Closing Keynote: Full Speed Ahead: How to Thrive and Succeed!

Transcription

1 Closing Keynote: Full Speed Ahead: How to Thrive and Succeed! Session CYB6, February 11, 2019 Mitchell Parker, Executive Director, Information Security and Compliance, IU Health 1

2 Conflict of Interest Mitchell Parker, MBA, CISSP Has no real or apparent conflicts of interest to report. 2

3 Learning Objectives Explain how to successfully lead change in healthcare, even in times of uncertainty Describe opportunities to professionally grow, including areas you may not have thought of, to reach your full potential Discuss personal leadership skill sets that can be applied to move your security program forward Explain how positive revolutions can happen (not simply evolution) within your organization with the tools you need for success 3

4 Opening Statement Thriving and succeeding in any environment can be a challenge Healthcare cybersecurity is one of the most challenging (but rewarding) fields out there This session will inspire and empower us to chart ahead, no matter what the conditions may be 4

5 A New Day The day of the project, with its beginning, middle, and end, is coming to an end as we evolve Regulatory Drivers including HIPAA, HITECH, GDPR, and other new privacy laws (CCPA) emphasize continual reassessment and review of risks as part of compliance Financial Drivers such as Cyber Insurance and Payment Card Industry Data Security Standards Compliance (PCI- DSS) also require continual assessment and review Accreditation Drivers, such as Joint Commission, American College of Radiologists, and College of American Pathologists also emphasize continual assessment and improvement 5

6 We are in a new age We are now in the age of continual innovation and integration Innovation is not a buzzword it is about empowering the mission and values of the organization to adapt to a new normal We are in the age of collaboration and consensus We are in a process of constant change and re-evaluation We need to accept uncertainty. Plans will not always work 100% due to rapid change We need to hold fast to the Mission and Values of our organizations and bring others along 6

7 This changes our mission This changes what success means, and how we measure it Information Security is well-positioned to set the example and show the way because of the wide organizational reach we can make success more real and lasting 7

8 What is Success? Success is demonstrating that we can develop, integrate, and evolve initiatives from inception with the existing people, processes, and technologies of an organization with a constant goal of continual improvement 8

9 How do you Measure Success? You measure Success based on the initiative Use the basic SMART goals Specific avoid broad-based language Measurable how will you demonstrate success? Achievable (as defined by the team) Realistic (see above)/relevant Does this actually solve a business problem Does this de-risk the organization? Time-bound You have to set a date no matter what Are you demonstrably able to meet goals? 9

10 What is Thriving? Thriving is the ongoing sustainment of Success It s the transition from new idea to being part of the business Traditionally this has not been a focus With the major regulatory landscape changes, especially with GDPR and Joint Commission, is now really important 10

11 How do you measure Thriving? Continue to measure the metrics of Success that defined a successful business change Keep defining SMART goals for them Integrate your goals across the team Transition some to sustainment, however Example: We took a Success goal of 100% PCI Device Compliance and evolved it to maintaining Attestation of Compliance 11

12 What does change really mean? Change is Success It is the continual evolution of an organization and its people to meet the needs of its stakeholders and environment However, it is really scary for many of our customers EMR implementations Meaningful Use Cyber Security It doesn t have to be this way! 12

13 What is Uncertainty? Doubt Lack of a clear operating picture Inability to answer questions Inability to communicate what is needed for Success and Thriving! 13

14 How do we handle uncertainty? Clear plans Involvement of our peers 30 second rule for explaining items Get Ready! We re going to cover a lot more in the next 30 or so minutes! 14

15 How do we handle Uncertainty? Always Be Communicating Communication Plans Based on Constant Engagement Tiered Communication Plan Executives Leadership Physicians Everyone Else Consistent, planned messaging in conjunction with PR Public Relations as a Service Service Delivery - Response is Everything 15

16 How do we handle Uncertainty? Always be changing Your project plans can and will change Solicit input Make sure you take others into consideration Accept that external factors will cause change 16

17 Professional Growth Opportunities Strategic Planning everything has a purpose Structure Initiatives to increase engagement and development Tie what you do into team development and individual development Cascade organizational goals down to the managers and team members Non-traditional assignments on projects Make sure to get team members exposure to the rest of the organization Focus on understanding how the organization works Put team members in a position of uncertainty with the purpose of having them learn from it 17

18 Professional Growth Opportunities Communications esp. developing communication plans for the team Organizational Improvement Initiatives Presentations/Public Speaking We have to build people up who can communicate with the C suite Emphasizing CFPs and Conference Proposals Our scale is 0 to DEFCon for our presentations We also promised a perfect educational score for an accepted DEFCon proposal (HIMSS a close second ) Education as part of the intern program and employee development Down to advising for courses! 18

19 Personal Leadership Skill Sets 19

20 Mindfulness Keep your focus on the Mission and Values of the organization Don t let technology become the focus focus on people, processes, interfaces, and workflow These are 90% of the customer needs usually Tech is a means to help with these four items How can you work with the business? Understand how the business works Avoid the temptation to talk about tools Your customers, especially the more technical ones, will think you obsess over bright shiny objects 20

21 Humility You will be wrong You will make errors You need to be humble, accepting, communicate well, and address issues Address problems quickly for everyone s benefit Mean Time To Notification (MTTN) to your team members of potential issues should be minutes MTTN to Senior Leadership of potential issues should be well in advance With full action plans 21

22 Communication and Listening Always listen to your customers Meet them on their turf Make yourself available continually Respond quickly Take notes Follow up on items immediately Don t wait unless you have to Keep consistent and unified messages 22

23 Preparation Make sure you research continually Don t wait here! Keep abreast of current and emerging technologies Your customers know more than you think As every healthcare CIO is now learning about Blockchain thanks to people outside their departments and their vendors bringing it in 23

24 Presentation Skills Treat presentations with the same rigor as a research paper Especially with Human Resources Use credible resources such as HIMSS, Gartner, Forrester, and government sources (NIST, CMS, etc) Know your facts Know your info cold and make sure the facts have relevance Prepare for your audience Make sure you review what you have repeatedly Get comfortable with Public Speaking 22 years ago, I was told I sucked at forensics. Badly. It was demoralizing and I stopped public speaking for 14 years Don t make my mistakes! 24

25 Empathy and Education Your customers have challenges like everyone else Accept that security is not always top of mind Help them through a confusing world cyber is not easy! There is a lot of uncertainty and confusion around security Avoid complex interfaces and acronyms extra mile on understanding! Educate as part of the customer relationship process Educate and Mentor those with less experience and open the world We do not do enough of this to offset the toxicity, sexism, and racism that is now prevalent - This HAS to change Our perception as professionals hinges upon it 25

26 Sharing Share your knowledge with others Especially outside your company Encourage others to do CFPs and Presentations Bring up that next group of Security Professionals Support organizations like HIMSS, CHIME, AEHIS, ISSA, and others We need to have more positivity in Security We want people to be engaged We want people to look positively upon Healthcare Information Security 26

27 Ownership Own what your team works on, even if you don t own it Own your customer relationships go the extra mile Own the risk management process Make sure people from the organization are engaged and involved The business owns change and innovation If they do not, then the incentive to improve is not there You are part of the business Own being a part of that great team 27

28 What do we get from this? We set expectations to continually improve and innovate We open up two-way communications with our customers We build processes that we can improve upon We own along with the business We hold ourselves accountable We improve business through better security 28

29 Most Important We will help our organizations thrive and succeed! We will set the example for others to do so We will bring up that next generation of security professionals And expect they improve on us 29

30 THANK YOU!!! Follow me on Twitter Phone:

31 31