Nurturing the Future of Healthcare Security with Damian Chung, Cybersecurity Leader and Business Information Security Officer at Netskope
Episode

Damian Chung, Cybersecurity Leader and Business Information Security Officer at Netskope

Nurturing the Future of Healthcare Security

Organizations must build a pipeline of resources and talent to address the labor shortage.

 

In today’s episode, host Saul Marquez talks with Damian Chung, a cybersecurity leader and business information security officer at Netskope, about his passion for improving patient care and outcomes through technology and security in the healthcare industry. He discusses healthcare’s challenges in keeping up with other sectors and emphasizes the importance of embracing advanced technologies rather than getting stuck in legacy systems. The conversation delves into the labor shortage in healthcare and offers innovative solutions, such as building partnerships with schools to foster a pipeline of talented professionals. Damian also highlights the significance of cloud technology in driving efficiency in healthcare operations and the role of security in facilitating the adoption of cloud services.

 

Tune in to gain valuable insights and explore the possibilities of leveraging technology to enhance healthcare.

 

Nurturing the Future of Healthcare Security with Damian Chung, Cybersecurity Leader and Business Information Security Officer at Netskope

About Damian Chung: 

 

Damian Chung is a cybersecurity leader with over ten years of security experience focused in healthcare.

As the Business Information Security Officer at Netskope, Damian is responsible for overseeing corporate security tools and processes and acts as the subject matter expert in the healthcare vertical. He also serves as an adjunct professor for the cybersecurity program at the University of Advancing Technologies in Tempe, AZ.

Prior to Netskope, Chung was the Sr. Director of Cybersecurity Engineering at Dignity Health where he implemented multiple cybersecurity controls and helped mature their security program by developing a healthcare-focused security roadmap.

Additionally, Damian has held the role of VP of IT, Cloud Security, and compliance for a healthcare technology company where he built a HIPAA-compliant cloud service. Damian has an MSc from Arizona State.

 

Outcomes Rocket Podcast_Damian Chung: Audio automatically transcribed by Sonix

Download the “Outcomes Rocket Podcast_Damian Chung audio file directly.

Outcomes Rocket Podcast_Damian Chung: this mp3 audio file was automatically transcribed by Sonix with the best speech-to-text algorithms. This transcript may contain errors.

Saul Marquez:
Hey, everybody. Saul Marquez with the Outcomes Rocket, recording live from the ViVE event in Nashville, Tennessee. I’m so excited to be joined today with Damian Chung. He’s a Business Information Security Officer at Netskope. He’s a cybersecurity leader, an innovator, educator, investor, and advisor to many out there that are in the security space. Damian, such a pleasure to have you on the podcast.

Damian Chung:
Awesome. Thank you, Saul. We just met yesterday and you got me talking on a podcast. This is awesome.

Saul Marquez:
It was awesome. So we were at the introductory kickoff event at ViVE and I just saw Damian and I was like, man, this guy looks interesting. And sure enough, we start chatting and he starts telling me about his 360 Degree podcast, which, by the way, we’re going to link it up to the show notes. He’s got a 360 camera and we’re going to do a short version of what we’re going to do today. So stay tuned for that and check out the show notes.

Damian Chung:
Yeah, a quick three-minute segment.

Saul Marquez:
Yeah. So it’s nice and it’s about bite-sized bi ts of information that you could use and take action on. And on that note, Damian, one of the things that I always like to touch on with our listeners is what is it that inspires your work in healthcare?

Damian Chung:
I think within healthcare, we’ve struggled with trying to keep up with other verticals, and so for me, it’s been passionate in a way of trying to help patient care and patient outcomes through technology and security. And if that’s just educating other leaders in healthcare IT then that’s what I like to do, right? Just get out there and talk about the possibilities of what they can be doing within their field and not just think that, you know, we don’t have enough money to do that or we can’t do that or we can’t do this because we don’t have the people or the resources. I think if we can just try to think in a bigger world of how we progress into using more advanced modern technologies and not get stuck in some of the legacy applications or hardware that we see in healthcare. And so for me, that really is my passion. And I’ve spent, I think, almost 15 years in healthcare IT, I also spent some time in consulting and retail and finance. And I just find that healthcare is really unique in that sense because we have so many challenges in the vertical.

Saul Marquez:
Yeah, I agree, Damian. And you know, we were talking about innovation and there’s technology innovation, there’s process innovation, there’s people innovation, right? And so we’re faced with a big challenge, and that’s the labor shortage. And it’s not just unique to clinicians like nurses and doctors, but it’s also a big problem for security.

Damian Chung:
Yeah. And I think it’s in a transition state right now because last year we had the great resignation. Remember that? It wasn’t that long ago we were having these employees leave us this year. There’s a bunch of other challenges. Maybe they’re leaving us, maybe they’re not leaving us. I don’t know how resource planning really can be forecasted because three different markets and three different times that will evolve. So one way I’ve looked at it is building a solid pipeline of resources through partnerships with schools. And I think if organizations can partner more with local universities or colleges or technical schools, you can have a base in be more involved in the community from that aspect and now have entry-level analysts or engineers come in to help augment your staff and grow with you. And it just has to become a cycle. It can’t be a one-off, right? It has to be a program and a new cycle.

Saul Marquez:
And you can’t expect it to happen on its own.

Damian Chung:
No, it takes work, right?

Saul Marquez:
Yeah. Yeah.

Damian Chung:
I mean, a lot of people think, well, if you get an intern, that’s right away, you have cheap labor. No, it takes work. It does. You have to build a program into educating those students and giving them the practical experience because they come out of school with a lot of theoretical knowledge and maybe they’ve done stuff in labs and they don’t really know how things work in the real world. If we can give them that last bit of experience, well, maybe they’ll stick around. The more we can feed them knowledge and practical experience, the longer they stay around. And what I tell my interns, I say, look, in the first five years of your career, don’t worry about the money. I mean, you should be paid according to the market. And as your knowledge and your skill set grows, then the demand for your services will become greater and your career will be better, right? So focus on what you can learn and focus on what you can do in the first five years of your career. And then from there you have a much bigger launching pad into your career. And so I think that kind of mentality for students coming up, if they’re really passionate about what they do, if they really love the cyber security aspects or the technology aspects and the continual learning that we go through in this field, then they’ll do well.

Damian Chung:
Here’s a funny story. I’ve interviewed hundreds of students and interns, and this one really stuck out to me. I asked the student, I said, why do you want to get into cybersecurity? What is it that you love about this? And he said, my mom told me to do it. And I said, well, why would you do something your mom told you to do? She said, well, my mom told me to do it, so I’m going to do it. And she said, I can make lots of money doing this. And I had to have a conversation with him and say, you’ve got to do what you believe in. Because my parents as well, probably wanted me to do something different. We didn’t think that cybersecurity was going to be a thing when I graduated or when I was in school. And so we don’t know where our paths in our career are going to take us. And that’s where your passion comes out and you kind of evolve with it and you land in the spots that kind of just make sense.

Saul Marquez:
Yeah, I love that. And so as we think about some of the challenges that we’re faced with in the employee shortage crisis that we have, the cost of labor going through the roof with contractors, technology is an answer, but also innovative approaches like Damian has offered up and building a pipeline of talent that you nurture is also, I think, a vital part of the strategy that health systems need to be thinking about. So as you’ve been working in this space for a very long time, Damian I think one of the things right now that we’re looking at as a promising technology is the Cloud. Talk to us about that and the current state and where we could be going with it.

Damian Chung:
Yeah, I think healthcare has been slow to adopt Cloud and I remember bringing up the idea over a decade ago of hosting data within a cloud service. You don’t have to worry about racking and stacking and managing a data center and appliances and servers. Ten years ago, I think that was just not possible. People couldn’t imagine not having their data inside of their data center. And if you fast forward to now, 2023, we are now pushing more into the Cloud for efficiency. And because we’re now realizing that the cost to manage that data center is expensive, the rack and stack, the circuits moving that data center and the electricity to run that data center. So Cloud has become really an efficiency tool for a lot of technology teams to really just spin up the resources they need at the right time. And they don’t have to wait for a cycle of procurement and then the life cycle of that hardware. And so it’s easier planning, it’s more of a subscription based. So I see a lot of healthcare today moving towards Cloud, mostly for operational efficiency and easier planning. But with that comes a challenge of security and I think that is probably what’s easing the move into Cloud these days. It’s the fact that there are tools out there like Netskope. I’m not saying that scope is the only one, but Netskope can help organizations have visibility to that data and to be able to secure the cloud presence of these organizations. And so now that we have multiple tools out there that can ease the security, the compliance and the risk concerns that organizations may have, they’re now feeling a little bit more comfortable with moving towards the cloud for operational efficiency.

Saul Marquez:
And that’s a big reason for it. I mean, can you and I don’t know too much about Cloud, Damian, so like can you argue that it’s probably safer to be on the Cloud?

Damian Chung:
I don’t know. I think that can be debated because you’re essentially putting your data into somebody else’s environment. And so it depends on how much trust you have and how much compliance they themselves have with your data. I think the biggest leakage of data, though, isn’t where you expect the data to go. So if you expect it to go into your cloud repository that you’ve already vetted and you already have controls around it, that’s probably going to be pretty safe unless that vendor has an incident issues or incidents.

Saul Marquez:
Yeah.

Damian Chung:
What we’re missing though, is the data that’s leaking or going to other platforms where we don’t have those controls, we don’t have visibility or we haven’t vetted their compliance. So I think on average, let’s go up to, you know, when we do our proof of value, we take a look at how many cloud applications an organization’s using. And on average, they’re using close to 3000, maybe even more, depending on the vertical. 3000 cloud apps that the IT team is not even aware of. And that’s because of shadow IT or the business just going out and getting their own tools and starting using them.

Saul Marquez:
Right, right.

Damian Chung:
Now your data is going to those places that you didn’t expect. So if you don’t have that kind of visibility and control, it becomes tougher. And if you don’t open your eyes to it, you’re not going to see that it is happening right beneath you. Whether you see it or not, it’s happening.

Saul Marquez:
Yeah, something to think about there. I didn’t even consider that. But certainly those data leaks on the platforms you’re not even thinking about, right?

Damian Chung:
This, today I spoken to a lot of customers on the show floor here at ViVE. And, you know, a lot of doctors may come into the hospital system as a contractor and they may have their own private practice. And so the hospital is using something like Office 365 or Google Workspaces. They are now whitelisting all traffic going to that service. The problem, though, is the doctor may also have Microsoft or Office 365 for their private practice. And if you’re already whitelisted it for the hospital. How do you know that data is not going to their private instance? So what a lot of organizations to take a look at that be able to see the different instances within a single SaaS platform like Microsoft, and then apply different policies based on whether that’s a corporate managed instance or a private managed instance or a partner instance at a local university or research institution.

Saul Marquez:
Yeah, some really valuable insights that you offer there for us to consider and think about, Damian. What closing thought would you give to the listeners as they consider ways to innovate for scale and stay safer, cyber safe?

Damian Chung:
Yeah, I think there’s a lot you can be thinking about in that aspect. Number one, don’t put up a wall and say no. As a security professional, I think in the past we’ve been known as the Department of No. We said say no to everything. But in reality we have to enable the business, whether your security or you’re in IT. We’re trying to enable the business to do their job. And so security shouldn’t be rigid where it’s an allow or deny. The answer always should be. It depends. And if you take that aspect of how I wrap security around a business process to enable the business, then we’ll all succeed. The last thing I want to do as a security professional in healthcare is be responsible for someone’s life. I didn’t get into technology to be responsible for someone’s life.

Saul Marquez:
Yeah, right.

Damian Chung:
Not like the doctors in the frontline, clinicians and nurses. They’re right there with the patient. I don’t want to impact the delivery of care that they’re providing, and I don’t want to impact that patient’s life. And so I think in order for us to be more efficient with our security is to have those conversations around what is the business trying to do even within IT versus security. We see a lot of conflict sometimes. Last year I had a lot of conversation around security as a team sport and that applies to IT Security, the business, even HR legal compliance. And so everybody has a role in how we deploy security and employ it to help enhance the business. And so don’t hesitate to talk within your organizations, don’t hesitate to reach out to peers to talk about how they’re dealing with it. And then also, like I said in the beginning, reach out to the community and support these new graduates to become, hopefully your pipeline for better talent and sustained resources, people resources. I think all of those things would give us a better chance at succeeding within security and not trying to create friction within the organization.

Saul Marquez:
Damian, thank you so much. Some great insights that frankly are actionable today. So can’t thank you enough for spending time with us today at ViVE on the Outcomes Rocket. Listeners check out the show notes. You’ll see links to any of the things that we talked about, including Damian’s profile on LinkedIn and ways to get in touch with them. Damian, is there a place that they could also check out your podcast?

Damian Chung:
I’ll put a link on LinkedIn.

Saul Marquez:
Okay, cool. So we’ll leave that in the show notes for them too. Absolutely. He’s got these really cool 360 camera podcast. Three minutes. You guys got to check them out. It’s actually really cool. So make sure you check that out. Damian, thanks for being with us.

Damian Chung:
Thanks, Saul.

Sonix is the world’s most advanced automated transcription, translation, and subtitling platform. Fast, accurate, and affordable.

Automatically convert your mp3 files to text (txt file), Microsoft Word (docx file), and SubRip Subtitle (srt file) in minutes.

Sonix has many features that you’d love including automated translation, share transcripts, collaboration tools, enterprise-grade admin tools, and easily transcribe your Zoom meetings. Try Sonix for free today.

 

Things You’ll Learn:

  • Building a sustainable resource pipeline by partnering with educational institutions like universities, colleges, and technical schools can solve workforce challenges.
  • Investing in interns and providing them with practical experience and education is important to help them succeed.
  • Cloud services allow technology teams to easily scale resources and avoid the challenges of traditional procurement and hardware lifecycles.
  • Netskope offers solutions to address security, compliance, and risk, making healthcare organizations more comfortable with adopting cloud technology for operational efficiency.

Resources:

  • Connect with and follow Damian Chung on LinkedIn.
  • Check out Netskope’s website.
  • Listen/Watch the 360° podcast here!
Visit US HERE