Sign up to save your podcasts
Or
Share Q&A With Methodist Le Bonheur Healthcare CISO Steve Crocker: IT Security Should “Assist Owners With How They Can Manage Risks on Their Assets”
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Q&A With Methodist Le Bonheur Healthcare CISO Steve Crocker: IT Security Should “Assist Owners With How They Can Manage Risks on Their Assets”
Steve Crocker, CISO at Methodist Le Bonheur Healthcare, says after receiving a full briefing from IT security, business leaders should make the final decision on how much risk they want to accept.
LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE.
Bold Statements
We’re not saying no; we’re just saying, ‘Hey, let’s find a better way to do this to protect the organization and protect you and protect your data, protect your customers or your patients.’
I think if you’re not offering remote work, you’re going to struggle to find people or even keep people, because just about every position now, even the CISO roles, they’re being offered remote nowadays.
At the end of the day, we should be an advisor and consultant to assist owners on how they can manage the risks on the assets they own, not as gatekeeper to say yes or no.
Anthony: Welcome to healthsystemCIO’s interview with Steve Crocker, Chief Information Security Officer with Methodist Le Bonheur Healthcare. I’m Anthony Guerra, Founder and Editor-in-Chief. Steve, thanks for joining me.
Steve: Thank you for having me.
Anthony: Looking forward to having a chat today. Can you tell me a little bit about your organization and your role?
Steve: Sure. As you said, I’ve been the CISO at Methodist Le Bonheur Healthcare for a little over 6 years. I was initially brought in to build the organization’s very first security program which included developing a strategy, setting up the governance and policies, risk management, certainly putting in the security and technology and processes and really building the team. There was no security team there prior to me joining. We have made a lot of progress, and there is a lot more in front of us.
Prior to that, I was the CIO and Information Security Officer for 14 years at a Memphis-based bank. I’ve worked in a lot of different industries but this is my first stint in healthcare. Methodist itself is a relatively large healthcare delivery system based out of Memphis. They have six hospitals, including a world-renowned children’s hospital. We have about 100 physician clinics that we own, about 14,000 employees and we’re the second largest private employer in the city of Memphis. In addition to that, we’re an academic teaching and research hospital. We have a close partnership with the University of Tennessee Health Sciences Medical School.
Anthony: Very good. You went from working at the bank for 14 years to – that’s an interesting switch, to not only starting in healthcare but starting at an organization that did not have a lot of structure in place, that’s why you were brought in. That’s a big switch. What made that an attractive move for you?
Steve: Well, my early career was spent in the technical area and then I eventually got into management, kind of drifted over into security, a lot when I was in banking because it’s a big priority in banking. The bank I was at eventually was acquired by a larger bank. That bank offered me a different role within their organization. It’s a great bank and I certainly considered that, but this opportunity at Methodist came along and it intrigued me for two reasons. It was an opportunity to go in and build another security program from the ground up, something I had done before, but it was in a different industry sector; it was healthcare. That was intriguing. I enjoyed that challenge of going into new areas that I did not have experience in before. It’s been fun. I enjoy healthcare, so definitely a different culture than financial services.
The advantage is a lot of the things that we are doing in health...
View all episodes
By Anthony Guerra
5
33 ratings
Steve Crocker, CISO at Methodist Le Bonheur Healthcare, says after receiving a full briefing from IT security, business leaders should make the final decision on how much risk they want to accept.
LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE.
Bold Statements
We’re not saying no; we’re just saying, ‘Hey, let’s find a better way to do this to protect the organization and protect you and protect your data, protect your customers or your patients.’
I think if you’re not offering remote work, you’re going to struggle to find people or even keep people, because just about every position now, even the CISO roles, they’re being offered remote nowadays.
At the end of the day, we should be an advisor and consultant to assist owners on how they can manage the risks on the assets they own, not as gatekeeper to say yes or no.
Anthony: Welcome to healthsystemCIO’s interview with Steve Crocker, Chief Information Security Officer with Methodist Le Bonheur Healthcare. I’m Anthony Guerra, Founder and Editor-in-Chief. Steve, thanks for joining me.
Steve: Thank you for having me.
Anthony: Looking forward to having a chat today. Can you tell me a little bit about your organization and your role?
Steve: Sure. As you said, I’ve been the CISO at Methodist Le Bonheur Healthcare for a little over 6 years. I was initially brought in to build the organization’s very first security program which included developing a strategy, setting up the governance and policies, risk management, certainly putting in the security and technology and processes and really building the team. There was no security team there prior to me joining. We have made a lot of progress, and there is a lot more in front of us.
Prior to that, I was the CIO and Information Security Officer for 14 years at a Memphis-based bank. I’ve worked in a lot of different industries but this is my first stint in healthcare. Methodist itself is a relatively large healthcare delivery system based out of Memphis. They have six hospitals, including a world-renowned children’s hospital. We have about 100 physician clinics that we own, about 14,000 employees and we’re the second largest private employer in the city of Memphis. In addition to that, we’re an academic teaching and research hospital. We have a close partnership with the University of Tennessee Health Sciences Medical School.
Anthony: Very good. You went from working at the bank for 14 years to – that’s an interesting switch, to not only starting in healthcare but starting at an organization that did not have a lot of structure in place, that’s why you were brought in. That’s a big switch. What made that an attractive move for you?
Steve: Well, my early career was spent in the technical area and then I eventually got into management, kind of drifted over into security, a lot when I was in banking because it’s a big priority in banking. The bank I was at eventually was acquired by a larger bank. That bank offered me a different role within their organization. It’s a great bank and I certainly considered that, but this opportunity at Methodist came along and it intrigued me for two reasons. It was an opportunity to go in and build another security program from the ground up, something I had done before, but it was in a different industry sector; it was healthcare. That was intriguing. I enjoyed that challenge of going into new areas that I did not have experience in before. It’s been fun. I enjoy healthcare, so definitely a different culture than financial services.
The advantage is a lot of the things that we are doing in health...
More shows like healthsystemCIO.com
View all
Acquired
3,954 Listeners
The Daily
111,562 Listeners
SmartLess
57,908 Listeners
This Week Health: Newsroom
26 Listeners