The evolving role CISOs play in health system risk management: 3 Qs with John Muir's Thomas August

Thomas August became the chief information security officer of John Muir Health in Walnut Creek, Calif., in 2015, after serving as the director of information security at San Diego-based Sharp HealthCare.

Since then, Mr. August has worked with the IT team at John Muir to identify and prepare for potential security attacks and develop a risk management strategy. Here, Mr. August discusses his role and the biggest roadblock for health system security.

Question: What initiative are you most proud of having led or participated in as a CISO?

Thomas August: Building a program focused on managing real-world risks and threats, not just complying with audit checklists or arbitrary controls frameworks.

Q: How has your role evolved over the past 12 to 24 months and where do you see it headed in the future?

TA: I see my role as an advisor to the business. I'm primarily engaged in identifying risks, developing a vision with regards to risk management strategy, constantly validating our understanding of the organization's risk appetite, building financial business cases to support the vision, inspiring others to actively support the vision, collaborating with vendors to make planned initiatives a reality, implementing the required technologies and workflows to support these initiatives, educating the workforce on risks/threats/threat-actors/risk-management-priorities, maintaining regulatory compliance as appropriate, and building operational excellence into cybersecurity workflows. I don't see these parts of my role changing any time soon.

Q: What is the biggest trend in healthcare affecting your decision-making process as a CISO?

TA: The biggest trend by a country mile is the financial instability of the healthcare provider industry. Resources are simply not available to do all of the things we need to do. All other possible trends pale by comparison.

To participate in future Becker's Q&As, contact Laura Dyrda at

More articles on health IT:
Orlando Health's Epic program exec: 3 insights for a successful EHR implementation
From EMR and clinical data support to predictive analytics and behavioral health: Q&A with MidMichigan Health CMIO Dr. Pankaj Jandwani
Core concepts for setting IT strategy and culture: Q&A with Albany Med EVP, CIO, Cao George Hickman

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Featured Webinars

Featured Whitepapers