Sign up to save your podcasts
Or
Share Q&A with Asante CISO Alfonso Powers: CISOs Must Figure out How to do More With Less
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Q&A with Asante CISO Alfonso Powers: CISOs Must Figure out How to do More With Less
Published December 2022 –
While funding and staffing for IT security teams may not be on the rise, the number of third-parties that health systems are using – and thus the number of potential attack vectors into those health systems – is, leaving CISOs in the unenviable position of having to figure out how to more with less, says Alfonso Powers, CISO at Asante. To accomplish that, he’s looking at automation and other technologies. In this interview with healthsystemCIO Founder and Editor-in-Chief Anthony Guerra, Powers goes into detail on how he manages third-party risk, his experiences navigating a ransomware event, and how he tries to ensure a healthy work/life balance for him and his team.
LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE.
Bold Statements
We keep bringing on additional partners, and every time we bring on additional partners, we have another entry point into our network that needs to be secured, given more oversight.
Liability caps in the contracting process always seems to be the holdup. Nobody wants to be responsible if there’s a data breach of some sort.
Well, events like this definitely speed up getting approval for funding. You know, as unfortunate as that is, that’s just the reality.
Guerra: Alfonso, thanks for joining me.
Powers: Happy to do it, Anthony. Thank you for inviting me.
Guerra: Very good. Looking forward to a nice chat. Do you want to start off by telling me a little bit about your organization and your role?
Powers: Sure. Well, I’m Alfonso Powers. I’m the chief information security officer at Asante. Asante is a small/medium health system located in southern Oregon and northern California. We serve about nine counties, including 600,000 lives. And I’ve been with the organization about a little more than six years now.
Guerra: Can you tell me a little bit about your career journey? I like to see how people wind up in the security side of healthcare IT.
Powers: I originally started out my career in IT doing service and support on a help desk. Did that for several years. And then I moved into doing more stuff along the lines of network administration and system administration. Did that for several years. And then I actually did some web development for a while, and picking little different pieces in the IT space here and there. And then I moved on to work for a software development company where I was a network administrator.
And then that’s when I stepped into my first leadership role as an IT manager. In that role, security was just part of it. And back in those days, if you did IT you did security too, and they were seen as one. So did that for about five and a half years. I would say that in about 2012 is when I really started being more focused in information security, and I went to work for a professional services company. And my role there as a director was mostly to grow the information security program. And we did things along the lines of auditing, penetration testing, assessments.
And then moving on to Asante, I got my first job as an IT manager in information security. And I’ve been with Asante since I started that in 2016. Got this role as CISO back in August of 2021.
Guerra: I wonder how the evolution goes from being interested in IT. It seems like for some folks, they get pulled into security from their inclinations and their interests. Or it just happens to be an opportunity.
View all episodes
By Anthony Guerra
5
33 ratings
Published December 2022 –
While funding and staffing for IT security teams may not be on the rise, the number of third-parties that health systems are using – and thus the number of potential attack vectors into those health systems – is, leaving CISOs in the unenviable position of having to figure out how to more with less, says Alfonso Powers, CISO at Asante. To accomplish that, he’s looking at automation and other technologies. In this interview with healthsystemCIO Founder and Editor-in-Chief Anthony Guerra, Powers goes into detail on how he manages third-party risk, his experiences navigating a ransomware event, and how he tries to ensure a healthy work/life balance for him and his team.
LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE.
Bold Statements
We keep bringing on additional partners, and every time we bring on additional partners, we have another entry point into our network that needs to be secured, given more oversight.
Liability caps in the contracting process always seems to be the holdup. Nobody wants to be responsible if there’s a data breach of some sort.
Well, events like this definitely speed up getting approval for funding. You know, as unfortunate as that is, that’s just the reality.
Guerra: Alfonso, thanks for joining me.
Powers: Happy to do it, Anthony. Thank you for inviting me.
Guerra: Very good. Looking forward to a nice chat. Do you want to start off by telling me a little bit about your organization and your role?
Powers: Sure. Well, I’m Alfonso Powers. I’m the chief information security officer at Asante. Asante is a small/medium health system located in southern Oregon and northern California. We serve about nine counties, including 600,000 lives. And I’ve been with the organization about a little more than six years now.
Guerra: Can you tell me a little bit about your career journey? I like to see how people wind up in the security side of healthcare IT.
Powers: I originally started out my career in IT doing service and support on a help desk. Did that for several years. And then I moved into doing more stuff along the lines of network administration and system administration. Did that for several years. And then I actually did some web development for a while, and picking little different pieces in the IT space here and there. And then I moved on to work for a software development company where I was a network administrator.
And then that’s when I stepped into my first leadership role as an IT manager. In that role, security was just part of it. And back in those days, if you did IT you did security too, and they were seen as one. So did that for about five and a half years. I would say that in about 2012 is when I really started being more focused in information security, and I went to work for a professional services company. And my role there as a director was mostly to grow the information security program. And we did things along the lines of auditing, penetration testing, assessments.
And then moving on to Asante, I got my first job as an IT manager in information security. And I’ve been with Asante since I started that in 2016. Got this role as CISO back in August of 2021.
Guerra: I wonder how the evolution goes from being interested in IT. It seems like for some folks, they get pulled into security from their inclinations and their interests. Or it just happens to be an opportunity.
More shows like healthsystemCIO.com
View all
Acquired
3,946 Listeners
The Daily
111,562 Listeners
SmartLess
57,908 Listeners
This Week Health: Newsroom
26 Listeners