This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

Don't leave your devices and your patients exposed. Visit thisweekhealth. com ARMIS today to learn more.

Drex DeFord: (Interview 1) Hey everyone. I'm Drex and I'm really lucky to have Mick here with me today. Mick Coady from Armis. Hey Mick. How you doing? Welcome to the show.

Mick Coady: Good afternoon, sir. My time. How are you? I'm well.

Drex DeFord: Good. Last time I saw you, you were a little banged up, but you look pretty good today.

Everything's okay?

Unfortunately, the one on the face was a little bit more, if not a lot more serious, and that kind of took a little bit longer to heal but thank you. Proud me back on. Yep. I'm a little more presentable these days, so That's fine.

Drex DeFord: Well, it's good to see you. I wanted to just kind of start by, tell me a little bit about yourself.

Tell me a little bit about Armis and we will just kind of carry it on from there. You and I have a lot of great conversations about this stuff in the

Mick Coady: past. Yeah. I've been with Armis just two years. I actually, was brought on to kind of operate in kind of a chief technology office kind of a thing in the field.

Initially was working at a lot of different verticals throughout the us in different specializations that I know with healthcare, aviation, oil and gas. There's a lot of different spaces where I've played over my career. I had a great career for 10 years at PW C. Retired, took the walk and that was my third big four.

It's an interesting journey, the platform. Even when we were developing our OT lab back in the day at PWC and I did some work also with WWT, Armis has grown tremendously over the past seven, eight years. So when the leadership team asked me to come over here and join it was on a journey of where they were going and they've added pieces and parts of the platform.

So it's been very exciting. But now today I'm highly dedicated to healthcare covering off the pharma payer provider kind of a market space. Very heavily focused on provider at the moment from the larger healthcare delivery organization. Got launched in January 1st this year. You've met Christine obviously a couple of times now.

And she's a great add-on to what we're doing, in what we're kind of developing out the healthcare culture here.

Drex DeFord: Christine just came to the CSO summit that we did in in Napa, and had some great conversations with her. She kind of heard the stories in the room too.

Mick Coady: Yeah. And I think, look, I've served in on top roles that you know about over that tenure per period two at different places and got put behind kind of in, in a different position and working with different CIOs and in different organizations and I would say, everything we did was manual

right? And I'd even say even just in the IT space, we'd have to have, depending on what organization it was. You'd have to have a CDW or whoever you were taking your assets, your IT assets from the image build, whoever that could be had have to be in the room.

Procurement would've to be in the room, accounts payable or receivable and or both would be in the room. So we were mirroring up, invoicing, mirroring up this, having the vendor of choice on the thing, and how many were shipped this year, how many do we have? Where are they? Right? That was manually done.

And then we would either hire a boutique company. Who would come in and do a physical audit or a big four depending on who it was to get that done. And it was painful. Very. I remember

Mick Coady: Yeah. You used to get them tagged in, but then you'd have the scanner and everything, but that's a point in time click.

Sure. Absolutely. It was never, there was no continuity to that. We've been talking about this for 30 years, which is, patching at the OS application and asset level in general has been a very difficult thing to do. Hopefully we're trying to work towards simplifying that today.

But it's funny, for as long as you and I have been in the industry, we've been talking about this and we're only getting to the place of finding it, fingerprinting it, and then prioritizing what needs to get done quickly.

Drex DeFord: We are finally at that point where we say this all the time, if you don't know what you have, you can't protect it.

Right? That's a huge part of it. And that's not just a once a year inventory as you alluded to, like, right. I need to know right now what's really on the network, right? And where's it at? How's it being used, and what problems does it have that really demand my attention? How do you guys work that prioritization process for me?

But we added something kind of unique that kind of gives what we call early warning that allows you to think about what's in the dark web and what's being exploited right now. Even ahead or ahead of maybe what c Kev is writing at this particular juncture. 'cause it could have been what they have found, they could have found eight, nine months ago.

Now they're writing it, now they're putting it out and that's fine. That's, you have to do it that way. You should marry it all up. It's apertures of risk but we want to kind of give you, we have just in time right now, like isi.exe could have been level three, nine months ago. Today it's a level eight.

But yeah, I mean, as much as the culture is just, give me, instant gratification. I don't think there's any CISO there, or even CIOs who don't want instant gratification on, please help me stop this from happening, but. Even when, updates happen to Windows or even, our great partner, what happened to CrowdStrike any of these things can happen.

Drex DeFord: I mean, it's the resilience, it really extends the downtime, right?

If you have to do the thing manually, you can't go look right away. Right? A big zero day comes out. There's not a patch. You still have to figure out how to protect yourself,

Mick Coady: right? And the thing is, how do we get, from the orchestration of what we do on that, one of the things you alluded to, that we added also was allowing us to orchestrate that fast, right?

There's only 14. Let me go fix the 14 that are critical. The rest of the red noise We'll wait on, but it's that level of prioritization. I think it was a great CIO that I used to work for a long time ago, both in a consultative format and kind of directly reporting to him in on top.

And Chris always said, the reason I like talking to you is 'cause you're practical. And I think the practicality of having a limited set of resources in a hospital and having to make them efficient and effective at their jobs is very difficult to do. Because that's the way they run in hospital environments and it's tough.

And you come in day after day and I mean, you don't feel like you're making any headway at all. I mean, that tends to wear on you.

Drex DeFord: Not all risk is the same as you alluded to. Right. While they all look like the same, line by line here's something that needs to be patched.

Mick Coady: I like to provide more business context, right?

You and I have had to deal with Chief Medical Information Officers. Oh, and I say that with great respect to our brethren who'd be watching. But at the end of the day, CMIO's are demanding. Most of them are former physicians, and I get reminded every once in a while.

You may well do without the patient inflow, outflow, what you're doing in a clinic. But a surgery center, yeah. That's a different business operational category of risk that would sit further up the food chain that the board would care about. Not necessarily us in the CISO role, but it's good to get guidance.

Board level down towards operational people. I think that makes a difference.

Drex DeFord: Just thinking about something that I read recently talking about how security teams create business value too. Creating that situation where, you know what you have, you know what you should be patching, you're reducing risk.

That really is about. Sort of jokingly saw it written as something like the Chief Revenue Preservation Officer too, right? That is a lot of the ways that you have to think about risk and how you deal with risk because one Day Down can cost millions of dollars and impact patients' lives and family's lives, obviously.

Yeah. So it's a huge deal.

So the question is what does the asset look like through that lifecycle and where has it been? What kind of things have impacted it? Just no different than a human with the, you add or detract from all of the access rights that you have. Same thing happens with the asset. So the question is how do you manage that lifecycle more effectively?

Right? Which is absolutely a bottom line impact, right? And in certain cases you may have too many assets and and I'm not talking about it, I'm talking about med device. You also know that in certain hospital systems they lease, they rent, they own, and they could be doing all three. How do you manage all of that?

In one bucket And we help. In most cases today we've gotten down to the point where we've got great detail around utilization of the asset. Also, depending on the style of asset, I can tell you the drug libraries, all of that stuff starts to matter and it goes back away from people into the financial office, which is procurement and finance, right?

Right On identity. Identity man it's not an issue. We're gonna do it manually. Right. Until you don't. And I kind of came up with different modeling and I kind of coined a phrase kind of differently, which you've heard me say, which is RON. Everyone talks about ROI or realization of benefit, or RON is a return on negligence.

It's the actual cost of doing nothing. If you choose not to do something like this, there is negligence associated with it and an impact has been associated with green dollar effect, not blue dollar, but actual green dollars. And when you calculate those things, and I put Excel spreadsheets around it, here's your validation points on what happens when you miss a few steps in the workflow or you shorten the workflow for automation. How did that happen and what did I do? What was the impact? Right. Which can be absolutely validated financially.

I always love talking to you, and I hope our paths cross soon on the road somewhere.

Mick Coady: Absolutely. Appreciate it. Thanks, Drex.

Thanks for listening to this Interview in Action episode. If you found value in it, share it with a peer. It's a great chance to discuss the issues and in some cases start a mentoring relationship. One way you can support the show is to subscribe and leave us a rating. If you can do that'd be great.

Thanks for listening. That's all for now.