Health systems today face increasing odds of a breach, and that’s what drives Rishi Tripathi, CISO at Mount Sinai Health System in New York City. “There is an opportunity for us to step up and do a far better job than we do protecting our banks or factories, because this is literally life and death,” he says. And Tripathi should know. He’s been around the block with cybersecurity. In his career, he has guarded a utility, a media company, manufacturing and financial services – landing most recently in healthcare. The significance of the responsibility is not lost on him. In this interview, Anthony Guerra, founder and editor-in-chief, interviews Tripathi on what he’s learned from other industries about the cyberbattle and how he handles the fearsome task at the front line.

LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE. 

Bold Statements

“If you compare the expectations that we have in healthcare versus the expectations financial services has on their vendors, there is a disparity.”

“ … if you have a security function that becomes almost like a bottleneck or a bureaucracy, where things go in and you don’t know when the output would be delivered, that becomes an issue.”

“ … the name of the game is talent. How you attract the best talent. And I can tell you the best talent wants to work in a mission-driven organization.”

Guerra: Rishi, thanks for joining me today.

Tripathi: Anthony, thanks for having me.

Guerra: All right, very good. Let’s start off. You want to tell me a little bit about your organization and your role as CISO over there.

Tripathi: I’m the chief information security officer for the Mount Sinai Health System. And it is a pretty complex operating environment from a healthcare provider perspective. We’re tasked with protecting the health system in total, which includes a number of hospitals, ambulatory clinics, research, facilities, university, etc. So it’s a fairly complex environment, and we’ve been on a path to mature the program. There are some things that were of interest to me when I joined here. And we’ve been executing on that to take it to the next level.

Guerra: Can you tell me a little bit about your career journey, how you wound up here and your perspective, as you compare it to the other industries you’ve worked in?

Tripathi: Yes, absolutely, Anthony. I started my career, actually, working in electrical substations. I was working for a construction company wiring up regulators and substations, and then I got a job for the utility where this connectivity was being made to in their SCADA system. 911 happened, and they were looking at beefing up their security. And I, essentially, raised my hand, and I started working a lot on cybersecurity at that time. So I’ve worked in SCADA system; I’ve worked in financial systems. I have worked in manufacturing. I have worked in media and entertainment, and I’ve worked in healthcare. So five jobs in total, each in cybersecurity, and each in different industries.

So it has been  unique trajectory in that sense. I’ve seen that every industry has a lot of commonalities, but also some differences. At a base level, if you think about it, every industry will have a piece of technology or an organization that is easy to secure your traditional IT stuff. But at the same time, every industry will have these OTs, which are more difficult to secure. So in case of an electrical utility,