Q&A with CISO Ron Mehring, Part 1: “You Have to Start Thinking Differently.”

“Everything I needed to know about information security, I learned in aviation.”

Not exactly what one might expect to hear from the CISO of a large organization, but for Ron Mehring, the time he spent in the Marines has played a huge role in shaping him as a leader. And although he learned from all of the different roles he held, it was his time in aviation that truly laid the foundation for IT security. “You had to do it right all the time; there are no shortcuts, otherwise someone could get hurt or killed,” he said during a recent interview.

And although the healthcare landscape is extremely different from serving in the military, he has been able to apply many of the lessons learned, particularly as his team at Texas Health Resources has strategized to safeguard data – and patients – during the Covid-19 pandemic. Mehring also talks about how they’re leveraging analytics to improve decision-making, the challenges leaders face in transitioning to an adaptive risk program, and the evolution cybersecurity has experienced in recent years.

LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE. 



Key Takeaways



* When transitioning teams to remote work, training and communication are vital, because when people don’t know what to do, “that’s what creates security problems.”

* Anytime there’s a change in how people access data, security teams must make it a priority to answer queries and provide support, which in turn can “reduce friction.”

* Standards need to be put into place so that when alternate care sites are set up, the medical device staff can execute without “coming back to the mothership to ask for approval for every little thing.”

* The consumer-focused strategies that are becoming increasingly common often have a digital underpinning, which creates “new stakeholders in the realm of IT.”

* As both internal and external threats surpass the current model of protection, organizations have two options: become a more proactive and consumer-focused security program or “stay where you are.”





Q&A with Ron Mehring, Part 1

Gamble:  I want to start by talking about the elephant in the room, Covid, and some of the added challenges it has presented from a security standpoint. What have been some of the key challenges for your team as far as keeping data safe?

Mehring:  The first thing that comes to mind is that we moved a lot of our workforce who had traditionally been in the office to remote work; some of these employees hadn’t worked from home. We’ve always had technology for people to work remotely, but all of sudden we had to get people out of the offices and have them work from home within a short period of time.

So the question was, how do we do that fast? How do we do train people really fast? How do we get people to write tips and techniques to work from home? Even outside of technology, there are issues like, ‘I used to print in the office, now I can’t print anymore.’ We need to teach you a new way to handle documents now. Let’s show you how to do that electronically instead of printing it.

Those little things became bigger things. IT people can work anywhere, and so we’re very accustomed to being able to move around and just do our work. Not everyone is able to do that.

And so immediately you have to start thinking a little bit differently and become a lot more empathetic to people who don’t know how to work from home. Because when they don’t know, that’s what creates security problems. They don’t know how to solve something without people who are around to help them with everything.