In this episode, we are excited to host someone who has a wealth of knowledge in security – Kurt Roemer. Kurt is the Chief Security Strategist for Citrix, a multinational software company that delivers people-centric solutions through secure apps and data on any device, network, or digital workspace.
Kurt talks about his inspiration in his work in security. He also shares how his company is providing solutions to health professionals so they can deliver the best care without excessive cost. He shares his thoughts on business resilience, cyber-attacks, leveraging technology, cloud applications and services, setbacks, and more.
If you want to increase your company or organization’s safety and security, this episode is right for you.
About Kurt Roemer
Kurt is the Chief Security Strategist for Citrix. He leads security, compliance risk, and privacy strategies for Citrix products. As a member of the Citrix CTO and Strategy Office, he drives ideation, innovation, and technical direction for products and solutions that advance business productivity while ensuring information, governance and information services veteran with over 30 years of experience, Kurt has his credentials that also includes certified information systems security professional designation. He also served as commissioner for the US Public Sector Cloud two initiative and led efforts to develop the PCI Security Standards Council Virtualization Guidance Information Supplement while serving on the Board of Advisors.
Outcomes Rocket Podcast_Kurt Roemer.mp3: this mp3 audio file was automatically transcribed by Sonix with the best speech-to-text algorithms. This transcript may contain errors.
Saul Marquez:
Hey everybody, Saul Marquez here. Welcome back to the Outcomes Rocket. I appreciate you tuning back in. And today I have the privilege of hosting the amazing Kurt Roemer as the Chief Security Strategist for Citrix. He leads security, compliance risk, and privacy strategies for Citrix products. As a member of the Citrix CTO and Strategy Office, he drives ideation, innovation, and technical direction for products and solutions that advance business productivity while ensuring information, governance and information services veteran with over 30 years experience, Kurt has his credentials that also includes certified information systems security professional designation. He also served as commissioner for the US Public Sector Cloud two initiative and led efforts to develop the PCI Security Standards Council Virtualization Guidance Information Supplement while serving on the Board of Advisors. He is a wealth of knowledge as it relates to security, and I’m privileged to have him here on the podcast. Kurt, Welcome.
Kurt Roemer:
Thanks so much. Great to be here today.
Saul Marquez:
Yeah, it’s great to have you here and so would love to know what inspires your work in security.
Kurt Roemer:
I’ve been inspired in security for several years, starting to look at how people were connecting up to networks, how they were utilizing personal computers and other devices and really looking at it both from how can you help to improve your privacy and not accidentally share things, but also be able to look at what could possibly go wrong and be able to use that information to build a more resilient experience. And then moving beyond that, to think a lot more about the experience and how security is really a component of the experience, I define experience as the intersection of security, productivity and cost, because any time you move one of those or moving the others and it’s really about having that optimal experience and balance of security, productivity and costs and everything that you do. So it’s the technical nature of security and that’s a lot of fun. And getting into all of the various attacks and executing those is great. But it’s also about looking at how security can be there and remove barriers to productivity, but also have it be cost-effective.
Saul Marquez:
Man, I love that philosophy. Kurt, you are so thoughtful about this and I really appreciate that. Taking a look at experience in that kind of three-fold way really helps give you something to manage and to work towards. And so I would love to hear more about how you have and the business that you work with and the many businesses that you’ve worked on, how you’re adding value and insecurity and particularly within the health care ecosystem.
Kurt Roemer:
Yeah, it’s interesting because when you look within health care, they have a very, very unique balance of security, productivity and cost and a very unique view on experience. For example, one of the most important things that you can do within health care is be able to give time back to clinicians, to patients, to people in health care. I.T. and others support the entire health care experience. It’s just so overwhelming to be in those health care scenarios and see how much time people actually have to put in just for very mundane tasks. And actually was giving a presentation at one point in time. And I very rarely remember comments that people leave but had a doctor that stood up during the presentation. I wondered what was going on, and he was thanking those of us who had put together a solution for being able to give him back time in his day. And here’s a doctor in the absolute middle of nowhere in Winnipeg, Canada, that was just so thrilled about this and the other aspects of the health care experience. Health care is very unique from a privacy perspective. I worked on a PCI for the financial services industry and for the payment card industry, and somebody gets a hold of a credit card number, a cardholder information that that’s terrible.
Kurt Roemer:
But information can be released. You can get a new credit card. And PCI is about reducing fraud to acceptable levels in health care. When you lose your electronic health record and your medical information, your lab results, there’s no rereleasing that. It’s gone. It’s out in the wild. There’s no ability to ever get that back. So the privacy aspects are very, very significant. And then similarly, from the cost perspective, I don’t think we see really anywhere else short of food service and a lot of the other people that have been impacted in terms of small businesses last year, I don’t think we see much outside of health care where the cost impact has been felt as substantially. And so we’ve got to make sure that we’re helping to manage health care costs but also helping to make sure that all the people that are providing for health care have reasonable solutions at their disposal and help them to provide the best experience without the burden of excessive cost, which definitely could have been an issue over this last year.
Saul Marquez:
Now, those are some great points, Kurt, and you’re right, the health care industry has really been faced with the tremendous challenge with COVID and having to come up with answers for the pandemic. And then you also mentioned those that provide health care, all the employers that have had to think through all of their protocols and how do we stay safe physically within these environments. But also the mounting, I guess, I don’t know, risk that happen. I mean, I just I don’t know, current. I got really discouraged, just like seeing all these hackers and all this additional activity happening around the pandemic, that it was just like, I don’t know, it just layered on another thing that leaders had to think about.
Kurt Roemer:
Yeah, I was very disheartened and discouraged through that as well. You don’t want to see people get hit when they’re down, especially when you’ve got a very small segment of health care that is just going so far out of their way to be able to support people in any way they can during the COVID pandemic, people coming back from retirement, people graduating from school early, people who had significant personal health risks, who jump back in because they knew that the response that was required was just overwhelming. But then malicious attackers taking advantage of it. That was just that was awful. And I guess it pointed out in more ways than one, we have to be ready and have these disaster recovery plans and business resilience and not just thinking about the technology becoming available or even another pandemic coming along the way, but it’s really the social impacts of all the other terrible things that can be going on as people are dealing with some of the worst aspects of their lives and careers.
Saul Marquez:
Now, now, well said. And having that plan in place for when it does happen.
Kurt Roemer:
Really testing people through this, helping to educate people how to go through and think through the issues ahead of time so that they’re prepared, they’re trained, they’re up to speed, they know what to do and they’re not figuring it out as any new curveballs thrown at them.
Saul Marquez:
And current, you’ve been doing this for quite some time. I’m curious what you believe, your approach, your philosophy, how is it different or unique compared to what’s available out there today?
Kurt Roemer:
Yeah, I think really it’s focusing on the experience first and obviously within health care that’s focusing on patient care first and then all the people who provide direct patient care right behind that, making sure that you’re giving them the optimal experience, that they can work from any device, they can work from any location, they can work from any application. They don’t have to be constantly thinking about what they’re working on or how they’re working with it. The experience is just natural for them as they pick up new devices, work from new locations, work with new work types, and really being able to enable that provides for the nature of hybrid work that we’re seeing coming up, not just within health care, but outside of health care, so that you have people who are working at home, maybe some permanent work from home. You’ve got people who might be permanently back in the office, but then you have others who might be new mobile workers who might have taken their desktop home during the pandemic. But they’re not going to be doing that every week if they’re just working two or three days in the office. So it’s really about setting up a workspace for everybody that provides a Right. experience, regardless of how they work and helps to manage security for them today, integrating a lot of the security technologies and helping to prevent a lot of the the threats from being exercised. But over time, it’s helping that workspace to actively coach people to make the right security decisions to affect the Right. security outcomes. So instead of you clicking on something and all of a sudden it being a big problem to the organization, that’s ransomware, saving the system. Look this like you probably shouldn’t be clicking on or I don’t know what that is. So let’s open that up and a one-time use the cloud-hosted browser as opposed to open up on the browser, on your laptop or on your smartphone. And so there are some technical things that we can do, but it’s got to blend into the experience that people don’t have to think about doing something different under different situations.
Saul Marquez:
Yeah, that’s great. And there are also the things that can be layered in to, right? Like the prompts and things. If something looks like a phishing email that it gets flagged somehow.
Kurt Roemer:
Yeah, absolutely. You know, as people roll out additional phishing training, which is absolutely essential these days, wouldn’t it be great to have immediate feedback? Oh, by the way, what you just click on Don’t Tell Your Coworkers was a phishing email. Here’s how you should have noticed that. Here’s what you should have done instead, instead of three weeks later, you get a note from it here, maintain security and privacy.
Saul Marquez:
And so talk to us about what you do to say in these patient care areas, help improve outcomes or even improve the business that they do.
Kurt Roemer:
Yeah, it really is about both sides. And it’s looking at the patient outcomes, helping to understand the workflow of how clinicians are working with patients. Not intrusive, non-invasive, doesn’t require somebody to take off their gloves. And it’s integrating with some of the newer technologies and electronic health care records. But it’s also interfacing with some pretty old systems in health care that are still running. Windows seven or Windows XP might be an old PAX or radiology system that can’t even legitimately be on the network without being exposed to excessive risks. So it’s about being able to understand where you should allow people to get direct access to a resource, where they need to go through some type of proxies so that there’s inspection and redirection associated with it where they need to have a virtualize experience so that they’re just getting pixels sent to the endpoint, not the actual data, not the actual app. So they’re just getting a representation of the data, but it looks just like they’re working with it directly or where they need to have a legitimate offline experience and are going in through containerization.
Kurt Roemer:
And that’s been a big one for health care as well. You’ve got a lot of people who are working in emergency services or are working in scenarios where if a network goes down or an application is unavailable, it could be life and limb and they need to have a legitimate offline experience. The big challenge with health care is to be able to automate that so that people have that offline where they need it. But similarly, they can also be able to leverage cloud applications and cloud services where it’s warranted. It’s probably one of the bigger challenges in health care today is many because of the perceived need for much more offline. We’ll say no to cloud services immediately. And unfortunately, that might be their best experience and their best balance of security, productivity, and cost going forward. So we as an industry have a lot more work to do there to help make sure that health care sees the cloud as very relevant and as something that integrates seamlessly with our business to provide the Right. experience.
Saul Marquez:
Now, that’s really great to understand, just the fact that it doesn’t have to be all or nothing. And if you’re opting for the cloud, you could get all the benefits of the cloud and still have some of these real-world just real use or forget the term that you used for it. Like not cloud.
Kurt Roemer:
It could be cloud, it could be a hybrid offline container.
Saul Marquez:
That’s what it was. Offline containerize the offline containerize so you don’t have to do it all in one realm. Do you think usually when people say no they feel that way and then it becomes an all or nothing.
Kurt Roemer:
They may feel that it’s an all or nothing because that’s what they’ve been used to overtime. Or maybe it just seems way too expensive or way too much time involved to move to a more hybrid type of environment. And that’s where we’re helping to coach everybody to say, hey, begin with the experience first, then make sure everything that you’re doing from that point forward is continuously, situationally aware and contextually risk-appropriate. So it’s recognizing changing situations, adapting to those automatically and making sure that risk is commensurate with the task at hand and then ensuring and you’ve got observability insights and automation for it, for security, as well as for the business in general. And I guess that’s the last huge point, is making sure that we’re looking at technology supporting not just health care I.T., but it’s got to be very relevant for the business of health care, which has changed substantially in the last 15 months.
Saul Marquez:
And it really has. So what would you say is one of the biggest setbacks you’ve experienced and what was the key learning that came from it?
Kurt Roemer:
I think one of the biggest setbacks has been during this pandemic is realizing that the business of health care has changed substantially. And so even as people are flooding into health care organizations and they’re being absolutely overwhelmed with the lack of ICU beds and personnel and other technologies, meanwhile, the health care as a business is losing money and they’re actually laying people off and sending employees home because they were making money on elective surgeries and a lot of other things that were outside of the emergency room in the ICU. And so being that you couldn’t allow a lot of patients back in at that point in time, that really changed health care substantially. And that’s something I didn’t recognize soon enough. And I really wish I did because I think we could have stepped in a lot more. Or be able to more directly support health care in some of the early days?
Saul Marquez:
Yeah, yeah, that’s is challenging. And, you know, the elective procedures are coming back on. We’re feeling more comfortable with the vaccine kind of being over 60 percent vaccination in the States. It’s starting to feel like we’re getting into that realm of normal again. Well, they’ll never be that normal, quote unquote, but a new normal. And so it is exciting to leverage the things that that you picked up during that time to today. So what would you say you’re most excited about today?
Kurt Roemer:
You know, most excited about the ability for telehealth and a lot of people who are able to interact with health care, who might not be able to travel, to be able to see the expertise that they really need, might not have the ability to go at certain times because of their jobs or because of family commitments and, you know, would far benefit from remote care and the integration of the Internet of Things IoT and the blood pressure cuffs that are connected through Bluetooth and pulse oximeter. For us to add all of the other technologies that can monitor your heart, can monitor many of your other vital signs, and actually be able to manage the chronic disease for some patients without having to have them get the car and drive to a major metro area is really improving the patient experience quite a bit. And it actually does give quite a bit of time back to clinicians as well. They can schedule these appointments much more easily and it benefits everybody from chronic conditions to mental health to just people who have casual questions. It’s changing health care quite a bit. It’s allowing health care to be much more relevant and instantaneous. And it’s definitely giving you a lot more options as a health care consumer.
Saul Marquez:
I agree. Yeah, and there’s a big shift happening from this episodic care where you drive to the hospital or the clinic, you get checked out and then you don’t come back for another six months to a year. you have this opportunity with the devices and technology that you were just talking about, to have that consistent care provided without having to deal with any of the geographical things. So with this capability also comes that need to make sure that you and your organization are secure. You’re using encryption, you’re utilizing all the services that are necessary to keep patients and your organization safe.
Kurt Roemer:
Yeah, absolutely. And as an individual as well, it’s having the ability to have the system notify you that, hey, at this point in time, your risk seems to be way too high for we’re having this conversation or sending this information. Here’s some recommendation and said options for you. And maybe if it’s an emergency or very urgent situation, you’ll accept that risk. But at other points in time, you might realize that, hey, that game that your kid downloaded, your system while you are away for that hour probably shouldn’t be there and definitely is communicating in a way that it shouldn’t be. And as you would be exposing your personal info just as an example. So now we’ve got to be able to take the level of enterprise security that’s there for protecting the most critical secrets and make it available to individuals as well so that we can properly protect our health care information for ourselves as well as for those that we might be providing care for.
Saul Marquez:
Yeah, yeah. That’s so great. Great, great point. And yeah, so we are certainly committed to the safety, security of everything that you do for your employees and your patients and everybody across the board. So thanks for tuning into today’s podcast. What would you leave us to think about a closing thought. And then if anybody wants to find out more about you or the work that you do, what’s the best place that they could get in touch with you?
Kurt Roemer:
The closing thought would be to talk to your health care provider about how you can provide a more meaningful experience with them that helped save them time and definitely thank them over and over for their commitment over the last year-plus. But engaging and just asking, what can you do to help to optimize the experience and the brief amount of time that you have together? They might have some recommendations for devices or for other types of applications that you could download that provide more information. So when you call, you can give them much more detail and have a data-driven health care experience. And I guess that’s the big, big ask and big outcome, along with thanking everybody. And then in terms of getting in touch with me, I’m out on LinkedIn.Romer, thank you. Definitely looking forward. To reaching out and continuing to connect with the community and thank you so. Thanks, Kurt.
Sonix has many features that you’d love including automated transcription, world-class support, collaboration tools, upload many different filetypes, and easily transcribe your Zoom meetings. Try Sonix for free today.
Things You’ll Learn
Resources:
LinkedIn: https://www.linkedin.com/in/kurtroemer
Webste: https://www.citrix.com/