January 17, 2023

Advocating for Better Security in Healthcare with Taylor Lehmann

by Hacker Valley Studio

Show Notes

Taylor Lehmann, Director of Office of the CISO at Google Cloud, has made it his mission to make healthcare and life sciences more secure and strategic for everyone. Joining our security podcast this week, Taylor talks about how security and strategy have to start with people— from properly managing them to realistically motivating them. Healthcare is in need of some serious security TLC and Taylor is ready to tackle the difficult questions about how personal medical data can stay safe in a constantly evolving environment.

 

Timecoded Guide:

[01:47] Motivating your team & understanding your real cyber constraints

[06:19] Creating a shared, measurable goal for every team

[14:26] The haves and have-nots of healthcare security

[22:08] Revolutionizing the security standard of healthcare

[25:16] How to not fail your future self

 

You’re frequently brought into situations that are hard for security teams. Could you walk us through your process of dealing with interpersonal conflicts at work? 

Rarely is a conflict amongst team members about the technology itself, but is instead about how a team is working together. To combat team conflicts at work, Taylor first focuses on kindness and thankfulness. When a team can create a kind environment, trust flows much easier and the team can focus more on what the real constraints of their situation are (i.e. time and deadlines) vs their perceived constraints and tension points (i.e. assumptions around budget).

“What I end up finding out in more cases than not is it's not about a tool, it's not about a security control you don't understand, it's usually not a technical issue, it's almost always getting teams aligned to working together towards a shared outcome.”

 

What is the common slowdown or hiccup when it comes to security practitioners working together? 

The biggest and most detrimental slowdown amongst team members in cybersecurity is the lack of a shared goal. Without a united effort towards security and a measurable outcome to achieve, team members throughout your organization won’t work effectively or efficiently together. When the goal to be more secure can be understood by everyone within the organization, team members won’t get stuck on the whys or hows of the work they’re doing.

“Is the security department the only one who wants to be secure, or does everybody? The second you create a goal where teams are effectively working together to get that outcome, that's when you know you're there.”

 

When you look at the maturity of health organizations in being more security-minded, what are some of the things that you're seeing in the industry?

Like many industries, security in healthcare is divided into “have”s and “have not”s. Large, sophisticated, extensive, public health organizations have a high level of security maturity, while smaller organizations fall behind in technology and cybersecurity. While organizations like the FDA are working hard to make the medical field a more secure place, modern tech platforms need to be integrated at every level to keep patients and practitioners safe.

“It's tough to tell as a patient if a health system invests in security or not. No one is yet making decisions on where they go to get healthcare based on security. I think if they knew they would suffer something negative due to an under-invested system, that would change things.”

 

Was there a turning point in your life that made you the leader that you are today?

After an extensive shoulder surgery left Taylor laid up in a hospital bed, he realized that some of the equipment being used on his own body couldn’t be trusted to keep information secure. Having such an eye-opening patient experience after working in security in the medical field, Taylor realized that other patients wouldn’t know how to verify or protect themselves from these issues. Something had to change, and Taylor understood that he had to become a leader and advocate in this space to make a difference in our current reality. 

“This cannot be the standard of care. My life, in effect, depended on medical equipment that couldn't be trusted. I needed to do something about it, not just for myself, but for the next person who's gonna lie in a hospital bed.”

--------------

Links:

Keep up with our guest Taylor Lehmann on LinkedIn and Twitter

Connect with Ron Eddings on LinkedIn and Twitter

Connect with Chris Cochran on LinkedIn and Twitter

Purchase an HVS t-shirt at our shop

Continue the conversation by joining our Discord

Check out Hacker Valley Media and Hacker Valley Studio

Read more

Listen Now

test
00:00:00

Recent Episodes

January 24, 2023
by Hacker Valley Studio

In this episode of Hacker Valley Studio, Rob Wood, Chief Information Security Officer (CISO) at CMS, discusses the challenges of data silos within organizations. Rob explains that security teams often operate in silos, with different departments focu...

January 17, 2023
by Hacker Valley Studio

Taylor Lehmann, Director of Office of the CISO at Google Cloud, has made it his mission to make healthcare and life sciences more secure and strategic for everyone. Joining our security podcast this week, Taylor talks about how security and strategy ...

January 10, 2023
by Hacker Valley Studio

Maxime “Max” Lamothe-Brassard, Founder of LimaCharlie, brings a tech-focused community perspective and a history of working at Google to the Hacker Valley security podcast this week. Inspired by the internal motivation to empower others and build wha...

January 3, 2023
by Hacker Valley Studio

Brian Haugli, Founder and CEO of SideChannel, brings his CISO expertise to the security podcast this week for a discussion about strategy and leadership in cybersecurity. Working alongside CISOs and fractional VCISOs, Brian has seen his share of lead...

December 20, 2022
by Hacker Valley Studio

Allison Minutillo, President of Rebel Interactive Group and Host of the Rebel Leadership podcast, joins the Hacker Valley team this week to talk about her journey from individual contributor to company leader. With a leader’s mind and a rebel’s heart...

December 15, 2022
by Hacker Valley Studio

Cody Wass, VP of Services at NetSPI, brings his near-decade of experience to the pod to talk about longevity, development, and leadership. It’s no secret that cybersecurity is in need of people. Cody’s journey from intern to VP at NetSPI has shown hi...

December 13, 2022
by Hacker Valley Studio

Brad Liggett, CTI Intel Engineer Manager at Cybersixgill, puts on his improv hat and joins the pod ready for anything. After COVID pressed pause on daily life, Brad kept himself sane and gained some new skills by returning to his improv roots (a hobb...

December 6, 2022
by Hacker Valley Studio

Richard Rushing, CISO at Motorola Mobility, brings his decades of experience to the show this week to talk about leadership, communication, and perhaps most importantly of all: prioritization. After joining Motorola through a startup acquisition, Ric...

November 29, 2022
by Hacker Valley Studio

Kenneth Ellington, the Senior Cybersecurity Consultant at EY and Founder of the Ellington Cyber Academy, achieves his goal of being on the Hacker Valley Studio this week. From working at Publix in college to becoming an online course instructor, Kenn...

November 22, 2022
by Hacker Valley Studio

Lesley Carhart, Director of Incident Response at Dragos, takes some time off mentoring cybersecurity practitioners, responding to OT incidents, and training in martial arts to hop on the mics this week. Named Hacker of the Year in 2020, Lesley’s impa...