Women In Cybersecurity. PHOTO: Cybercrime Magazine.

Healthcare Technology Executive On Getting More Women Involved In The Cybersecurity Field

Many believe it is necessary to have a STEM degree to enter the cybersecurity space, but it absolutely is not.”

– Georgia Reid

Northport, N.Y. – Aug. 10, 2018

Cybercrime Magazine talked with Angela Rivera, Executive Vice President of Operations for CynergisTek, a top-ranked cybersecurity and information management consulting firm with a primary focus on serving the healthcare industry.

Angela is a role model for women in cybersecurity and wants them to know cybersecurity is a space that has many diverse roles, and that one does not need to be a coder or hacker to succeed.

Let’s see what else this executive, healthcare IT expert, and mom has to say about careers for women in the cybersecurity space, and the unique threats to healthcare information systems:

CM: What is your role at CynergisTek?

AR: I serve as the Executive Vice President of Operations for CynergisTek. I have responsibility for delivery performance, ensuring consistent client satisfaction, the growth of current services and development of new solutions to support our customer’s changing needs, and internal team training and employee satisfaction focusing on a consistent and rewarding work experience for CynergisTek team members.

CM: What kind of background do you have in STEM?

AR: I have spent 20 years in Information Technology and over 25 years in healthcare. Most of my IT career has been working for consulting firms who provide deep expertise in solving clients’ problems through technology implementation, optimization and innovation. I have been fortunate enough to experience a variety of positions over my IT career including corporate communications, account management, consulting, sales, and operations.

CM: Do you have advice for someone who is interested in a career in the cybersecurity space, but who maybe isn’t technical or coming from a background in STEM? 

AR: Many believe it is necessary to have a STEM degree to enter the cybersecurity space, but it absolutely is not. In fact, one of my most passionate goals is to attract more women to cybersecurity, and I believe that this perception of having a STEM degree is actually hurting our efforts. Getting women to understand that cybersecurity is an industry that just like any other has many diverse roles, and you don’t need to be a coder or hacker to succeed.

Since my whole career has been focused on health care, I will use the analogy of a hospital. Hospitals need physicians, and while necessary, they make up only a small part of the overall operations of a hospital. Same with cybersecurity — not everyone in a hospital is a doctor, and not everyone in cybersecurity is a coder.

I manage a Best in KLAS cybersecurity consulting firm and we have many bright and talented senior cybersecurity professionals that do indeed have highly technical skills and advanced degrees and certifications. But to run our entire business, we also employ very strong project managers who manage the hundreds of projects we have underway at all times. We have junior security analysts that haven’t yet earned their CISSP, but provide a significant contribution to our vendor security management program. We have marketing and sales professionals who keep our business growing and, of course, back office functions to support the employee engagement and satisfaction of our team, which is critical given the shortage of talent in the cybersecurity space.

CM: Can you give our readers some examples of young women who are coming into this space without a background in cyber?

AR: Junior team members can start anywhere and find their niche to grow in the industry.

For example, my daughter, who is 23, is working for a large global consulting firm. Her degree is in Communications and she serves on the Organizational Development Team for a large Dept. of Defense cybersecurity team. Her job is to help identify different knowledge and skillsets of a cybersecurity team (focused on the more technical engineers) and develop competency development models for professional growth paths, develop assessments so that they can promote to higher levels, and provide training curriculum to support succession planning for highly specialized roles that are hard to find. These are critically necessary in the cybersecurity market where unemployment is zero and there is a battle for talent. Yet, my daughter brings strong verbal and written communication skills, and workflow and process design skills of which are not normally inherent in what many folks consider a traditional cybersecurity professional.

Also, there is a young woman that we recently hired that graduated with a Political Science degree but began working in Medical Device Compliance and Security for the last few years and has a significant passion for it. While working for us as a Biomedical Device Security consultant, she is continuing her education to earn her MS in Cybersecurity and Risk Management. This is just another example of growing with the industry, and not worrying about having a specific degree or technical skills to get in.

CM: How did you actually come into cybersecurity as a profession after spending years in healthcare?

AR: I actually came back around to it recently. In the early 2000’s, the IT consulting firm I was working for hired a very seasoned security expert, Mac McMillan (current CEO of CynergisTek) to start a security practice. So, for about 3 years, I was really in tune with the importance of both privacy and security specific to the healthcare industry. However, when Mac left, I admittedly focused less on it as my company changed direction. However, I stayed in touch with Mac over the years and would refer healthcare clients to him that I knew needed help protecting their assets. Then last year, Mac asked me to leverage my deep healthcare IT knowledge, operations and sales skills to help run his company, and now the passion for cybersecurity has resurfaced. Like the positive impact, IT can have on organizational health to solve problems and create efficiencies, having a solid cybersecurity program can enable and contribute to very strategic business initiatives.

For example, in healthcare, the board of directors set enterprise goals such as Top 25 Percent Patient/Member/Provider/Employer Experience, Top 10 Percent Financial Health or Zero Preventable Harm — If we can strive for all devices and associated data to be secure with high availability, no breaches, and no unplanned downtime, we can maintain the confidence of the patient community leading to a better experience, support strong financial health by limiting fines due to potential breaches or cancelled appointments or health facility closures caused by security vulnerabilities, and prevent viruses or intrusions on bio-medical devices and other systems used to administer patient care to ensure patient safety.

CM: What sets healthcare cyber apart from traditional information security?

AR: In healthcare, patient safety is always the number one priority. And for the patient in the hospital, there are many ways that their safety can be put at risk. Just like other industries (i.e. banking or retail), protecting their personal and financial information is a challenge, and healthcare data is very rewarding to hackers.

A recent study indicated that the healthcare sector suffered more than half of all cyber attacks in 2017; this creates additional pressure on the healthcare industry. However, in healthcare, there are also significant risks to the actual treatment of care and the patient’s direct health. If a hospital gets hacked and their network goes down, hospitals may have to cancel procedures and visits or divert patients to another facility, causing a delay in needed care. Or worst-case scenario, if a biomedical device is hacked while connected to a patient, this could cause serious harm or even death. Thus, having a strong focus on cybersecurity in healthcare is that much more important. 

CM: What is something you are working on that you are particularly excited about?

AR: I have always been passionate about empowering women to grow and embrace their roles as effective leaders in the technology industry. Over the years, I have volunteered and served on boards for several professional associations. This has given me the opportunity to translate my personal passion into supporting others. And I found that starting locally and regionally can make a difference. For example, I served as President of So. Cal HIMSS in 2011, which is a 2500-member organization focused on Healthcare IT. Myself and two other regional HIMSS women presidents formed a Women’s IT Leadership Conference representing 3 states. It was a sell-out and got a lot of attention from HIMSS nationally, and since then as a national organization, they have done a good job of promoting women in IT with recognition awards, committees, etc.

My most recent endeavor is as a board member of Women in Healthcare IT (WHIT). This group is still in somewhat of early formation, founded in 2015, but its purpose is to help pave the way for women and girls in Health Information Technology. We are leveraging our networks, experience, and expertise to deliver events, mentoring programs and offer career counseling and advice to help women achieve their career goals in IT.

CM: What is something you wish you knew when you first went into this career?

That the cybersecurity industry changes at lightning speed. I am an avid reader and lifelong learner, and while my goal when returning to cybersecurity was to get back up to speed on everything very quickly, it was impossible. At first, I was beating myself up for not being able to get to all of the information distributed daily. Just keeping up with what my own company’s team of thought leaders publish on a continuous basis was a challenge given the time I needed to actually run the operations of the company. Add to that the almost daily announcements of new threats, the many magazines, and blogs covering various industry topics, continue to validate this is an exciting industry to be a part of.

CM: Who were some of your mentors or role models when you first started your career?

AR: Really good question! Back then the term “mentor” really didn’t resonate with me. It seemed very deliberate and forced and unfortunately, there were no female leaders at my company that I could tap into. That said, early in my career I was fortunate enough in my role to have to call on customers as a Sales Executive and Client Partner for a large IT consulting firm. This is where I was able to gain very strong relationships with many women who were a little bit further in their career, but admittedly still struggling to break the barrier to the c-suite. However, the opportunity to learn from them and share experiences helped a lot. And they all had different roles, from Managers/Directors of IT, VPs of IT, Chief Nursing Officers, etc. Their diversity in skills, approaches and professional growth paths helped me learn and grow in varied ways. I personally believe that was more beneficial than just having one assigned mentor.

CM: What advice would you give young women looking for a mentor in cybersecurity?

AR: Don’t limit yourself to just one. Cybersecurity is a business just like any other and having the ability to meet and network with women in many different positions who present different leadership styles I believe is highly beneficial to exploring future options and determining the right long-term goals you want for your career. I would also recommend joining local organizations and national organizations if you have the means, so you can begin getting a feel for the different types of women leaders that most resonate with you.

Georgia Reid