Q&A with Denver Health Enterprise CISO Randall “Fritz” Frietzsche: “Building Relationships & Mastering Communication are Keys to CISO Effectiveness”

Randall “Fritz” Frietzsche has been on a mission to protect and serve for a long time. Way back when, it was in traditional law enforcement as a deputy sheriff. Later, as he embraced his technical acumen, it was in cybersecurity. But Frietzsche, Enterprise CISO for Denver Health, attests that all the technical chops in the world won’t make you a good cyber executive without learning how to communicate and build relationships, no matter how far that might force introverts out of their comfort zones. Once built, those relationships will serve the cyber leader well, as business heads seek them out for security’s stamp of approval, rather than doing everything possible to keep them out of the mix. In this interview with healthsystemCIO Founder and Editor-in-Chief Anthony Guerra, Frietzsche covers these issues and many others.



LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE. 



Bold Statements

 … we’re great operators, we have tools, we block and tackle very well, but when 9/11 happened, that was an intelligence failure. We should have known about it. We should have had the ability to do something about it and to prevent it. I think we need to make sure that we are not only great operators but we are great intelligence analysts. 

… for me, the number one biggest challenge in cybersecurity risk management is a cultural one. And that is: how do I inject myself into the purchasing process so that I know about these things, and we have the ability to look at them, risk assess them, identify anything that needs to be mitigated before we actually sign on the dotted line. Because once we sign on the dotted line, we lose all of our leverage.

In the beginning, they didn’t know who Fritz was, right? Now everybody is like, ‘Oops, did you ask Fritz if we could buy this, well you better ask Fritz now.’ Everybody knows we now have that process in place, a very clear process that’s been communicated and they’ve been educated on, and so they go through that process.

Anthony: Welcome to healthsystemCIO’s interview with Fritz Frietzsche, Enterprise CISO at Denver Health. I’m Anthony Guerra, founder, and editor-in-chief. Fritz, thanks for joining me.

Fritz: Anthony, thank you for having me.

Anthony: Very good, looking forward to a fun discussion. Fritz, let’s start out. You want to tell me a little bit about your organization and your role?

Fritz: I’m the CISO over Denver Health. Denver Health is a hospital system in Denver, Colorado. We also have a lot of other healthcare-related functions. We have a health plan. We have the health clinics inside of the Denver City County jails. We have health clinics inside the Denver public schools, all the ambulances in Denver including the airport, our Denver health ambulances and paramedics. We have our own public health department so lots of complexities, lots of really cool things we do for the community, and so I make sure we run our business securely from a technology standpoint.

Anthony: Perfect. I’d like to start this open ended and find out just what’s on your mind, what are you thinking about these days, what are the trends you’re looking at, anything like that.

Fritz: In my sector in healthcare, ransomware has been and will continue to be the biggest threat that we see out there. I always talk about the CIA triad – confidentiality, integrity and availability. Availability is the bottom of the triangle because it is the foundation. If it’s not available, that will cost your organization a lot of money...