Throughout his career – which has included stints in the military, law enforcement, and logistics – Dennis Leber has amassed a wide breadth of experience. But the skill that has proven the most valuable, particularly in today’s healthcare landscape, isn’t technical acumen or adaptability – both of which are critical.
“It’s communication and teaching, and it’s not making assumptions,” said Leber, who has “always had some type of instructor role,” whether it was teaching firearms during his early Marine Corps days, his numerous adjunct professor roles, or even his current consulting work.
That background has served him well, and could do the same for other cybersecurity leaders as risk management becomes a bigger priority throughout healthcare.
During a recent Unhack the Podcast, Leber – who is currently providing virtual consultant services, having most recently been CISO at Honest Health – talked about the evolving skillsets for C-suite leaders, the importance of basic cyberhygiene, and his unique career path.
Dennis Leber
The good news for cybersecurity leaders is that awareness seems to be increasing, as a result of the alarmingly high number of incidents healthcare has experienced. The not-so-good news? It doesn’t necessarily reflect in how the CISO role is perceived.
Part of that, according to Leber, falls on leaders themselves. “If you listen to some of the things CISOs say at events, you’re like, that’s the way we did it 20 years ago,” he said, adding that many aspiring leaders fail to leverage the resources available and, consequently, aren’t building the necessary skills. “They’re being pigeon-holed into positions because they don’t report at a level that would enable them to have impact and authority.”
One possible solution is to schedule regular meetings with the board and CEO, which can lead to improved decision-making. “CISOs shouldn’t operate in a silo. Regular collaboration with CFOs, COOs, and legal teams ensures cybersecurity strategies align with broader business objectives,” he wrote in a recent installment of his LinkedIn Newsletter (The Cybersecurity Doctor Is In). Board engagement is also critical, said Leber, adding that “CISOs who present regular briefings to leadership foster transparency and accountability.”
Addressing the board, however, is a strength not many cybersecurity leaders have fully developed. “That’s another problem we need to solve,” he said. Leber’s advice? Rather than focus on metrics – no matter how powerful they may seem, CISOs should anchor the conversation around organizational goals, and how they might be affected by a cyber incident
“That’s where I started changing my thoughts to, ‘what are the goals of this company?’ and pulling up examples of where we increased or decreased by a certain percentage,” he said. Contrary to popular belief, “it has nothing to do with technology or cybersecurity. It’s, ‘here’s how implementing Control X or Tool Y impacts that objective that the business stated,’” and then talking about vulnerabilities and risk.
The ultimate objective is to be able to definitively say, “if we do or don’t do this, we won’t make a million dollars next year,” Leber said. For leaders, the key is in recognizing that people tend to learn differently and adjusting to fit their needs.
Another critical component is ensuring teams are trained on basic cyberhygiene – which should be a given, but is not in many cases. “Somehow or another, we’re still failing,” he said. “I’ve been in this industry for 20 years and we still fall victim to the same things over and over.”
The answer is education – and not just to those in IT or security, but throughout the organization, he said, urging colleagues to take a page out of the military playbook.
In the Marines, for example, “every soldier who goes into combat is taught basic life-saving skills,” which has helped dramatically improve survival of those suffering injuries. Healthcare, he believes, can achieve similar results by investing not just in solutions, but phishing education and testing exercises. Doing so regularly, he noted, can reduce social engineering risks by 80 percent.
And in fact, that potential to make a difference by leveraging technology is what drew him to cybersecurity – and eventually – healthcare. “I always liked technology. I was probably one of the first police officers in Louisville to have a computer in my car,” recalled Leber, whose decision to zero in on technology proved fortuitous. “That’s the future; that’s where we need to be.”
© Copyright 2024 Health Lyrics All rights reserved
