Q&A with Loma Linda University Health CISO Pat Voon: “Right Sizing the Right Framework Can Go a Long Way”

Health systems are being asked to do more with less, and the CISO has not been immune from such belt tightening, according to Pat Voon, CISO at Loma Linda University Health. But while the process may be less than pleasant, there is a sensible way to move forward. Voon, who’s been plying his trade for 30 years, says start with picking a framework and then “right-sizing” it so things don’t seem out of reach. In this wide-ranging interview with healthsystemCIO Founder & Editor-in-Chief Anthony Guerra, Voon also covers how he vets research partners, the organization’s approach to application rationalization, and why having clinicians on the IT team is now stakes-to-play.

All opinions and views expressed by Patrick Voon are his own and do not represent that of Loma Linda University Health



LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE. 



TOC



Research in Focus

Baking in Application Rationalization

The Doctor is In (IT, that Is)

Appreciating the Needs of the Enterprise

Pick a Framework & Right-Size It



Anthony: Welcome to healthsystemCIO’s interview with Pat Voon, chief information security officer with Loma Linda University Health. I’m Anthony Guerra, founder and editor-in-chief. Pat, thanks for joining me.

Pat: Happy to be here.

Anthony: Very good. Alright, Pat, you want to start out by telling me a little bit about your organization and your role?

Pat: Sure. So I’m with Loma Linda University Health. We are an academic healthcare center in Southern California in the Inland Empire, so basically that’s just east of LA. We have two main business lines, one being the academic side of the house. We have a teaching university that teaches medicine. And in practice, we have a number of hospitals as well as clinics across the Inland Empire. And so not only do we provide healthcare to the population in the Inland Empire, but we also teach our students in practice.

And we are a faith-based organization. We also include a spiritual aspect to what we practice. And I’ve been with Loma Linda coming up on seven years now as actually their first CISO since I started about seven years ago. So there’s been a lot going on, obviously, with the pandemic and at the same time trying to help them build a formal office of information security. But, yes, there’s never a boring day, how about that? I’ll put it that way.

Anthony: That sounds about right from what I hear. Yes, that sounds about right. Do you have a research arm? Do you guys do research?

Pat: Yes, we do a significant amount of research; we get a number of grants. So, yes, we are very active in the research field.

Anthony: Now, we’re not leaking any private information by saying that. I’m sure everybody knows you do research. But there is a connection I hear from many CISOs that research versus non-research will change your threat profile. Organizations that do research have a higher threat profile because there’s some nation state bad actors, especially with COVID vaccine stuff; I don’t know if it’s all related to that. But research certainly gives you a different threat profile, let’s put it that way; is that accurate?

Research in Focus

Pat: Yes. I would say that’s accurate because there’s a lot of what I would consider proprietary information that we want to protect.