We created the “CISO Spotlight” series to highlight some of the CISOs we know and admire, to learn more about their challenges, hear what they have to say about the current state of cybersecurity, and more. Read on to see what Jeremy Walczak of GenesisCare has to say.

How did you initially get involved in cybersecurity?

I have worked in the information technology field for most of my 25-year career starting out as a software engineer. I eventually crossed over into cybersecurity in the early 2000s when I had a chance to help form a new security team at a global organization where I had been working. This initial experience opened additional doors for me and led to roles in the healthcare field where I have maintained a presence, assuming roles of greater responsibility over the past 13 years.

What is something you wish you knew when you first started this career?

Take the trip, visit your parents, leave early to catch the start of your kid’s game. You will have plenty of time to complete the project, but the referee will not restart the clock because you had to reboot your PC to apply a zero-day or lost your latest board presentation.

What are the top challenges CISOs face today?

There are many – and some that might be unique to CISOs when compared to other organizational leaders. In no order, I see the following as items near the top of the pile:

1. Fighting for a seat at the business strategy table alongside finance and operational leadership
2. Funding for top cyber risks versus revenue-generating concepts
3. Increasing velocity & throughput of cyber project deliverables

What are the biggest security challenges in the healthcare industry?

For me, the biggest security challenges in healthcare come down to the most important and basic outcome for a patient, which is to receive the right care, at the right time, in the right place. For those three items to occur, it is very typical for technology to play a crucial role in the communication, delivery, and dosing necessary by clinical teams. Security plays a vital role in those activities, ensuring technical access to the best clinical teams available.

How do you assess products and technologies for your organization?

I think we follow a standard approach that includes stakeholders in the research, evaluation, selection, and installation of new technology. There is no secret recipe. From my experience, the best approach is a collaborative one that allows for input and consideration from a group, based on some accepted standard, with the ultimate decision being made by the budget holder, based on group input.

How do you facilitate a positive security culture within the organization?

Culture is huge for us at GenesisCare. We’re a global organization with teams spread across many time zones, international regions, languages, and dialects. However, one consistency remains and that is our global focus and attention to patient safety and treatment outcomes. This is obviously job number one for our clinical teams. Our global cyber team has been able to work effectively across all departments at GenesisCare, making a connection between cyber awareness and resiliency and the impact good cyber hygiene can have on safety and treatment outcomes. The collaboration is an example of how we’ve effectively improved the cyber culture.

Do you mentor the next generation?

Absolutely. Informally, on the job, and through different activities with area colleges and universities. I feel that I have benefited from key individuals throughout my career to get me to the point I am today. Whether I knew it or not at the time is a different story, but there have been influencers that pointed, pushed, nudged, or guided me into my current role, and I am grateful. Being a mentor is a way to give back to the community, but also a source of engagement and enjoyment for me.

Do you use security as a differentiator with your clients?

As a rule, no, we do not view security as a differentiator. The theory is that we have access to the same set of standards, tools, and knowledge. Further, the security community has many ways it benefits by sharing and leveraging collective intelligence, success, and failures…think of the ISACs and vendor-led communities. The caveat, of course, is that one organization may interpret and apply those public sources and technology better. So, while we are not out there saying “we’re better at security” we do believe we have a good story to tell the patients we treat, the communities we serve, and the entities we partner with.