Q&A with Texas Health Resources CISO & VP of Technology Operations Ron Mehring: “Openness & Respect are Keys to Cyber Team Success”

Post 9/11, it was a key element of messaging in New York City – if you see something, say something. The idea, of course, was that law enforcement could only do so much; but vigilance on everyone’s part would be a game changer. And it’s that same principle that Ron Mehring says is key to a cyber team’s – and even an enterprise’s – success. But folks are only willing to ‘say something’ if they know they’ll be listened to with respect and attention. And it’s for those reasons that Texas Health embraces a high-reliability work environment. For Mehring, CISO & VP of Technology Operations with Texas Health Resources, it’s the only environment he wants to work in. In a recent interview with healthsystemCIO Founder & Editor-in-Chief Anthony Guerra, Mehring discusses these issues and many more.

LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE. 

Bold Statements

… it’s also the other principles as well inside of high reliability, one of my favorites is deference to expertise. Let the subject matter experts do what subject matter experts do. Don’t get in their way, listen to them, let them provide the right feedback. You’re probably going to solve problems a heck of a lot easier.

If things aren’t going well, sometimes it’s best just to say stop. I always say, “Hang on a minute, we’re going to stop right here, and let’s talk about this and backtrack.” Sometimes you have to go back a little ways to the original problem statement or the original issue and say, “Let’s start over and try this again.”

… most cybersecurity programs are not a one-, two- or a three-year body of work. To be very honest, from my vantage point, they’re a 5- to 10-year body of work, and you have to think in long-range terms about how I’m going to help this organization that hired me and I wanted to be a part of.

Anthony: Welcome to healthsystemCIO’s interview with Ron Mehring, chief information security officer with Texas Health Resources. I’m Anthony Guerra, founder and editor-in-chief. Ron, thanks for joining me.

Ron: Sure, happy to be here. Thank you.

Anthony: Great, looking forward to having a little fun chat with you, Ron. Tell me a little bit about your organization and your role.

Ron: Sure. I work for a healthcare system called Texas Health Resources. We’re m located in North Texas, we have roughly about 29,000 employees, about 29 hospitals, and over 300 points of entry into our health system. I’ve been with Texas Health for, gosh, a little bit over 12 years I guess, and I serve as the chief information security officer and the vice president of technology operations and security. I have a bit of a blended role where I lead technology operations and traditional security for the health system.

Anthony: I’ve heard more of this, almost like a CISO-CTO blending, with the infrastructure in there, so I’ve definitely heard some of this as a trend, and a lot of times you ask people, how should this work best from a governance point of view, reporting? And what you almost always hear people say is it really doesn’t matter, it’s just that the people have to get along. It doesn’t matter who reports to who or who’s in which role, everyone just has to get along. What are your thoughts there?

Ron: I think you’re dead-on accurate, it is a cultural issue. Depending on how the culture is in the organization – security and technology functions as well as other functions in the enterprise – there could be unintended conflict that arises out of that.