“There’s no secret there that other countries are attacking us,” says Dennis Leber, PhD, interim chief CISO at UConn Health. And this puts a huge responsibility on the shoulders of a CISO. But in the end, the ultimate responsibility for making big security-related calls lies with the organization’s top leaders, and CISOs have to find a way to give them all the information they need to make those decisions. In this interview with Anthony Guerra, healthsystemCIO founder and editor-in-chief, Leber – who has been chasing after the bad guys for a long time; first in the military, then in a career as a police officer and now as a CISO – says that CISOs and CEOs often don’t use the same language when it comes to talking cybersecurity risk, and that’s why it’s important to use a CEO’s language rather than cyber-speak.

LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE. 

Bold Statements

Folks have been scamming other folks as long as there’s been folks. It’s the shell games, the three-card Monty. Now we just do it with computers and social engineering.

How do we put those checks in place, considering human psychology, that will eliminate or vastly reduce the ability to have that plane crash, and we need to mirror that into our cybersecurity industry programs.

So it’s not necessarily that you want to inform, coach, mentor or train the CEO on the language that you use, but you want to use their language more, and be able to relate that back to your team.

It’s not in a vacuum or silo. It takes a community. You are going to not be very effective, and you’re going to be very frustrated, if you’re trying to go it alone.

Guerra: Dennis, thanks for joining me.

Leber: Happy to be here. Thanks for having me.

Guerra: All right, great. Thank you. Dennis, do you want to tell me a little bit about UConn Health and your role over there?

Leber: Sure. I am serving as the interim CISO at UConn Health. UConn Health is approximately a 300-bed hospital serving Connecticut and the residents there in the Connecticut-Hartford-Farmington area. We have two schools, College of Medicine, College of Dentistry. And so it’s a learning hospital. Like most hospitals, we have a nice research branch, and we have a population demographic of researchers as well.

Guerra: Excellent, very good. All right. I always like to ask folks in the CISO role how they came to be where they are. So how did you specifically come to wind up in the security side of healthcare information technology?

Leber: So it was a career change for me. I got out of high school and went in the military – in the Marines. When I got out of the Marine Corps, I came back home looking for a job. I actually joined the police department. Never really had a desire to be a police officer. It just sounded like a good job, and it paid well. And I did it for a long time. But I also noticed a lot of police officers when they retired, they were retiring and coming back to work as police officers. And I’m originally from Louisville, Kentucky. And so you have two big Ford plants in Louisville. And I was watching friends that work at UPS and Ford and when they retired, they didn’t go work for Chevy. Or if you worked at UPS and you retired, you didn’t go work for FedEx, right? So I started really looking inward and said, “I’ve got to be worth more than that.” And not that that’s a bad profession. But it was like,