Q&A with Centura Health VP/CISO Sanjeev Sah: “We have to be balanced in our approach.”

With security threats always evolving, governance issues and resource challenges, being a CISO requires focus and courage, according to Sanjeev Sah, CISO for Centura Health, a prominent healthcare provider in Colorado. In this interview, Anthony Guerra, editor-in-chief and founder of healthsystemCIO Media Inc., talks with Sah about the ways CISOs can advance their organization’s core cybersecurity objectives; how to garner treasured buy-in and support from the c-suite; how to partner with stakeholders; and how a CISO can move forward both strategically and tactically to bring success to a career and an organization. Sah shares insights from a broad spectrum of experiences as a CISO and relays how a very personal experience in an ER with his young daughter helped heighten his appreciation for, and devotion to, healthcare cybersecurity.

LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE. 



Bold Statements

We have to be balanced in our approach. Sometimes the work we want to do, which might be the number one priority for cyber, may not be feasible from an implementation perspective.

I think the best way to approach this skills gap is to find partnerships that work well that can bring the types of skill sets and resources quickly to assist.

Guerra: Sanjeev, thanks for joining me.

Sah: Anthony, thank you so much for having me. I’m thrilled to be in a conversation with you today.

Guerra: Very good. Looking forward to it. You want to tell me a little bit about your organization and your role?

Sah: Yes. I serve as vice president and chief information security officer for Centura. Centura Health is a prominent healthcare provider in Colorado, with 17 hospitals and 14 affiliated hospital locations, health neighborhoods, health at home, urgent care centers, emergency rooms, and 100-plus physician practices. Our 21,000 care providers care for the communities we serve in.

Guerra: Seventeen hospitals is definitely a sizeable organization. I see you’ve been there about eight months. I’m interested in learning more about your career journey. I like to see how people wind up where they do. Sometimes CISOs have different types of backgrounds. How did you end up getting into security and then into healthcare security? Also, talk a little bit about selecting this role.

Sah: Let me walk you quickly through a bit of my background. I started in the automotive field when I first started my professional career. I worked as a junior IT professional for a global supplier that was located in 65 countries. Over a 10-year period, I worked in corporate offices; worked and contributed at a plant location; then came back to the corporate office location as the head of security for that organization. As I played that role, I learned a lot. Many people contributed to the career and success that I’ve had in that journey. It really helped shape my path into the future. With advice from my former CIO, I went on a journey to learn a bit more about different sectors. It took me to a healthcare organization—Home, Health and Hospice—in Baton Rouge, Louisiana. That was my first time as a first-time CISO for that organization. I will tell you, I learned so much working with people, to make a difference for the organization from a compliance and security perspective. Then, an opportunity presented itself at the University of North Carolina at Charlotte, to serve again as a first-time CISO. That became a trend. I served as first-time CISO for the next couple of organizations in healthcare,