of work to be done, right? this was before interoperability and all the fun stuff we're dealing with today, but I was like, man, they're going to need a lot of help. And at Santa Rosa Consulting, I found Fortified and we we ended up spinning out as an independent company and along the way just been serving clients and privileged to do so ever since.

How'd I become CEO? Man, just lots of great people before me, Drex, to be honest. A lot of folks that. Poured into me and helped me develop as a leader. Understand that really every business is about people. It was sometimes harder for me to realize that than I wanted. But it's certainly important in what's grounded, fortified, I think, in our relationship with clients.

And so just a lucky opportunity to help build hopefully a meaningful business that Allows our clients to execute their missions of taking care of patients, blessed to be a part of that.

Drex DeFord: A lot of this is, finding as a previous CIO, as a buyer, a big part of this for me was always trying to find partners who had their heads and their hearts in the right place, helping, how do I help make healthcare better for patients and families and that sort of attitude, not just from you, but from like everybody on your team, that really, is one of the things that makes fortified health security unique.

What are some of the other kind of key value propositions fortified as you talk to CISOs and CIOs around the country?

Dan Dodson: Yeah, I think, what you just said we strive certainly to create those types of relationships with clients because it's such an important role today, Drax. Look, three or four years ago in cyber, people were getting their data stolen.

You and I, nobody wants that, but we weren't seeing these massive disruptions to patient care, right? And we cybersecurity posture of healthcare. That's our mission. Everything that we've built and designed and partnered with clients is to do that. And it's unfortunately the ATT& CK vectors are really impacting patient care, which is what we strive to do.

The way that we do that, first and foremost, as you mentioned, is we're in the people business. We think we have some of the best cyber people that understand the balance of healthcare and cyber and how to operationalize technologies and process within healthcare to reduce risk. And hopefully put yourself as a health system to recover quickly if you find yourself in a dark place on a bad day.

But hopefully we can prevent that. But that's one of the things that we strive to do at Fortified. I think from a value proposition we subscribe to the whole kind of people, process, and technology that's said a lot, obviously, in cybersecurity. But what we find is the threat vectors are the same in a lot of different industries.

What is different to each industry is how you respond to those, given some of the nuances, right? Limited downtime, limited staff. We've built our model to partner with clients that have limited staff.

Drex DeFord: How do

Dan Dodson: you know this? Look commercial businesses will have 20, 30, 40 people. Ours will have 6, 7, 8, even if you're building a mail system.

And so we've created what we call an operating model that allows Fortified, as the MSSP, as the partner, to carry the ball farther down the field because you've got less people, right? And so we've got a, it's incumbent upon us to provide more actionable information at the right spot that's easily actionable within the healthcare environment.

And that's what we try to create. I think done a good job, adding value for clients and reducing risk.

Drex DeFord: So one of the things I want to ask you about, one of my questions I had in my head was the kind of what's one big thing you're doing right now that everyone should know about?

And now I'm going to answer that for you, because I think one of the big things you're doing right now is central command, because I hear a lot about that in the field. Tell me a little bit about that. And I think it ties to this whole conversation you just had about there aren't enough people and there's a lot of work that you guys can take off of the plate of any given health system or hospital.

Dan Dodson: About three years ago, we started talking with clients and observing the market that the MSSP model, the traditional MSSP model, not unique to healthcare really had an opportunity to enhance the experience between the MSSP fortified and our clients. And so we got a group of eight clients together to help design an operating platform that is not a replacement to underlying cyber technology.

We're not a technology company. But how do we make sure that technology is operationalizing within the client's environment? And the interactions between my team, our team and the client's team is easier, better, more actionable, right? And so we set on this journey to build this platform. And over time, it really encapsulates an opportunity to allow these limited teams to manage risk across the entire continuum, right?

So our advisory services, think risk assessment, virtual CSO for smaller pen testing, whatever, and our threat defense services, which is your traditional SOCs as a service. Set of capabilities are all delivered through a unified platform tied together with a risk register. So that if I'm a small team within a health system, I can look at risks universally that might pop up from a risk assessment or a technical risk that needs to be passed or addressed that's technical, right?

And so all that in a single platform and it's really, I think, transformed our relationship as a service delivery partner to our clients, but also eased some of the burden on our clients, which is great.

Drex DeFord: So one of the things Dan is the, As a CISO, sometimes you buy a lot of tools and you don't necessarily use those tools to their full capacity. And a lot of that is because you don't have the people to be able to do it.

But to be able to use those tools to their full capacity and help coordinate the signals that you're getting from multiple tools, that's part of central command too, right?

Dan Dodson: Yeah, absolutely, Drex. Think about if you dissect some of these breaches, oftentimes there's underlying technology that's halfway, three quarters of the way, not all the way implemented.

That's one challenge. And the second is, I don't have any individuals, monitoring it, managing it, making sure that as your environment changes, you're extending that technology. Absolutely, it's a part of that process. And I think that what we often find is You know, health systems buy a new technology or new service and they layer it in every year, and you get to year four or five in that journey and you're like, Oh my gosh, the one I bought in year one has also matured and transformed and changed.

And my team tends to be dealing with the recent technology versus some of the old ones. So yeah, it's a challenge for sure. And there's a way to look at kind of total cost of ownership, right? We all operate on grocery store budgets, so we got to maximize it. Every dollar we deploy for cyber is moving away from the bedside and it's got to be able to reduce risk.

And so how do you look at that holistically across the environment and our services delivered through central command help with some of those challenges for sure.

One of the things that I want to just talk about briefly is the Mid Year Horizon Report. You guys publish a report every, and I talked about this last week in the two minute drill, I talked about five of my favorite reports that come out from different industry leaders.

Drex DeFord: And, Not blowing smoke up your skirt. I really like the Horizon Report because it's specifically focused on healthcare. And you guys talk about everything from like new regulations to trends that you see from the breach portal to, everything's in there. Talk about the Horizon Report and why, it's a super easy read.

People should grab it. And how do they get it for free?

So to your point, it's not a technical piece. And frankly, I feel like every Horizon Report Primarily because back in the day, I literally wrote word of it. And now we have a whole team of folks, of experts that are writing it, which is great. To your point, the diversity of thought is just awesome.

And yeah, view it as hopefully an opportunity for the market to share what's happening with their colleagues, right? And with their employees and with their colleagues and those kinds of things. You can get it on our website, FortifiedHealthSecurity. com or reach out to me directly.

Certainly happy to send you one and appreciate the compliment.

Drex DeFord: Yeah, no, it's it's just super useful. And to your point of as you're putting slides together, as you're putting decks together to talk up to either, clinical teams or research teams or business operations teams, to be able to just do a screenshot of some of the things you have in report and put it in your slides is like, it's just super useful conversation starter and.

You know how I am, I talk about this all the time, mostly non technical, mostly plain English, easy to understand. You don't have to be like a super nerd to get what's in there. So thanks for doing that. It's really one final thing I want to ask about you guys have really You guys have really piled on with with this week health and I appreciate it.

Your premier sponsor you're the exclusive sponsor of the Two Minute Drill, one of my podcasts that happens a couple of times a week. I'm recording with your CISO Russell Teague tomorrow on Hack the News. I'm trying to think what else? You've really leaned into the CISO Summits, the 229 events, the CISO Summits, the City Tour dinners.

Anything you want to say about your experience or the experiences that you've had, with us and with the community that we're building at 229?

Dan Dodson: First of all, I think part of it is just so much of mission alignment, right? We think about the bad guys share ideas all the time and they're constantly coming after us and like, how do we create these platforms, forums, communities where the good guys can talk, right?

And so I just love the. Frankly, the entire approach that you're taking with the 229s and This Week Health and all the podcasts is let's all just share ideas, if we do that, we're going to strengthen the industry. There's certainly plenty of opportunity for fortified companies like Fortified to assist.

If and when it makes sense, but let's learn from each other, and so I just love the whole concept of it, which is why we got involved in the beginning. And I think the reason why we stay involved is the community is growing, Drex and people are buying into it and they're having, Real world, real life conversations about what's working and what's not, I think people learn from that and we all get stronger and can protect more patients, which is all here to do.

Yeah,

Drex DeFord: it's the helping, it's the helping each other figure out how to get better and ultimately it is, it does ultimately come down to protecting patients and families and helping patients and families when they're having their worst day ever. We want to make sure that they're and they're in the best position possible to be able to recover and heal and do all the things they need to do to take care of themselves.

Anything else I'm not asking you? Something else I should probably bring up that I haven't brought up yet?

Dan Dodson: nothing in particular. The only thing that I would say is thank you to all the folks out there that are in cybersecurity. there is so much stress and so much anxiety and so much work and so little resources.

And I'm just so thankful for the folks that I run into and for those that I don't know, you as well. Thanks for what you're doing. think cybersecurity is really important to protect patients so that we don't have massive downtime, so we can serve patients in the community, and they're often not thanked.

And so I would just say, thanks for all the hard work and all you're doing.

Drex DeFord: Yeah, I love that. Yeah if no one said thank you today from Dan and I, thank you. You're killing it out there and we really appreciate it. Dan Dodson, CEO for Fortified Health Security. I really appreciate you being on today.

I'm looking forward to crossing paths with you soon.

Dan Dodson: You bet. Absolutely. Thanks, Drex. Appreciate it.

Bill Russell: Thanks for listening if you found value, share it with a peer. It's a great chance to discuss and in some cases start a mentoring relationship. One way you can support the show is to subscribe and leave us a rating. it if you could do that. Thanks for listening. That's all for now..