Why Does the Healthcare Industry Need an Active Cybersecurity Community? by Scott Morris, Chief Information Security Officer at BlueCross BlueShield of Western New York and Steve Moore, Chief Security Strategist at Exabeam
Not so long ago, cybersecurity professionals would be hard pushed to find focused communities to engage with. Discussions around security would often take place under the auspices of a more general IT group. Today, however, the ubiquity of cybersecurity community groups and the workloads of participants might be putting some of them at risk.
But, the value of active participation in a vibrant community group should not be underestimated for attendees or their employers. Aside from information sharing, which is critical to keeping pace with the latest threats and vulnerabilities, they can also play a vital role in professional development and best practise.
With so many security communities to choose from, how do cybersecurity professionals in the healthcare industry ensure their community time is spent discussing the most important issues and promoting information sharing – all while nurturing the young security talent of the future? Let’s answer a few key questions:
Why Should I Join a Community Group?
People who’ve been going to groups for any length of time will testify that communities genuinely want to listen and give attendees new ideas, build their knowledge and expertise and give valuable feedback to help them develop. For younger professionals, they offer an ideal opportunity to learn and grow.
Aside from learning more about specific cybersecurity issues, community groups can also prove an invaluable resource for developing important skills. For example, the act of presenting to a supportive community is great preparation for handling bigger audiences at bigger events in the future.
For those people who are interested in getting involved, the advice is simple: get out there and get your voice out there. Some people can be reluctant to participate because they fear sitting quietly on the periphery of discussion. Without doubt, this can be a challenge, but people shouldn’t fall into the trap of underestimating themselves, the power of their voice and their message. Talking to colleagues or looking at community websites to identify relevant groups and events is the best way to choose potential starting points.
What Opportunities Do They Offer?
Threat information sharing community groups have provided a tremendous catalyst for growth in community activity – they are one of their biggest success stories. Whether that’s in-person, forums, private chat channels or feeds, cybersecurity professionals live and breathe their jobs and take great pride in their knowledge of emerging risks and best practices. Without doubt, community groups are one of the best information sharing resources out there.
For young people starting out in the industry, it’s really important to attend community events, make connections and learn about key subjects from other people working in similar roles on a day-to-day basis. As one cybersecurity leader puts it, “If you’re not there, you’re not trying, you’re not learning, you can’t grow and you can’t start participating.”
Similarly, the most experienced and senior cybersecurity professionals also need to maintain a commitment to learning – communities are a great way of keeping that process engaging and fresh.
How Can I Make Sure I’m Spending Time with the Right Groups?
The answer lies in focusing on the group or groups that are most relevant to individual needs, while also taking some level of ownership when participating – don’t count on others to run those groups.
The process also requires leadership. Leaders need to set an example, not only by attending community events, but by being an active voice within their groups. In many cases, the most effective communities are driven forward by the enthusiastic collaboration of the more experienced members.
Some current groups and communities are struggling because their existing and potential members feel they are so busy working to protect their organizations, they lack bandwidth to either try community participation in the first place or maintain a regular commitment. As a result, cybersecurity professionals need to ensure they spend time with active groups that provide good opportunities for participation and networking.
How Can I Measure the Effectiveness of Community Groups?
Measuring outcomes is certainly a challenge, but those who value the role of community groups use the information under discussion and the contacts they make to build and improve their own cybersecurity strategy going forward.
Some cybersecurity teams track how often they participate in community events, and what efforts they make to engage with and support their colleagues and community contacts. On an individual level, there are few better ways of building a contact network than hosting and actively participating in community groups.
In a world as fast moving and important as cybersecurity, working together is vital to our collective ability to respond more effectively in an increasingly dangerous world. A healthy community where participation works for everyone involved is perhaps more important than ever.