34 min

Q&A with Anthony Longo, CISO, Baptist Health South Florida healthsystemCIO.com

    • Technology

Longo, who feels healthcare CISOs must have a ‘business-enabling’ approach, says going slow and saying no is never an option.



LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE. 



Bold Statements

I often say we are 10 miles wide and 10 feet deep as CISOs, and then you want really strong leaders who are 10 feet wide and 10 miles deep on your leadership team.

I’ll tell you what the best language is. The best language is numbers, metrics, quantifiable views of the status of the organization.

You need to have your eyes and ears open at all times to what’s going on because there is a problem with shadow IT in every industry.

 

Guerra: Welcome to healthsystemCIO’s interview with Anthony Longo, VP and Chief Information Security Officer with Baptist Health South Florida. I’m Anthony Guerra, Founder and Editor-in-Chief. Anthony, thanks for joining me.

Longo: Thank you, Anthony. I appreciate the time. Happy to be here.

 

Guerra: I look forward to chatting. Do you want to start off by telling me a little bit about your organization and your role?

Longo: Sure, sure. As you said I’m VP and Chief Information Security Officer of Baptist Health South Florida. We are a large not for profit healthcare system based in the South Florida region, in the Miami area mostly.

We are in the middle of a massive digital transformation, really focusing on bringing out best in class technology as it relates to clinical healthcare and how we interact with our patients, and with that comes the need for best in class security as a part of that program.

You know it’s been a great first year at Baptist, really just a time to invest in the program and continue to expand our capability and the people, process and technology, and just having a lot of fun.

 

Guerra: Excellent. I like to ask all CISOs how they wound up where they are. How did you wind up in security? How did you wind up in healthcare, the whole thing?

Longo: That’s a fun question. I’m in year 23 of my career, the majority of it being in security. I always joke that if you found me in the late ’90s in a data center and told me that I would be sitting in board rooms talking about information security to some of the strongest leaders in the country, I would say you are crazy. But here we are and here it is, nobody knew that security would be so critical as a part of the digital transformation of our industry as it is today.

I started out just like everyone else. I was an engineer. I started in help desk and desktop support, network engineering, server engineering and then somewhere around 2002, 2003, I made the decision to do some work in security. I had an interest in it. It was really just working in AV and anti-spam. It was very early days in security back then. Early days of fixed firewalls, ASA firewalls and Trend Micro, whatever. I went to work for an anti-virus company and the rest is history.

The majority of my career has been in retail and hospitality. That has been my primary focus as Chief Information Security Officer but I’m really, really excited to take on something new, a new challenge. Healthcare is at the frontlines right now of attacks across the globe. We’re seeing threats against critical infrastructure day after day and healthcare is one of the most targeted sectors. I want to take the experiences that we learned from retail and hospitality and the breaches of the late 2000s and 2010s around payment and bring them to healthcare.

Longo, who feels healthcare CISOs must have a ‘business-enabling’ approach, says going slow and saying no is never an option.



LISTEN HERE USING THE PLAYER BELOW OR SUBSCRIBE THROUGH YOUR FAVORITE PODCASTING SERVICE. 



Bold Statements

I often say we are 10 miles wide and 10 feet deep as CISOs, and then you want really strong leaders who are 10 feet wide and 10 miles deep on your leadership team.

I’ll tell you what the best language is. The best language is numbers, metrics, quantifiable views of the status of the organization.

You need to have your eyes and ears open at all times to what’s going on because there is a problem with shadow IT in every industry.

 

Guerra: Welcome to healthsystemCIO’s interview with Anthony Longo, VP and Chief Information Security Officer with Baptist Health South Florida. I’m Anthony Guerra, Founder and Editor-in-Chief. Anthony, thanks for joining me.

Longo: Thank you, Anthony. I appreciate the time. Happy to be here.

 

Guerra: I look forward to chatting. Do you want to start off by telling me a little bit about your organization and your role?

Longo: Sure, sure. As you said I’m VP and Chief Information Security Officer of Baptist Health South Florida. We are a large not for profit healthcare system based in the South Florida region, in the Miami area mostly.

We are in the middle of a massive digital transformation, really focusing on bringing out best in class technology as it relates to clinical healthcare and how we interact with our patients, and with that comes the need for best in class security as a part of that program.

You know it’s been a great first year at Baptist, really just a time to invest in the program and continue to expand our capability and the people, process and technology, and just having a lot of fun.

 

Guerra: Excellent. I like to ask all CISOs how they wound up where they are. How did you wind up in security? How did you wind up in healthcare, the whole thing?

Longo: That’s a fun question. I’m in year 23 of my career, the majority of it being in security. I always joke that if you found me in the late ’90s in a data center and told me that I would be sitting in board rooms talking about information security to some of the strongest leaders in the country, I would say you are crazy. But here we are and here it is, nobody knew that security would be so critical as a part of the digital transformation of our industry as it is today.

I started out just like everyone else. I was an engineer. I started in help desk and desktop support, network engineering, server engineering and then somewhere around 2002, 2003, I made the decision to do some work in security. I had an interest in it. It was really just working in AV and anti-spam. It was very early days in security back then. Early days of fixed firewalls, ASA firewalls and Trend Micro, whatever. I went to work for an anti-virus company and the rest is history.

The majority of my career has been in retail and hospitality. That has been my primary focus as Chief Information Security Officer but I’m really, really excited to take on something new, a new challenge. Healthcare is at the frontlines right now of attacks across the globe. We’re seeing threats against critical infrastructure day after day and healthcare is one of the most targeted sectors. I want to take the experiences that we learned from retail and hospitality and the breaches of the late 2000s and 2010s around payment and bring them to healthcare.

34 min