Q&A with University of Miami Health System AVP/CISO Mauricio Angee: Time to Remediate Must be Lightning Fast

What it means to be a good CISO changes over time. In the past, it was all about rolling out some technologies that protected the enterprise. Today, however, that’s just stakes to play. Today, CISO are being defined by how good they are at keeping the business up and running, and how quickly they get operations moving again if the worst does happen. According to Mauricio Angee, AVP and CISO with the University of Miami Health System, CISOs are also being judged by how well they digest and act upon the copious amounts of threat intelligence and alerting that are being offered by both public entities and private vendors. In this interview with healthsystemCIO Founder and Editor-in-Chief Anthony Guerra, Angee covers this topic, as well as how cyber and emergency management work together to ensure that everything that can be done to prepare for a cyber incident is in place and well rehearsed.



LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE. 



Bold Statements

… it’s very distinct what emergency management does to ensure continuing operations for patients and what we do in the sense of cybersecurity.

In the terms of who makes the decision of when and what gets shut down or not, or what is the right time; leadership is looking to me, especially with the ransomware attacks, to say, ‘how bad is it and is it the time, the time to pull the trigger or pull the cord.’

My job now is looking at what threats are coming, what am I hearing about higher ed or healthcare that all of us in the industry are facing, looking at threat reports. So I am being judged by a timely passing on of that information. For example, since I received an advisory, how long did it take me to process and review it, send communication out and get it fixed so we’re not exposed.

Anthony: Welcome to healthsystemCIO’s interview with Mauricio Angee, AVP and Chief Information Security Officer with the University of Miami Health System. I’m Anthony Guerra, Founder and Editor-in-Chief. Mauricio, thanks for joining me.

Mauricio: Thank you for inviting me, Anthony, great to be here.

Anthony: Very good. Mauricio, can you tell me a little bit about your organization and your role?

Mauricio: I’m the CISO, an enterprise CISO for the University of Miami, and the structure of the University of Miami has what we call the academy – students coming into classes with faculty staff, the regular university. And then we have the health system comprised of the hospital, clinic, and research is big at the University of Miami, and then we have, as I said before, The Miller School of Medicine because the medical school is under the realm of the health system. It’s a big university, but it’s also a big health system in the Miami area, Miami-Fort Lauderdale-West Palm area.

Anthony: Alright, very good. Top of mind for me, as we’re getting ready for this interview, you had the hurricane very recently, Idalia was the last one. A big area I’ve been covering is business continuity, disaster recovery, that kind of thing. Obviously, you’re in Miami, you had a hurricane recently. This must be very top of mind for you, making sure you’re resilient and can continue operations. Tell me how you/cyber works with emergency preparedness.

Mauricio: Anthony, this is a question I get asked frequently. We live in South Florida and every year from June 1st to November 30th, it’s hurricane season and it ramps up between the late August to late September, that’s when it’s most dangerous.