Q&A with Summa Health CISO Swathi West: “A Solid 90-Day Assessment Can Make All the Difference”

When Swathi West started at Summa Health in early 2023, she embarked on a 90-day assessment that included reviewing job descriptions, along with policies and standards. It’s an approach she heartily recommends for a number of reasons. First, in reviewing job descriptions, West founds a lack of detail that could cause confusion around roles and responsibilities. Adding detail to the job descriptions, along with some net new positions and additional layers of management, helped her expand an organizational chart that had been extremely flat; leading to more career advancement opportunities and enhanced manager oversight. On the policies and standards side, West’s investigation allowed her to understand exactly what IT security had promised to deliver, putting her in the position to do a gap analysis. In this interview with healthsystemCIO Founder & Editor-in-Chief Anthony Guerra, West covers these issues, along with her other priorities of reducing third-party risk and getting her arms around AI.

LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE. 

Bold Statements  

I said, ‘We have a technology stack, so I’m not going to ask you for money for anything new. I’m not going to bring in another piece of technology to fix a problem, but let’s invest in people and process.’

When I first started my one on ones, I was very vocal in that I mentioned, ‘This has been tried, the way this is right now has been tried by a different individual. That’s the beauty of change, we tried it, some things worked and some didn’t.’ Now, when a new leader comes in and changes something, some of it might work and some might not – I just ask them to be open to change, to come along on this journey with me, to just be part of this.

If you only do a few things as a leader when you start, come in and make sure you do that 90-day assessment, pick a framework, I think, even before that. I think the third important thing is to look at the job descriptions because it’s so hard to keep people accountable if they don’t know what they’re supposed to be doing.

Anthony: Welcome to healthsystemCIO’s interview with Swathi West, Chief Information Security Officer with Summa Health. I’m Anthony Guerra, Founder and Editor-in-Chief. Swathi, thanks for joining me.

Swathi: Thank you. Thanks for having me, Anthony.

Anthony: All right. Excellent. Why don’t we start off, tell me a little bit about your organization and your role?

Swathi: Sure. I am Chief Information Security Officer for Summa Health. Summa Health is a health system based in Akron, Ohio. We are a provider, also a payor. We have 3 hospitals, several health clinics. We have more than 10,000 users today, it’s a pretty decent sized hospital. I manage access management, security operations and governance and compliance. Anything that you can think of, audits, assessments, training, provisioning, deprovisioning, transfers, etc. We have quite a few things going on in the team. Today, we’re 13 people strong and I think we’re hoping, by end of 2025, we’ll have more than 20, 25 people.

Anthony: Okay, very good. You mentioned all the things that you’re in charge of, a question popped into my head. Is it pretty standard stuff? I supposed the CISO purview can vary a little from place to place.

Swathi: It’s a very good question, Anthony. I think when I first started at Summa, I was also a consultant. Prior to Summa, I was acting like a virtual CISO, if you will, for other health organizations.