Q&A with Corewell Health Deputy CISO Jim Kuiphof: “Proper Prioritization a Key to Cyber Success”

On most days in cyber, it can seem like there are a million things to do. For Jim Kuiphof and his team, that was probably the case in 2022 when Spectrum Health and Beaumont Health merged to become 22-hospital strong Corewell Health. Of course, there was much foundational work to be done, but Kuiphof notes that sometimes there are even more important fires to put out before one can turn to big picture projects like org charts. It’s an important concept in cyber – a risk-based approach to deciding what must come next; where the team and its resources should be focused – and getting it right is absolutely key to success. In this interview with healthsystemCIO Founder & Editor-in-Chief Anthony Guerra, Kuiphof discusses the keys to prioritization in cyber, the Jim Collins-concept of getting the right people on the bus and into the right seats, and the salient attributes he’s looking for in team members.

LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE. 

Bold Statements

I’ve used the analogy that you have rowers, you have sitters, and you have hole drillers in your boat.

I don’t need you to create the vision, I need you to be able to listen, learn and articulate a vision. Say back statements, understand how well they can synthesize complicated data and repeat it back in a simple way, engage an audience, and be able to communicate through multiple means – instant message, face to face, virtually, in front of a crowd, whatever it is – role dependent, obviously. So communications leadership is one important thing.

It’s actually not so much when you get the job done; it’s are you getting the job done? And are you communicating about when you’re probably going to be getting it done? That’s more important to me. That’s an aspect of individual accountability and discipline that really goes beyond a generational thing.

Anthony: Welcome to healthsystemCIO’s interview with Jim Kuiphof, Deputy CISO at Corewell Health. I’m Anthony Guerra, Founder and Editor-in-Chief. Jim, thanks for joining me.

Jim: Thanks for having me, Anthony.

Anthony: Great, Jim. Why don’t you start off by telling me about your organization and your role?

Jim: Sounds good. Corewell Health is the newly formed, about two years ago, health system as a result of a merger between Beaumont Health in the Detroit area and Spectrum Health in the Grand Rapids area. Those two systems came together to form what is now the largest health system and actually the largest employer in the state of Michigan.

My role is the Deputy Chief Information Security Officer and Head of our Cyber Fusion Center. I have two jobs, one is right-hand man to my boss, the CISO (Scott Dresen), so I got to do a lot of the executive, forward-looking strategy planning, chief of staff type of work, and then the day-to-day job is to head up the teams that track threats, build preventions, detections, respond to threats, minimize our attack surface, do some analytics for us and internal consulting work across the entire system.

Anthony: Tell me a little bit about this Cyber Fusion Center. What’s that all about?

Jim: It’s an evolution. This is one of the final steps in this evolution when I started 8 years ago. Actually, it’d be 9 years ago at the end of this month. We had a limited capability to do detection and response. Cyber resilience and response is the name of the team. Over the years, we’ve added additional services. We call services ‘standard work,’ standard process, standard ways of doing things.