Healthcare has special challenges securing information and devices. The consequences of a successful hack can be, at their worst, extreme results on people’s health and well-being. Medical records are worth more on the black market than identity data, and thus make health records particularly vulnerable to theft and ransomware attacks.
As a result, healthcare organizations hiring entry-level and senior security professionals should have certain abilities and areas of expertise in mind when studying job candidates, knowledge that differs based on the level of the job.
“For entry-level cybersecurity roles, candidates need to understand networks, applications, devices and how to secure them,” said Bret Fund, co-founder of SecureSet Academy, a cybersecurity education organization. “Differences will come once they’re in a role. In finance, for example, you’re looking through transactions and reviewing payment gateways. In healthcare, your focus changes to ransomware, exfiltration of data, and device security on a large scale.”
Cybersecurity is not computer science or computer engineering, it is a business discipline that requires people from all backgrounds and majors, said Mansur Hasib, program chair for cybersecurity technology at the University of Maryland University College, and author of the book “Cybersecurity Leadership.”
“There are four things that determine someone’s success: knowledge, attitude, skills, and habit,” Hasib said. “Attitude and habit determine success far more than anything else. Therefore, entry-level people should demonstrate they are excited about the mission of an organization and stress their attitude and habits to hiring managers.”
Entry-level candidates also should show passion for perennial learning and desire to innovate because cybersecurity is “people-powered perpetual innovation,” he added.
Senior positions, like the chief information security officer, require more skills, more knowledge and different degrees of each.
“Experience will be the key factor in dealing with the challenges and threats that are unique to healthcare,” Fund said. “CISOs and CSOs of tech companies will find it more complex than their previous roles. Given the choice between a senior security leader from a large tech company and a senior security leader with healthcare experience, hospitals will choose the healthcare background because the job requires a deeper understanding of the implications of breaches.”
Read More at the Source: What to look for when hiring healthcare cybersecurity pros | Healthcare IT News
By Bill Siwicki