Thomas August became the chief information security officer of John Muir Health in Walnut Creek, Calif., in 2015, after serving as the director of information security at San Diego-based Sharp HealthCare.
Since then, Mr. August has worked with the IT team at John Muir to identify and prepare for potential security attacks and develop a risk management strategy. Here, Mr. August discusses his role and the biggest roadblock for health system security.
Question: What initiative are you most proud of having led or participated in as a CISO?
Thomas August: Building a program focused on managing real-world risks and threats, not just complying with audit checklists or arbitrary controls frameworks.
Q: How has your role evolved over the past 12 to 24 months and where do you see it headed in the future?
TA: I see my role as an advisor to the business. I'm primarily engaged in identifying risks, developing a vision with regards to risk management strategy, constantly validating our understanding of the organization's risk appetite, building financial business cases to support the vision, inspiring others to actively support the vision, collaborating with vendors to make planned initiatives a reality, implementing the required technologies and workflows to support these initiatives, educating the workforce on risks/threats/threat-actors/risk-management-priorities, maintaining regulatory compliance as appropriate, and building operational excellence into cybersecurity workflows. I don't see these parts of my role changing any time soon.
Q: What is the biggest trend in healthcare affecting your decision-making process as a CISO?
TA: The biggest trend by a country mile is the financial instability of the healthcare provider industry. Resources are simply not available to do all of the things we need to do. All other possible trends pale by comparison.
To participate in future Becker's Q&As, contact Laura Dyrda at ldyrda@beckershealthcare.com.