Q&A with Children’s Hospital of Philadelphia CISO & Associate CIO Monique St. John: Security Actually Empowers Innovation

It’s the old preconception that’s kept security out of the equation for far too long – if cyber gets involved, the whole project is dead, or at least not going anywhere fast. Luckily that dynamic is falling by the wayside, as business leaders have to come to realize that not including security means taking on an unknown level of risk, not only to data systems, but patient safety. To Monique St. John, CISO and Associate CIO at CHOP, innovation and cybersecurity must go hand in hand. And, done right, the two actually move faster and more effectively together. Of course, a caveat is that those hands need to clasp at the beginning of the journey for the partnership to be most fruitful. In this interview with healthsystemCIO Founder & Editor-in-Chief Anthony Guerra, St. John also discusses the critical process of third-party risk management, and how security executives can maintain a healthy work/life balance.

Bold Statements

When we talk about this, it’s really key to ensure that security principles and security responsibilities are embedded across the board, and that there’s balance between innovation and security. It’s not just about being one or the other. In order to do business, you have to be innovative, you have to transform the services, be more efficient, and security really needs to be at the forefront of that to ensure that operations is protected, the data is protected, and that we are really partnering with the business to drive the strategy forward.

It’s my role to make sure that all the facts are lined up, all the risks are outlined with whatever the scenario is – if it’s a solution, if it’s options – and letting the business know, ‘Here’s where we’re at with those risks, the facts, and here are the options that you have to move forward,’ and have them make the decision based on the business need, and having that risk-based approach inform their business decision.

… rely on your team. Develop a team that you can really trust. I say all the time that, yes, there are things that keep me up at night, but what helps me sleep is my dedicated team, or the dedicated team at CHOP. I just went on vacation a couple of weeks ago and didn’t have to worry because the team is solid and they’re committed to CHOP and they’re committed to defending CHOP.

Anthony: Welcome to healthsystemCIO’s interview with Monique St. John, VP, CISO and Associate CIO at Children’s Hospital of Philadelphia. I’m Anthony Guerra, Founder and Editor-in-Chief. Monique, thanks for joining me.

Monique: Thanks for having me, Anthony. Appreciate being here.

Anthony: Very good. Looking forward to having a fun chat. You want to start off by telling me a little bit about your organization and your role?

Monique: Sure. CHOP is a national pediatric health system based in Philadelphia, Pennsylvania. We have two primary hospitals. We are about to launch a third behavioral health center hospital within Philadelphia. We have approximately 50 care centers throughout the region, the Philadelphia-New Jersey region, and we are centrally located within University City Philadelphia, but also have our additional hospital out in King of Prussia, Pennsylvania.

Anthony: Very good. Let’s start off a little bit by talking about titles and roles and things like that. We see quite a bit going on in healthcare. You are currently, as I mentioned, CISO and Associate CIO and at one point, you were CISO and CTO. We know there have been connections between the CISO role and the CTO role, you came at it from infrastructure, that happens a lot. I just wonder your general thoughts on all the roles swirling around. Most people say it can work any number of ways.

Monique: I definitely think that an organization needs a security officer, especially an organization the size of CHOP. We have 25,000 employees, as I mentioned, spread over multiple locations, dealing with several regulatory agencies.