Security professionals don’t always look to healthcare first when it comes to career development. There is a general perception that healthcare has lagged behind other industries in terms of safety program maturity. Last year, the Brookings Institute called healthcare organizations soft targets “…lagging behind other industries on key cyber-preparedness metrics.”
By some estimates, healthcare defenses are a generation behind today’s cyberattacks. But these circumstances also make healthcare a great industry for talented people who want to take the next step in their career: defining their vision for a successful safety program and learning how to be an effective leader. Emerging security talent should consider healthcare as a foundational career opportunity because they can:
If the COVID-19 pandemic has proven anything, it’s that our healthcare facilities provide essential services and are in desperate need of better cyber protection. About half of the world’s hospitals experienced an IT shutdown as a result of a cyber attack in the first half of 2021. The critical nature of healthcare, combined with the shift to virtual care and relatively low levels of cyber controls, makes these organizations a prime target. . Data breaches in the healthcare sector drive the highest total cost per sector: an average of $7.13 million per event, a 10% increase over the previous year and a higher average cost than the energy and financial sectors].
Choosing healthcare for security work isn’t just about protecting data and devices. Healthcare security professionals help physicians and staff provide the best possible care while protecting patients from potentially life-threatening disruptions. Given the potential impacts on patient safety and infrastructure, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently advocated for increased investment in healthcare security to improve the overall posture of industry cybersecurity.
- Grow personally and professionally.
I’m a huge NBA fan, I follow the Toronto Raptors. I love that the Raptors organization has built a winning culture from the ground up by developing young players. If I was an NBA rookie, I wouldn’t necessarily want to go to a big market team loaded with free agent All-Stars. I probably wouldn’t gain significant playing time for a few years. I much prefer to go where there is an opportunity to prove my skills immediately – to grow and learn with regular minutes on the pitch.
Joining a company with a mature and established security program often means inheriting someone else’s vision and technology roadmap. Since many healthcare organizations are catching up, this can offer a chance to help build a winning safety program from the ground up.
Earlier in my career, I took on a leadership role with a health care provider, but it wasn’t necessarily something I had anticipated. A combination of circumstances led me to this choice. Some of it was personal – I had just had kids and didn’t want to be on the road all the time like I had in my previous roles. But another important factor was that the leadership of the organization invited me to define my vision, develop a technology and process roadmap and really influence change. I don’t know if I would have had this kind of opportunity in another industry at this point in my career.
There is a huge security leadership vacuum in the healthcare sector: 40% of healthcare organizations still do not have a dedicated CISO. As security becomes a priority in the face of growing attacks on healthcare organizations, new leadership opportunities will emerge.
Any successful CISO can talk about how they got into a new organization and had to change things. Many fear inheriting a mess. How can I manage people and technologies that I have not chosen? Taking what is there and making the most of it until the culture can be changed takes great skill. It becomes an assessment of: What tools/resources do I have? ; Where are my risks?; and How can I advocate for my team and build momentum?
Every situation is different. But for a highly focused individual who wants the chance to cut their teeth on leading an organization, healthcare offers a great opportunity. A young executive will have a lot more responsibility and a chance to push the boundaries a bit more than they would in other industries.
Going back to my NBA analogy, why warm up the bench in banking when you can break away from the starting lineup in healthcare? Cybersecurity career development requires meaningful minutes on the job – opportunities where a security professional can make an immediate impact, show results, and prove themselves. This is a great opportunity to lead change in an industry that needs cybersecurity skills and where it’s possible to feel good about maintaining essential services for the local community.
Damian Chung, CSO Health, Netskope