Welcome to Speed Data: Quick Conversations With Cybersecurity Leaders. Like speed dating, our goal is to capture the hearts of CISOs with intriguing, unique insight in a rapid format for security professionals pressed for time.
Bryan Chnowski, Deputy Chief Information Security Officer for Nuvance Health, is one of the most personable cybersecurity leaders you’ll ever meet. His passion for providing security awareness education to his staff, combined with his 25-plus years of experience across the education, financial, healthcare, and insurance industries, makes him ideal for leading the cybersecurity strategy at the not-for-profit health system.
Watch Bryan’s full Speed Data episode below to learn the key attributes he thinks all successful leaders should have.
Nontraditional cybersecurity recruiting
Ransomware, malicious actors, vulnerabilities, and insider threats are terms every CISO dreads. But for Bryan Chnowski, one of the most significant risks on the horizon is the shortage of workers.
“What you’re seeing is there are 3.5M open cybersecurity positions worldwide,” the Deputy Chief Information Security Officer for Nuvance Health said. “There’s a skills shortage.”
Rather than rely on existing cyber professionals to continue to fill the growing roles, Bryan offered an alternative suggestion. “Businesses need to target individuals who can transition into cybersecurity roles with proper training and then support their training initiatives, whether it’s boot camps, workshops, or online training platforms,” he said. “Organizations need to look outside of IT."
There are individuals that are more than capable to be successful in cybersecurity that might come from legal or risk management or even your training team.
Key attributes for cybersecurity leaders
And these individuals could be ideally suited for security leadership positions, Bryan added, if they have specific characteristics.
“There are personality traits a leader needs to have to be successful,” he said, listing off a few key attributes, such as staying calm amid the chaos, being persistent, and keeping wise company. “Surround yourself with people smarter than you — they’ll challenge you. If you’re the smartest one in a room, you’re better off leaving that room.”
Data breaches: prepare, practice, and then proceed.
A sense of situational awareness is also key. “You need to realize that incidents and breaches will occur, so our job as leaders is to limit the frequency and impact,” Bryan said. “Make sure you have up-to-date and accurate business impact analysis, business continuity and disaster recovery plans, and incident response playbooks.”
Your organization needs to feel comfortable that if there is an attack, they’re going to be able to proceed.
“The way you get them comfortable is to drill it, practice it, and do tabletop exercises. The more comfortable they are, the more successful you’re going to be when you experience some time of attack.”
And in an attack on Bryan’s industry, the stakes are higher. “I’m in healthcare, so any offline system has the ability to impact patient lives in a negative manner,” he said. “When thinking about the different types of attacks that worry me, the biggest one is one that takes down any of our critical systems.”
Life outside of cybersecurity
With more than 25 years of leadership experience across the education, healthcare, and insurance industries, Bryan’s passion for securing data and teaching those around him could have led him down a different path.
“If I wasn’t in cybersecurity, I’d be a teacher,” he said. “I find it rewarding educating those who want to learn.” His face lights up when he talks about the topics he’d teach.
“I love technology, but I’d love to branch out and learn something a little different,” he said. “I love working with my hands, working outside, getting outside my comfort zone, forcing me to grow. I have a lot of hobbies outside of technology, so I think there are plenty of possibilities on what I would wind up teaching.”
What should I do now?
Below are three ways you can continue your journey to reduce data risk at your company:
Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.
See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.
Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.