Sign up to save your podcasts
Or
Share Q&A with Inova Health System VP/CISO Paul Curylo: Business Continuity Must Not Be an Afterthought
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Q&A with Inova Health System VP/CISO Paul Curylo: Business Continuity Must Not Be an Afterthought
Published February 2023 –
Paul Curylo, VP/CIO for Inova Health System says the bad guys may always be on your heels, but you can ward them off, to some extent, with cyber-hygiene — getting back to basics. Second to that, focus on business continuity. In this interview with Anthony Guerra, healthsystemCIO founder and editor-in-chief, Curylo talks about how, as the key advisor on cybersecurity, he is always bringing reality to light by asking the hard questions about business continuity before he even approves a new application. His quarterly cyber-decision exercises force business leaders to think through every contingency of going to paper imaginable, right down to how to dispose of the extra paper records. These conversations are robust and bring about changes in the app designs, but also in the business continuity plans because they need to be living, workable documents, Curylo says, and “the information needs to be recoverable when you need it.”
LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE.
Bold Statements
“ … we also have a conversation with our stakeholders around what are you going to do when this goes away at a point in time that you didn’t choose? What does your business continuity look like with respect to this and other solutions that you have?”
“People think: ‘IT is always there, they’re always great, something blips, they got it back right away, so I can rely on them 100% all the time.’ That’s not an assumption that one should make.”
“They should certainly make an introduction to their local FBI field office or DHS (Department of Homeland Security) region and establish those contacts and relationships. It’s a small investment in time. But if an organization has a crisis, it is great to be able to pick up the phone … ”
Guerra: Paul, thanks for joining me today.
Curylo: Well, thank you. It’s a pleasure being here, Anthony.
Guerra: Great. All right. Looking forward to a fun chat. Paul, let me start with you telling me a little bit about your organization and your role?
Curylo: So yes, Inova Health System is located in Northern Virginia. We have five hospitals and three emergency centers. We cover quite a large region across the area. I joined the organization in 2019, so about three years ago, to rebuild the cyber operations capability. I was asked to stay on as the CISO to rebuild other programs within information security, and establish data governance, and drive better cyber hygiene across our capabilities.
Guerra: Let’s talk a little bit about the idea of rebuilding. Can you talk about any of the major things when you came in that you thought needed to be put into place?
Curylo: Yes, Anthony, the major thing was getting back to basics, understanding what we had in our environment with respect to end of life systems, end of life operating systems, in particular, whether or not we were effective on our security patching cycles. As what happens in many healthcare systems, the team that’s responsible for patching really does want to do a good job and take care of the systems. But there are other priorities or situations that inhibit that cadence. So over time, the cyber hygiene begins to dry up. And those are the fundamental things that we addressed when I first started.
Guerra: Yes, I’ve heard it said before – Erik Decker, says it, and I’m sure a lot of other folks say it — it’s that idea that, there’s some exotic and cutting-edge stuff we...
View all episodes
By Anthony Guerra
5
33 ratings
Published February 2023 –
Paul Curylo, VP/CIO for Inova Health System says the bad guys may always be on your heels, but you can ward them off, to some extent, with cyber-hygiene — getting back to basics. Second to that, focus on business continuity. In this interview with Anthony Guerra, healthsystemCIO founder and editor-in-chief, Curylo talks about how, as the key advisor on cybersecurity, he is always bringing reality to light by asking the hard questions about business continuity before he even approves a new application. His quarterly cyber-decision exercises force business leaders to think through every contingency of going to paper imaginable, right down to how to dispose of the extra paper records. These conversations are robust and bring about changes in the app designs, but also in the business continuity plans because they need to be living, workable documents, Curylo says, and “the information needs to be recoverable when you need it.”
LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE.
Bold Statements
“ … we also have a conversation with our stakeholders around what are you going to do when this goes away at a point in time that you didn’t choose? What does your business continuity look like with respect to this and other solutions that you have?”
“People think: ‘IT is always there, they’re always great, something blips, they got it back right away, so I can rely on them 100% all the time.’ That’s not an assumption that one should make.”
“They should certainly make an introduction to their local FBI field office or DHS (Department of Homeland Security) region and establish those contacts and relationships. It’s a small investment in time. But if an organization has a crisis, it is great to be able to pick up the phone … ”
Guerra: Paul, thanks for joining me today.
Curylo: Well, thank you. It’s a pleasure being here, Anthony.
Guerra: Great. All right. Looking forward to a fun chat. Paul, let me start with you telling me a little bit about your organization and your role?
Curylo: So yes, Inova Health System is located in Northern Virginia. We have five hospitals and three emergency centers. We cover quite a large region across the area. I joined the organization in 2019, so about three years ago, to rebuild the cyber operations capability. I was asked to stay on as the CISO to rebuild other programs within information security, and establish data governance, and drive better cyber hygiene across our capabilities.
Guerra: Let’s talk a little bit about the idea of rebuilding. Can you talk about any of the major things when you came in that you thought needed to be put into place?
Curylo: Yes, Anthony, the major thing was getting back to basics, understanding what we had in our environment with respect to end of life systems, end of life operating systems, in particular, whether or not we were effective on our security patching cycles. As what happens in many healthcare systems, the team that’s responsible for patching really does want to do a good job and take care of the systems. But there are other priorities or situations that inhibit that cadence. So over time, the cyber hygiene begins to dry up. And those are the fundamental things that we addressed when I first started.
Guerra: Yes, I’ve heard it said before – Erik Decker, says it, and I’m sure a lot of other folks say it — it’s that idea that, there’s some exotic and cutting-edge stuff we...
More shows like healthsystemCIO.com
View all
Acquired
3,946 Listeners
The Daily
111,562 Listeners
SmartLess
57,908 Listeners
This Week Health: Newsroom
26 Listeners