1
00:00:00,160 --> 00:00:02,319
This is Laura Dirdo with the Becker's Healthcare

2
00:00:02,319 --> 00:00:02,819
podcast.

3
00:00:03,279 --> 00:00:05,040
I'm thrilled today to be joined by Steven

4
00:00:05,040 --> 00:00:08,000
Ramirez, chief information security and tech officer for

5
00:00:08,000 --> 00:00:09,919
Renown Health. Steven, it's a pleasure to have

6
00:00:09,919 --> 00:00:12,160
you on the podcast today. Hey, Laura. Great

7
00:00:12,160 --> 00:00:14,855
to be with you. Absolutely. Now I know

8
00:00:14,855 --> 00:00:16,695
it's always fascinating to speak with you because

9
00:00:16,695 --> 00:00:18,614
you've got such a great big picture and

10
00:00:18,614 --> 00:00:21,835
and future focused view of technology, cybersecurity,

11
00:00:22,295 --> 00:00:24,214
considering all the different things that are happening

12
00:00:24,214 --> 00:00:25,109
in health care today,

13
00:00:25,670 --> 00:00:28,070
AI, as well as government policy changes and

14
00:00:28,070 --> 00:00:29,910
more. So, you know, I'm looking forward to

15
00:00:29,910 --> 00:00:30,730
this conversation.

16
00:00:31,350 --> 00:00:33,350
But before we begin, for those who are

17
00:00:33,350 --> 00:00:35,190
just starting to listen to the Becker's Healthcare

18
00:00:35,190 --> 00:00:37,270
podcast, can you introduce yourself and tell us

19
00:00:37,270 --> 00:00:38,810
a little bit more about your background?

20
00:00:39,350 --> 00:00:39,765
Yes.

21
00:00:40,484 --> 00:00:41,684
Again, good to be with you. My name

22
00:00:41,684 --> 00:00:44,104
is Steven Ramirez, and I'm the chief information

23
00:00:44,164 --> 00:00:46,965
security and tech officer at Renown Health. I've

24
00:00:46,965 --> 00:00:48,484
been there for almost four years.

25
00:00:49,204 --> 00:00:52,324
Renown Health is up in Northern Nevada, so

26
00:00:52,324 --> 00:00:55,289
it covers the Reno, Tahoe area. We're a

27
00:00:55,530 --> 00:00:56,670
integrated health system,

28
00:00:57,370 --> 00:00:59,310
four different locations and

29
00:00:59,850 --> 00:01:03,049
fresh transplant center, you know, urgent care. We're

30
00:01:03,049 --> 00:01:05,049
the area trauma center. So really a lot

31
00:01:05,049 --> 00:01:07,290
of different service lines that we have that

32
00:01:07,290 --> 00:01:09,354
are to serve our community and looking to

33
00:01:09,354 --> 00:01:12,254
grow different components of that moving forward.

34
00:01:13,114 --> 00:01:14,795
That's great to hear. And, you know,

35
00:01:15,194 --> 00:01:17,994
I am excited to kinda talk to you

36
00:01:17,994 --> 00:01:19,834
because I I think there's such a diverse

37
00:01:19,834 --> 00:01:22,620
patient population that you serve and certainly a

38
00:01:22,620 --> 00:01:24,780
lot of, key considerations in that when you

39
00:01:24,780 --> 00:01:27,260
think about cybersecurity. So, can you give us

40
00:01:27,260 --> 00:01:29,020
a little lay of the land? What's happening

41
00:01:29,020 --> 00:01:30,380
right now? What are you is top of

42
00:01:30,380 --> 00:01:33,020
mind for you, the opportunities and headwinds that

43
00:01:33,020 --> 00:01:34,079
you have your eye on?

44
00:01:34,495 --> 00:01:36,275
Well, there's a lot in cybersecurity.

45
00:01:36,655 --> 00:01:38,734
I think that just, you know, AI is

46
00:01:38,734 --> 00:01:39,954
continuing to be

47
00:01:40,255 --> 00:01:42,575
a buzzword, but a lot more of that's,

48
00:01:42,974 --> 00:01:44,834
coming to fruition that we saw

49
00:01:45,694 --> 00:01:46,995
over the weekend that

50
00:01:47,569 --> 00:01:49,810
there was news that the Chinese government did

51
00:01:49,810 --> 00:01:52,849
the first ever AI autonomous attack on some

52
00:01:52,849 --> 00:01:53,829
various interests.

53
00:01:54,129 --> 00:01:55,810
So, you know, we've been talking for it

54
00:01:55,810 --> 00:01:58,049
a long time to really say how is

55
00:01:58,049 --> 00:01:59,649
AI gonna be used for the, you know,

56
00:01:59,649 --> 00:02:01,569
good, bad, and the ugly. We finally saw

57
00:02:01,569 --> 00:02:04,355
how threat actors can leverage it

58
00:02:05,135 --> 00:02:08,014
to target various organizations. So that's something that

59
00:02:08,014 --> 00:02:09,955
is we're continuing to look at our cybersecurity

60
00:02:10,335 --> 00:02:11,474
posture, hygiene,

61
00:02:12,094 --> 00:02:14,014
and emerging threats to really keep front and

62
00:02:14,014 --> 00:02:16,094
center of mind that AI is only gonna

63
00:02:16,094 --> 00:02:17,074
get more sophisticated

64
00:02:17,969 --> 00:02:19,989
in tactics and techniques, but also

65
00:02:20,689 --> 00:02:22,289
somebody that might not have a lot of

66
00:02:22,289 --> 00:02:24,209
technical acumen is gonna be able to do

67
00:02:24,209 --> 00:02:26,129
a lot more with getting up to speed

68
00:02:26,129 --> 00:02:27,669
and becoming more sophisticated

69
00:02:27,969 --> 00:02:30,870
just on AI being able to enable their

70
00:02:31,009 --> 00:02:31,909
overall tech

71
00:02:32,594 --> 00:02:34,194
ability that they used to not be able

72
00:02:34,194 --> 00:02:36,435
to do, and really just help fast track

73
00:02:36,435 --> 00:02:37,414
a lot of the attacks

74
00:02:37,875 --> 00:02:40,435
from, you know, phishing to social engineering to,

75
00:02:40,435 --> 00:02:42,354
you know, being able to do reconnaissance. You

76
00:02:42,354 --> 00:02:44,754
know, before threat actors would look at your

77
00:02:44,754 --> 00:02:47,394
organization for weeks, months, etcetera, they can learn

78
00:02:47,394 --> 00:02:50,349
so much about the organization, you know, leadership,

79
00:02:50,490 --> 00:02:52,969
players, service lines, partners, and all of that

80
00:02:52,969 --> 00:02:54,810
in a click of a button or a

81
00:02:54,810 --> 00:02:56,349
phrase. So that's really where

82
00:02:56,889 --> 00:02:58,569
we're having to stay up to speed and,

83
00:02:58,569 --> 00:03:00,569
you know, continue to evolve and make sure

84
00:03:00,569 --> 00:03:02,729
that we're, you know, addressing these risks as

85
00:03:02,729 --> 00:03:03,629
we move forward.

86
00:03:04,585 --> 00:03:05,865
That makes a lot of sense and is,

87
00:03:05,865 --> 00:03:07,965
you know, really fascinating to hear about,

88
00:03:08,504 --> 00:03:11,385
the Chinese government that first ever autonomous attack

89
00:03:11,385 --> 00:03:12,205
using AI.

90
00:03:12,585 --> 00:03:14,585
When you look at AI, you know, within

91
00:03:14,585 --> 00:03:16,125
the health care space,

92
00:03:16,599 --> 00:03:17,180
in particular,

93
00:03:17,560 --> 00:03:20,699
thinking through, you know, on the organization side,

94
00:03:20,919 --> 00:03:22,519
what are some of the things that,

95
00:03:23,319 --> 00:03:25,719
chief information security officers and just any leaders

96
00:03:25,719 --> 00:03:27,560
within the health care space need to think

97
00:03:27,560 --> 00:03:28,215
about and

98
00:03:29,334 --> 00:03:30,734
and understand when it comes to AI, and

99
00:03:30,734 --> 00:03:32,294
they're trying to look at their strategy, trying

100
00:03:32,294 --> 00:03:32,875
to be safe, but

101
00:03:33,254 --> 00:03:34,775
at the same time, wanting to be, you

102
00:03:34,775 --> 00:03:36,794
know, on the forefront of the technology

103
00:03:37,094 --> 00:03:38,694
in leveraging it to the best of their

104
00:03:38,694 --> 00:03:39,194
capabilities.

105
00:03:39,495 --> 00:03:41,099
So what do you really have to watch

106
00:03:41,099 --> 00:03:42,939
out for if you're a leader,

107
00:03:43,260 --> 00:03:44,939
of the health care system trying to figure

108
00:03:44,939 --> 00:03:46,860
out, you know, what AI is gonna make

109
00:03:46,860 --> 00:03:47,760
sense for you?

110
00:03:48,379 --> 00:03:49,980
Well, it's really critical to,

111
00:03:50,939 --> 00:03:52,639
have strong governance because

112
00:03:53,020 --> 00:03:54,800
there's a lot of different AI

113
00:03:55,420 --> 00:03:58,185
buzzwords and what is AI and not AI.

114
00:03:58,185 --> 00:04:01,085
So it's like there's machine learning. There's,

115
00:04:01,544 --> 00:04:03,885
you know, just using it for searching. There's

116
00:04:04,585 --> 00:04:07,224
autonomous AI that use, you know, machine learning.

117
00:04:07,224 --> 00:04:10,169
Like, there's there's different components that make up

118
00:04:10,650 --> 00:04:12,569
AI. So it's like, you first need to

119
00:04:12,569 --> 00:04:13,949
be educated on

120
00:04:14,250 --> 00:04:15,789
what is and isn't AI,

121
00:04:16,089 --> 00:04:19,129
how it's used in the organization or as

122
00:04:19,129 --> 00:04:21,149
a subset of a variant of another

123
00:04:21,529 --> 00:04:24,754
application and or system. But it's also important

124
00:04:24,754 --> 00:04:27,235
to understand the build versus buy question as

125
00:04:27,235 --> 00:04:29,714
part of this governance structure that you really

126
00:04:29,714 --> 00:04:31,634
need to understand. Is this something that you

127
00:04:31,634 --> 00:04:33,235
wanna go with a tried and true partner?

128
00:04:33,235 --> 00:04:34,995
So like the Microsofts of the world, the

129
00:04:34,995 --> 00:04:37,394
epics that, you know, have embedded and road

130
00:04:37,394 --> 00:04:40,230
maps with AI versus, you know, thinking that

131
00:04:40,230 --> 00:04:42,310
we're gonna try to build it, create a

132
00:04:42,310 --> 00:04:44,230
lot of these components ourselves, that it's a

133
00:04:44,230 --> 00:04:44,970
lot more

134
00:04:45,750 --> 00:04:46,889
mean time to maturity,

135
00:04:47,350 --> 00:04:50,084
easier to implement, easier to manage, easier to

136
00:04:50,084 --> 00:04:51,944
secure if it's with one of your partners.

137
00:04:52,725 --> 00:04:55,524
So that's really very important to that, but

138
00:04:55,524 --> 00:04:58,964
also having strong data governance because, again, like

139
00:04:58,964 --> 00:05:00,964
a lot of different tools, it's dependent on

140
00:05:00,964 --> 00:05:02,185
data. If it's either,

141
00:05:02,919 --> 00:05:04,759
you know, from a machine learning, you know,

142
00:05:04,759 --> 00:05:07,560
looking at activities and components over time or

143
00:05:07,560 --> 00:05:09,959
actually leveraging the data to make decisions, because

144
00:05:09,959 --> 00:05:11,659
I know there's a lot of opportunity

145
00:05:11,959 --> 00:05:13,639
on that on both sides of the house

146
00:05:13,639 --> 00:05:15,914
on looking at, you know, those two different

147
00:05:15,914 --> 00:05:17,754
types of AI. So it's again, that's the

148
00:05:17,754 --> 00:05:20,175
importance of AI use cases, the

149
00:05:20,555 --> 00:05:23,375
crawl, run, walk, and, you know, also doing

150
00:05:23,435 --> 00:05:24,254
due diligence

151
00:05:24,634 --> 00:05:26,714
to really make sure that you you are

152
00:05:26,714 --> 00:05:29,514
protecting your organization from a data protection standpoint,

153
00:05:29,514 --> 00:05:31,110
that there's a lot of different security tools

154
00:05:31,110 --> 00:05:33,509
that we can leverage to make sure that

155
00:05:33,509 --> 00:05:35,910
we're keeping everything in house, making sure that

156
00:05:35,910 --> 00:05:38,069
data isn't being misused, and that we're really

157
00:05:38,069 --> 00:05:40,889
just supporting the clinicians in the intended use.

158
00:05:41,910 --> 00:05:44,149
Absolutely. A 100. I I think that's such

159
00:05:44,149 --> 00:05:46,955
helpful advice and and really, great bullet points

160
00:05:46,955 --> 00:05:49,274
to take back and understand and apply to,

161
00:05:49,675 --> 00:05:50,574
your own organization.

162
00:05:51,274 --> 00:05:52,955
Now I think when you look at the

163
00:05:52,955 --> 00:05:56,014
future, you're thinking about growth, from an organizational

164
00:05:56,074 --> 00:05:57,915
strategic standpoint. I know there's a lot of

165
00:05:57,915 --> 00:05:59,009
initiatives out there,

166
00:05:59,650 --> 00:06:02,370
trying to, you know, continue to expand access

167
00:06:02,370 --> 00:06:04,310
to care and apply technology.

168
00:06:05,170 --> 00:06:06,449
What does it look like for you when

169
00:06:06,449 --> 00:06:08,210
you're thinking about growth and adding value to

170
00:06:08,210 --> 00:06:10,310
the organization overall? What's important,

171
00:06:11,009 --> 00:06:12,449
for you to do in a part to

172
00:06:12,449 --> 00:06:14,150
your, executive team,

173
00:06:14,574 --> 00:06:16,574
to make sure that on the cybersecurity side,

174
00:06:16,574 --> 00:06:18,115
everything is in top shape?

175
00:06:18,574 --> 00:06:21,375
It's important for us to make sure that

176
00:06:21,375 --> 00:06:21,875
we're

177
00:06:22,414 --> 00:06:25,134
aligning to the strategy and growth of the

178
00:06:25,134 --> 00:06:25,634
organization

179
00:06:25,935 --> 00:06:28,899
just because of how technology is enabled and

180
00:06:28,899 --> 00:06:31,000
the digital front door that we're continuing

181
00:06:31,620 --> 00:06:32,279
to grow,

182
00:06:32,580 --> 00:06:35,460
optimize, and expand to really, you know, support

183
00:06:35,460 --> 00:06:38,100
our patients is that that's just expanding your

184
00:06:38,100 --> 00:06:38,600
risk

185
00:06:39,245 --> 00:06:40,305
your risk profile,

186
00:06:40,764 --> 00:06:43,805
and it's really just important that everybody understands

187
00:06:43,805 --> 00:06:46,365
that when we're looking at various technology that,

188
00:06:46,365 --> 00:06:48,845
you know, we're able to always use good

189
00:06:48,845 --> 00:06:49,345
cybersecurity

190
00:06:49,805 --> 00:06:50,305
hygiene,

191
00:06:50,605 --> 00:06:51,105
good

192
00:06:51,569 --> 00:06:53,970
good practices in place, and I think that

193
00:06:53,970 --> 00:06:56,289
that all goes into the cybersecurity culture, just

194
00:06:56,289 --> 00:06:59,669
the mindset. So it's really, again, important that

195
00:06:59,969 --> 00:07:01,509
as a CISO of the organization

196
00:07:01,810 --> 00:07:04,610
that we we have various committees. So it's

197
00:07:04,610 --> 00:07:07,245
always important that we're, I always say, being

198
00:07:07,305 --> 00:07:09,884
storytellers. So we need to understand about

199
00:07:10,345 --> 00:07:11,865
educating people. Like, we had just spoke to

200
00:07:11,865 --> 00:07:14,105
the first autonomous AI attack. You know, that's

201
00:07:14,105 --> 00:07:16,185
gonna go out on being a blitz in,

202
00:07:16,185 --> 00:07:18,345
you know, my governance risk and compliance, our

203
00:07:18,345 --> 00:07:21,500
audit and compliance steering committee, our operational compliance

204
00:07:21,500 --> 00:07:23,660
meetings, like, really helping say, guys, this is

205
00:07:23,660 --> 00:07:25,580
a lot of what we've been focusing on,

206
00:07:25,580 --> 00:07:26,639
building the foundation,

207
00:07:27,259 --> 00:07:29,900
putting our investments and controls to help protect

208
00:07:29,900 --> 00:07:30,639
about this.

209
00:07:31,020 --> 00:07:33,520
So it's, again, building in that layered

210
00:07:33,824 --> 00:07:35,745
approach to really just make sure that,

211
00:07:36,144 --> 00:07:36,884
we're protecting

212
00:07:37,185 --> 00:07:40,084
against today's threats and the threats of tomorrow

213
00:07:40,144 --> 00:07:43,764
with how technology is just continuing to evolve.

214
00:07:44,224 --> 00:07:46,564
So, again, being a good partner,

215
00:07:47,610 --> 00:07:49,449
educating staff on what's going on in the

216
00:07:49,449 --> 00:07:51,709
world because, again, they're looking at, you know,

217
00:07:51,769 --> 00:07:54,490
headwinds and other strategic components on their side

218
00:07:54,490 --> 00:07:56,169
of the house. So it's really just important

219
00:07:56,169 --> 00:07:58,910
that if it's ingrained into people's DNA,

220
00:07:59,685 --> 00:08:02,165
they know cybersecurity is an important pillar to

221
00:08:02,165 --> 00:08:03,865
what we need to do as an organization,

222
00:08:03,925 --> 00:08:06,645
that it just helps become naturally. So that's

223
00:08:06,645 --> 00:08:09,125
just where, again, my role to help really

224
00:08:09,125 --> 00:08:11,939
just spread the gospel, I like to say,

225
00:08:12,180 --> 00:08:14,500
internally to really make sure that we're we're

226
00:08:14,500 --> 00:08:16,740
partnering with our business, that they understand what

227
00:08:16,740 --> 00:08:18,339
we're here to do, how we're here to

228
00:08:18,339 --> 00:08:21,139
help, and then abound around the frameworks and

229
00:08:21,139 --> 00:08:22,980
foundations that we're doing to make sure we're

230
00:08:22,980 --> 00:08:24,120
securing the organization.

231
00:08:25,294 --> 00:08:26,735
That makes a lot of sense, and it's

232
00:08:26,735 --> 00:08:29,454
just really helpful to understand. I'm thinking from

233
00:08:29,454 --> 00:08:30,514
that lens of,

234
00:08:31,055 --> 00:08:33,534
being you know, setting up the governance, the

235
00:08:33,534 --> 00:08:34,195
right committees,

236
00:08:34,735 --> 00:08:36,735
compliance, and more. And, you know, from your

237
00:08:36,735 --> 00:08:39,054
perspective, as you see the landscape changing with

238
00:08:39,054 --> 00:08:41,169
AI and and just becoming more sophisticated

239
00:08:41,549 --> 00:08:42,049
technologically,

240
00:08:42,590 --> 00:08:44,029
is there anything that you have to do

241
00:08:44,029 --> 00:08:44,529
differently,

242
00:08:45,070 --> 00:08:48,049
with your teams or the the cybersecurity

243
00:08:48,509 --> 00:08:50,750
and and IT folks working with you? You

244
00:08:50,750 --> 00:08:52,690
know, are you looking for any skills, expertise,

245
00:08:52,750 --> 00:08:54,590
or or something that, you know, you're more

246
00:08:54,590 --> 00:08:57,904
often partnering with other organizations again to, you

247
00:08:57,904 --> 00:08:59,745
know, make sure that you're in a great

248
00:08:59,745 --> 00:09:00,245
place?

249
00:09:01,024 --> 00:09:03,184
No. I think that's a great question that

250
00:09:03,184 --> 00:09:03,845
I think

251
00:09:04,465 --> 00:09:05,684
the hype of AI

252
00:09:06,865 --> 00:09:08,945
really makes people think that we have to

253
00:09:08,945 --> 00:09:10,410
change our approach.

254
00:09:11,429 --> 00:09:12,490
But from cybersecurity

255
00:09:12,790 --> 00:09:15,290
practice that if we focus on the fundamentals,

256
00:09:15,590 --> 00:09:18,230
I've always said that, that it'll set us

257
00:09:18,230 --> 00:09:19,129
up to

258
00:09:19,509 --> 00:09:22,649
be successful in any net new technology, emerging

259
00:09:22,710 --> 00:09:25,884
risk, etcetera. Because if you really think about

260
00:09:26,024 --> 00:09:29,304
looking at phishing, social engineering, that's gonna, you

261
00:09:29,304 --> 00:09:31,384
know, be some something that threat actors are

262
00:09:31,384 --> 00:09:31,884
using,

263
00:09:32,184 --> 00:09:33,164
you know, to try

264
00:09:33,704 --> 00:09:36,024
to target our organizations. If you're thinking about

265
00:09:36,024 --> 00:09:37,884
vulnerability management and patching,

266
00:09:38,240 --> 00:09:41,039
that's gonna, you know, apply to AI and

267
00:09:41,039 --> 00:09:42,419
technologies as well.

268
00:09:42,959 --> 00:09:44,959
If you're talking about data governance and data

269
00:09:44,959 --> 00:09:47,360
management, that applies to that as well. Data

270
00:09:47,360 --> 00:09:49,279
loss prevention, that just becomes a little bit

271
00:09:49,279 --> 00:09:51,679
more paramount on, you know, the fast pace

272
00:09:51,679 --> 00:09:53,620
of data, it needing more data,

273
00:09:54,054 --> 00:09:57,175
looking at monitoring and alerting. So if you

274
00:09:57,175 --> 00:09:58,695
know, I can go on and on a

275
00:09:58,695 --> 00:10:01,495
lot of about this access controls. But, again,

276
00:10:01,495 --> 00:10:03,175
if we're doing a lot of that very

277
00:10:03,175 --> 00:10:03,675
well,

278
00:10:04,295 --> 00:10:06,295
can really mature in some of these key

279
00:10:06,295 --> 00:10:08,394
areas, that it'll set us up for success

280
00:10:08,455 --> 00:10:11,199
for, you know, how we wanna use AI,

281
00:10:11,199 --> 00:10:12,500
how we can protect about

282
00:10:13,039 --> 00:10:15,519
protect our organization from threat actors, but also

283
00:10:15,519 --> 00:10:17,620
mishandling internally. So, again,

284
00:10:18,240 --> 00:10:20,959
it's really sticking to those fundamentals will help

285
00:10:20,959 --> 00:10:21,620
us grow,

286
00:10:22,465 --> 00:10:25,664
holistically regardless of what technology is out there.

287
00:10:25,664 --> 00:10:28,225
So it's it's really important to, you know,

288
00:10:28,225 --> 00:10:30,884
just articulate that, make sure that your cybersecurity

289
00:10:31,264 --> 00:10:31,764
strategy

290
00:10:32,144 --> 00:10:34,325
is sound and more focused on

291
00:10:34,950 --> 00:10:37,670
practices and principles than trying to nip off

292
00:10:37,670 --> 00:10:40,309
every net new tech and or risk that

293
00:10:40,309 --> 00:10:41,450
rolls around the corner.

294
00:10:42,230 --> 00:10:44,070
Kind of like emergency management, I like to

295
00:10:44,070 --> 00:10:46,149
have an all hazard approach that, you know,

296
00:10:46,149 --> 00:10:48,490
we can't spend all day just thinking about,

297
00:10:48,654 --> 00:10:50,254
you know, what if this, what if that.

298
00:10:50,254 --> 00:10:52,095
It needs to just be like, we're gonna

299
00:10:52,095 --> 00:10:54,975
focus on identity. Regardless of a type of

300
00:10:54,975 --> 00:10:57,394
attack, we're gonna have, you know, alerting,

301
00:10:57,934 --> 00:10:58,434
isolation,

302
00:10:59,534 --> 00:11:00,034
etcetera,

303
00:11:00,414 --> 00:11:02,914
associated with that. So, again, really, any cybersecurity

304
00:11:03,214 --> 00:11:04,274
hygiene practice

305
00:11:04,949 --> 00:11:07,829
approach can apply to technologies like AI and

306
00:11:07,829 --> 00:11:10,009
and enable us to protect the organization

307
00:11:10,870 --> 00:11:11,769
just organically,

308
00:11:12,470 --> 00:11:14,169
if we're doing our jobs well.

309
00:11:14,949 --> 00:11:17,669
That's a great philosophy and just fascinating to

310
00:11:17,669 --> 00:11:20,044
think about having that true north and, you

311
00:11:20,044 --> 00:11:21,964
know, finding a way that you can really,

312
00:11:22,204 --> 00:11:24,384
stay grounded no matter what happens.

313
00:11:25,164 --> 00:11:26,924
I'm curious too, you know, in looking at

314
00:11:26,924 --> 00:11:28,764
the next year or so, I know a

315
00:11:28,764 --> 00:11:32,144
lot of organizations are seeing some financial challenges,

316
00:11:32,204 --> 00:11:32,704
potentially,

317
00:11:33,529 --> 00:11:35,370
funding cuts and those kinds of things. And

318
00:11:35,370 --> 00:11:37,210
so, you know, for those who may be

319
00:11:37,210 --> 00:11:38,970
tightening the belt straps a little bit, what

320
00:11:38,970 --> 00:11:41,529
is one risk or investment that's really still

321
00:11:41,529 --> 00:11:43,950
worth making this year, especially given,

322
00:11:44,570 --> 00:11:46,570
you know, how quickly things are changing the

323
00:11:46,570 --> 00:11:49,070
technology as well as the cybersecurity space?

324
00:11:49,825 --> 00:11:52,144
Well, governance is free. So I think that

325
00:11:52,144 --> 00:11:54,465
it's always important. Strong governance goes a long

326
00:11:54,465 --> 00:11:56,085
way within the organization,

327
00:11:56,784 --> 00:11:57,605
being creative

328
00:11:58,304 --> 00:12:00,784
in how you can attack different components. Like,

329
00:12:00,784 --> 00:12:03,424
for example, we see, you know, a rise

330
00:12:03,424 --> 00:12:04,460
in phishing,

331
00:12:05,160 --> 00:12:08,120
you know, targeting various players. We've been invested

332
00:12:08,120 --> 00:12:11,160
a lot in, you know, technologies, awareness, training,

333
00:12:11,160 --> 00:12:13,559
etcetera, but have also just looked at blocking

334
00:12:13,559 --> 00:12:14,059
certain

335
00:12:14,519 --> 00:12:17,080
roles from having external email. So it's like,

336
00:12:17,080 --> 00:12:19,179
that's a no low cost

337
00:12:19,934 --> 00:12:22,274
concept. So I think that as we continue

338
00:12:23,455 --> 00:12:25,855
to look at the headwinds and potentially needing

339
00:12:25,855 --> 00:12:27,615
to, as you said, you know, look at

340
00:12:27,615 --> 00:12:30,174
cost reductions, you know, staying flat from our

341
00:12:30,174 --> 00:12:33,134
overall budgets, it's really important to think outside

342
00:12:33,134 --> 00:12:34,970
of the box, do a lot of the

343
00:12:34,970 --> 00:12:38,350
foundational elements, do those very well versus chasing

344
00:12:38,409 --> 00:12:40,350
all the shiny bright objects within

345
00:12:40,889 --> 00:12:43,950
IT. I think focusing on identity access managements

346
00:12:44,490 --> 00:12:47,370
are the most critical component. I consider myself

347
00:12:47,370 --> 00:12:50,615
an identity junkie that 80% of all cybersecurity

348
00:12:50,754 --> 00:12:52,615
events and attacks stem from

349
00:12:53,315 --> 00:12:56,115
an identity based attack. So if you think

350
00:12:56,115 --> 00:12:59,254
about multifactor authentication, privileged access management,

351
00:13:00,355 --> 00:13:03,700
identity governance, looking at, you know, into service

352
00:13:03,700 --> 00:13:06,820
accounts, looking into more than just those components,

353
00:13:06,820 --> 00:13:08,839
building a defense in-depth strategically

354
00:13:09,220 --> 00:13:09,720
on

355
00:13:10,500 --> 00:13:11,000
identity

356
00:13:11,379 --> 00:13:13,460
will go a long way for organizations. So

357
00:13:13,460 --> 00:13:15,879
I think any way that you can better

358
00:13:16,325 --> 00:13:19,205
focus on identity access management versus people coming

359
00:13:19,205 --> 00:13:20,664
and going from the organization,

360
00:13:21,205 --> 00:13:23,764
that that's of the utmost importance. And then

361
00:13:23,764 --> 00:13:25,625
having data in analytics

362
00:13:26,085 --> 00:13:29,365
help drive decisions moving forward that I like

363
00:13:29,365 --> 00:13:31,870
to use. The example of the movie Moneyball,

364
00:13:31,929 --> 00:13:33,610
you know, that they had the strategic and

365
00:13:33,610 --> 00:13:35,209
analytics guy that was going in to make,

366
00:13:35,209 --> 00:13:37,370
you know, different decisions on that. That that

367
00:13:37,370 --> 00:13:39,769
really having analytics, we've talked about it for

368
00:13:39,769 --> 00:13:42,295
a long time. I think AI is where

369
00:13:42,295 --> 00:13:44,054
that can help us look at things on

370
00:13:44,054 --> 00:13:46,134
what's working well, you know, other areas that

371
00:13:46,134 --> 00:13:47,274
we can focus on,

372
00:13:47,975 --> 00:13:50,134
and really just help us drive and be

373
00:13:50,134 --> 00:13:51,115
more tactical,

374
00:13:51,654 --> 00:13:53,915
in this. And I think that, again,

375
00:13:54,695 --> 00:13:55,434
yeah, just

376
00:13:55,850 --> 00:13:57,529
will go a long way in a good

377
00:13:57,529 --> 00:13:59,550
organizational culture as well because,

378
00:13:59,929 --> 00:14:02,090
it takes everybody in the organization to be

379
00:14:02,090 --> 00:14:02,590
successful.

380
00:14:03,290 --> 00:14:04,509
And by having

381
00:14:04,889 --> 00:14:05,950
your end users

382
00:14:06,410 --> 00:14:08,590
fully trained, aware, and, you know,

383
00:14:09,215 --> 00:14:10,774
drinking the Kool Aid on what we need

384
00:14:10,774 --> 00:14:12,335
to do. I like to say that it's

385
00:14:12,335 --> 00:14:14,335
really really goes a long way because there

386
00:14:14,335 --> 00:14:17,134
are are some of our bigger risk items

387
00:14:17,134 --> 00:14:18,575
we need to look at, but also our

388
00:14:18,575 --> 00:14:21,375
first line of defense. So always leveraging them

389
00:14:21,375 --> 00:14:23,549
to really help us fight our good fight,

390
00:14:23,870 --> 00:14:25,329
for what we're doing at Renault.

391
00:14:26,269 --> 00:14:28,509
Absolutely. I love that. And, you know, when

392
00:14:28,509 --> 00:14:30,829
you speak about governance being so important and

393
00:14:30,829 --> 00:14:31,709
actually, you know,

394
00:14:32,350 --> 00:14:32,850
being

395
00:14:33,230 --> 00:14:35,985
a no cost, way you can be preventative,

396
00:14:36,524 --> 00:14:38,945
on some of the cybersecurity and attack fronts.

397
00:14:39,565 --> 00:14:41,245
Is there anything unique that you do at

398
00:14:41,245 --> 00:14:43,644
Renown that's worked particularly well and or, you

399
00:14:43,644 --> 00:14:45,804
know, looking into next year, anything you're trying

400
00:14:45,804 --> 00:14:47,245
to do a little bit differently to meet

401
00:14:47,245 --> 00:14:48,299
the needs of the day?

402
00:14:48,700 --> 00:14:50,059
Well, we're always trying to

403
00:14:50,700 --> 00:14:52,779
we wanna not be Swiss cheese on our

404
00:14:52,779 --> 00:14:55,580
intake process, so I think that building layers

405
00:14:55,580 --> 00:14:58,240
to that's super important. So our

406
00:14:58,700 --> 00:15:00,000
our president's council

407
00:15:00,379 --> 00:15:02,539
team has final approval of a lot a

408
00:15:02,539 --> 00:15:04,705
lot of the various projects that are coming

409
00:15:04,705 --> 00:15:06,625
in. We have a phase gate process as

410
00:15:06,625 --> 00:15:09,585
well. So that's a multifaceted group that has

411
00:15:09,585 --> 00:15:10,085
finance,

412
00:15:10,945 --> 00:15:11,445
IT,

413
00:15:12,225 --> 00:15:14,725
legal, you know, various stakeholders throughout the organization

414
00:15:14,785 --> 00:15:16,720
to look at different pieces. So that's, you

415
00:15:16,720 --> 00:15:19,299
know, a good governance structure. We also have

416
00:15:19,519 --> 00:15:21,779
an intake of doing cybersecurity

417
00:15:22,080 --> 00:15:22,580
assessments,

418
00:15:23,440 --> 00:15:25,600
AI assessments that we've rolled that out,

419
00:15:26,399 --> 00:15:28,480
and looking at various subsets of that as

420
00:15:28,480 --> 00:15:30,695
well. So I think that that's very important

421
00:15:30,695 --> 00:15:32,534
to, you know, make sure a technology that's

422
00:15:32,534 --> 00:15:35,575
coming in does or doesn't have AI capabilities

423
00:15:35,575 --> 00:15:37,034
so that once you have it,

424
00:15:37,495 --> 00:15:39,334
you're not dealing with the problem after the

425
00:15:39,334 --> 00:15:42,054
fact. So getting that much information upfront and

426
00:15:42,054 --> 00:15:44,129
then understanding how that tech's gonna work in

427
00:15:44,129 --> 00:15:45,750
your ecosystem is part

428
00:15:46,209 --> 00:15:48,289
of a onboarding and review session. So, again,

429
00:15:48,289 --> 00:15:50,129
as you're saying, we have various layers, and

430
00:15:50,129 --> 00:15:50,949
then, ultimately,

431
00:15:51,730 --> 00:15:54,929
I sign off on our DocuSign process before

432
00:15:54,929 --> 00:15:56,230
anything's purchased,

433
00:15:56,754 --> 00:15:58,514
because then that's ensuring that we did do

434
00:15:58,514 --> 00:15:59,654
a security review.

435
00:16:00,115 --> 00:16:02,115
Again, that's a lot more work, but puts

436
00:16:02,115 --> 00:16:04,115
the accountability on us to make sure that

437
00:16:04,115 --> 00:16:05,894
we're actually reviewing,

438
00:16:07,154 --> 00:16:08,294
looking at the cybersecurity

439
00:16:08,674 --> 00:16:09,174
posture,

440
00:16:09,620 --> 00:16:11,779
looking at any risk that some technologies might

441
00:16:11,779 --> 00:16:13,240
be bringing into the organization.

442
00:16:13,860 --> 00:16:14,759
But just again,

443
00:16:15,299 --> 00:16:17,779
multiple committees seems like it can be tiresome,

444
00:16:17,779 --> 00:16:20,259
but, you know, having different targeted components like

445
00:16:20,259 --> 00:16:22,500
us having a governance risk and compliance that

446
00:16:22,500 --> 00:16:24,705
we can speak more to compliance, privacy, and

447
00:16:24,785 --> 00:16:27,045
security aspects, as well as data governance,

448
00:16:27,424 --> 00:16:29,345
which is a key component to that. And

449
00:16:29,345 --> 00:16:32,465
then having our, you know, committees on onboarding

450
00:16:32,465 --> 00:16:34,884
and looking at new technology from a strategic

451
00:16:34,945 --> 00:16:36,945
perspective, and then thinking about our audit and

452
00:16:36,945 --> 00:16:39,059
compliance committee, and then thinking about our business

453
00:16:39,059 --> 00:16:41,160
continuity and disaster recovery committee,

454
00:16:41,539 --> 00:16:43,620
and then our emergency management committee. So it's

455
00:16:43,620 --> 00:16:45,460
like we have so many various committees that

456
00:16:45,460 --> 00:16:48,519
are centralized on, you know, driving their strategic

457
00:16:48,580 --> 00:16:51,000
work streams, but there's always such a big

458
00:16:51,324 --> 00:16:53,584
subset on data protection, cybersecurity,

459
00:16:53,964 --> 00:16:56,204
and that that that enables us to make

460
00:16:56,204 --> 00:16:57,644
sure that we have that seat at the

461
00:16:57,644 --> 00:17:00,044
table and we're partnering with the organization to

462
00:17:00,044 --> 00:17:01,964
really make sure that, you know, we have

463
00:17:01,964 --> 00:17:04,799
an understanding of, you know, where we're going,

464
00:17:04,799 --> 00:17:06,720
what we're currently doing, and being able to

465
00:17:06,720 --> 00:17:08,820
have those discussions as needed.

466
00:17:09,599 --> 00:17:11,359
That's so helpful to understand. Thank you for

467
00:17:11,359 --> 00:17:13,279
digging a little bit deeper there. Now before

468
00:17:13,279 --> 00:17:15,119
we wrap up, I'm curious, what do you

469
00:17:15,119 --> 00:17:16,720
see as some of the best opportunities for

470
00:17:16,720 --> 00:17:17,779
growth in the future?

471
00:17:19,205 --> 00:17:21,285
Well, I think to what you said before,

472
00:17:21,285 --> 00:17:22,725
I think that we're getting to a point

473
00:17:22,725 --> 00:17:25,045
that technology and AI will be able to

474
00:17:25,045 --> 00:17:25,545
help

475
00:17:26,565 --> 00:17:28,105
push the envelope on

476
00:17:28,725 --> 00:17:30,884
doing some, you know, maybe level one, level

477
00:17:30,884 --> 00:17:32,220
two stuff. I think voice

478
00:17:33,019 --> 00:17:34,159
calling and AI

479
00:17:34,539 --> 00:17:36,940
is gonna be a huge opportunity for driving

480
00:17:36,940 --> 00:17:39,179
costs down from a service desk perspective. Because

481
00:17:39,179 --> 00:17:40,700
if you think about it, you know, we've

482
00:17:40,700 --> 00:17:42,539
come a long way in just that evolution

483
00:17:42,539 --> 00:17:43,039
of

484
00:17:43,500 --> 00:17:44,000
calling

485
00:17:44,345 --> 00:17:45,945
a service desk. You talk to the live

486
00:17:45,945 --> 00:17:47,884
agent, then we've gone to, like, the IVR

487
00:17:48,025 --> 00:17:49,945
perspective where you can press 1 for this

488
00:17:49,945 --> 00:17:52,265
issue, press 2 for this, to now to

489
00:17:52,265 --> 00:17:54,744
the point that we have autonomous AI that

490
00:17:54,744 --> 00:17:57,384
you're seeing, like, with Alexa and Siri's, who's

491
00:17:57,384 --> 00:17:58,984
probably gonna turn on as I say your

492
00:17:58,984 --> 00:18:01,130
name. But really that conversational

493
00:18:01,590 --> 00:18:03,269
component. That if you think about being able

494
00:18:03,269 --> 00:18:05,690
to build knowledge base

495
00:18:05,990 --> 00:18:07,509
for some of the key areas that we're

496
00:18:07,509 --> 00:18:09,509
seeing in IT from, you know, reporting an

497
00:18:09,509 --> 00:18:12,170
incident to I need my password reset to

498
00:18:12,630 --> 00:18:13,775
how how do I do this, how do

499
00:18:13,775 --> 00:18:15,694
I do that. There's some very high level

500
00:18:15,694 --> 00:18:17,694
pieces that we could start to look at

501
00:18:17,694 --> 00:18:19,775
building into that that can help drive down

502
00:18:19,775 --> 00:18:21,315
the necessity of

503
00:18:21,934 --> 00:18:22,434
having

504
00:18:22,734 --> 00:18:24,734
a service desk fully staffed to that and

505
00:18:24,734 --> 00:18:26,494
be able to scale up and down to,

506
00:18:26,494 --> 00:18:28,929
you know, some more basic elements to that.

507
00:18:28,929 --> 00:18:30,769
So I think that's where AI can do

508
00:18:30,769 --> 00:18:31,589
that as well

509
00:18:32,049 --> 00:18:34,230
as meeting and note taking and, you know,

510
00:18:34,769 --> 00:18:35,269
research

511
00:18:35,649 --> 00:18:38,130
and, you know, decision analytics, you know, once

512
00:18:38,130 --> 00:18:39,409
we get to that point. So I think

513
00:18:39,409 --> 00:18:40,869
that there's a lot of opportunity

514
00:18:41,455 --> 00:18:43,715
just in the progression that we're seeing AI

515
00:18:44,095 --> 00:18:45,075
and being able

516
00:18:45,455 --> 00:18:47,295
to actually start to deliver in some of

517
00:18:47,295 --> 00:18:49,455
these key areas, as well as I've seen,

518
00:18:49,455 --> 00:18:50,755
you know, night and day

519
00:18:51,695 --> 00:18:54,654
expansions and actual usability with on the clinical

520
00:18:54,654 --> 00:18:56,494
side for how they're gonna be able to

521
00:18:56,494 --> 00:18:57,839
use it to, you know,

522
00:18:58,220 --> 00:19:00,700
help curb physician burnout that we've been talking

523
00:19:00,700 --> 00:19:02,799
about forever more process optimization,

524
00:19:03,099 --> 00:19:04,319
you know, real time

525
00:19:04,700 --> 00:19:06,079
data analytic and,

526
00:19:06,539 --> 00:19:08,460
you know, a lot of different opportunities to

527
00:19:08,460 --> 00:19:10,299
that. So it's really exciting to be in

528
00:19:10,299 --> 00:19:13,024
technology right now. Also, it's kind of scary,

529
00:19:13,505 --> 00:19:16,224
on the cybersecurity side. But, again, that I

530
00:19:16,224 --> 00:19:17,744
think this is a great time for us

531
00:19:17,744 --> 00:19:19,904
to be able to leverage that, and that'll

532
00:19:19,904 --> 00:19:21,525
challenge a lot of health systems

533
00:19:22,224 --> 00:19:24,065
moving forward with us seeing some of these

534
00:19:24,065 --> 00:19:26,484
headwinds on how we can better leverage that,

535
00:19:27,799 --> 00:19:30,519
that technology to help us out, kind of

536
00:19:30,519 --> 00:19:32,859
on curbing expenses of staffing.

537
00:19:33,799 --> 00:19:34,299
Fantastic.

538
00:19:34,839 --> 00:19:36,519
That you know, it seems like a really

539
00:19:36,519 --> 00:19:38,440
great opportunity and something that I know a

540
00:19:38,440 --> 00:19:40,619
lot of organizations would welcome the technology,

541
00:19:41,394 --> 00:19:42,835
to do more of that on on the

542
00:19:42,835 --> 00:19:44,835
call desk, especially, and then how else they

543
00:19:44,835 --> 00:19:46,835
can leverage AI out in a smart and

544
00:19:46,835 --> 00:19:48,994
meaningful way. Steven, thank you so much for

545
00:19:48,994 --> 00:19:50,674
joining us on the podcast today. This has

546
00:19:50,674 --> 00:19:53,154
been such a fascinating and informative conversation, and

547
00:19:53,154 --> 00:19:54,755
I look forward to connecting with you again

548
00:19:54,755 --> 00:19:55,255
soon.

549
00:19:55,796 --> 00:19:57,496
Look forward to it. Thank you so much.