Joseph Davis, Microsoft’s Chief Security Advisor for Health and Life Sciences, is a trained medical practitioner, but his professional background is “almost 100% IT and cybersecurity.” He has always been interested in technology: in medical school he helped develop a program to assist clinicians in diagnosing their patients more accurately. He joins Tom Fox on Day 3 of Microsoft Week to talk about the role of cybersecurity in life sciences and the traits cybersecurity professionals need to do their jobs effectively.
The Role of Cybersecurity
Tom asks, “What is the role of cybersecurity in the healthcare life science industry today?” Joseph responds that it’s a must-have since this industry is considered critical infrastructure. People’s lives depend on keeping systems and processes safe from cyber attacks, he points out. Most medical devices now have communication components such as WiFi or Bluetooth – these are called connected medical devices – so they are vulnerable to cybersecurity breaches which can cause them to malfunction. Joseph tells Tom that it’s more imperative now for providers in the healthcare industry to vet their supply chain, but smaller companies may not have the resources to do so, leaving them more vulnerable to bad actors.
Serve with Humility
Cybersecurity affects every department, so leaders need to get everyone on board. This requires humility, diplomacy and flexibility, Joseph says. Tom asks him to talk about his blog post, Ego and the Role of Cybersecurity Leaders, and why you have to take ego out of the equation. “I like to serve humbly,” he responds. “The focus really needs to be on protecting the organization and safety… I think when we’re so focused on where we are in our career… our focus gets distorted.” Tom comments that most cybersecurity professionals he knows have a calm disposition. He asks why this is necessary and helpful in the role. You have to keep a cool head, Joseph answers. Bad things are going to happen, and many things will be out of your control, so you have to be flexible. “Control lightly” those things that you can control, and always remember that you’re working with a team. Tom quotes Joseph’s blog, “Every trust decision is a risk management exercise.” They agree that every decision – in life and in cybersecurity – carries some form of risk and is founded on trust of the outside world.
Keeping Clients Up-to-Date
Joseph says that his role at Microsoft is “to work exclusively with senior leaders at each of one of my customers to bring them up to speed on the modern workplace and how we’re approaching cybersecurity in the more hybrid environment that we’re living in now.” He finds that while some customers are eager to embrace innovation, others are entrenched in their traditional methods. “The problem with many of the customers that we have currently is that their approach is fighting the last attack or the last type of compromise that they had; whereas their threat actors are constantly evolving and finding new ways in,” he tells Tom. He and Tom discuss whether the defense and depth approach still has value. Joseph comments that identity has to be considered as well: “Attackers these days they’re not really breaking in as much as logging on,” he remarks. He advocates for computer-aided interventions and data encryption as the last facet of security. “You can’t rely on the user to be your last line of defense,” he emphasizes.
Listen here to Microsoft Week episode 1, featuring Alan Gibson, Director of Legal and Compliance Innovation at Microsoft.
Listen here to Microsoft Week episode 2, featuring Abbas Kudrati, Chief Cybersecurity Advisor for Microsoft Asia’s Enterprise Cybersecurity Group.
Tune in tomorrow for episode 4 featuring Erica Toelle.
Joseph Davis at LinkedIn
Blog post: Ego and the Role of Cybersecurity Leaders