Application security, DevSecOps, Security Strategy, Plan, Budget

The Mayo Clinic’s team approach saved my life; now I use it to build great software

Today’s columnist, Keith Ibarguen of Cofense, drew from the lifesaving cancer treatment he received at the Mayo Clinic to go on and apply the multidisciplinary approach used by the medical staff at Mayo to his work as a security software developer.

In 2017 I was diagnosed with liver cancer. I’ll spare you all the details of how I went from being on a liver donor list in Washington D.C., to the Mayo Clinic in Rochester, Minn., but suffice to say, I had no idea what that journey would teach me. What I knew was that I felt fine. Everything seemed to be working, yet I was handed a diagnosis that nobody would want to hear: I had liver cancer, and according to my doctor, on a scale of 1-10, I was a 10+. Not good.

The Mayo Clinic has a very unique approach to how they manage people through their care process. When a patient meets a doctor at Mayo, they are talking with the face of a multidisciplinary team that assesses the patient as a person. On the surface, this may not seem consequential, but when somebody faces a life-changing or undiagnosed issue, it really helps to be looked at as a total person. It can mean the difference from staying sick to getting healthy. My doctor was a gastroenterologist. But despite his world-class pedigree, he turned to a multidisciplinary team to assess what to do next. This approach maximizes the possibility for, what I refer to as, “the next best step” to take. By looking at the situation as a whole, the team minimizes false starts, and gets to the end goal much more efficiently.

To make a very long story short, my surgeon was extraordinary, the surgery was successful, the softball-sized tumor was removed completely, and the cancer a lymphoma instead of a cholangiocarcinoma. I was extremely lucky. Today, I’m feeling fine, cancer free and immensely grateful to the Mayo Clinic. I’m also grateful for the opportunity to take the lessons from my treatment and apply them to software development.

Applying Mayo’s multidisciplinary approach to cyber

Companies that develop great cybersecurity products must meld attributes from a wide range of environments into something cohesive and ultimately helpful. Here’s a sample process for how companies can leverage a multidisciplinary team for developing cybersecurity products:

  • Before the team addresses a major requirement or feature, consult with marketing, sales, customer experience, product development, architecture, engineering, security and the executive team. Identify and address any issues or concerns from each corner of the organization.
  • Even if the conversations across company stakeholders are short, they ensure alignment and an opportunity to highlight a metric that can bring out a value proposition.  
  • Capture recurring themes in a document available to the development team; a sort of “Ray Dalio” list of product principles.
  • Consult the list for all future features, big or small, and the evolution of these principles ensures that the team has captured the culture and strategic direction of the company in an enduring and ever-evolving account.

There are a number of benefits to this initial look. First, it aligns the entire company’s focus on the product being built. They have a general understanding of the strategic direction. Tactical implementation might differ slightly as engineering challenges are addressed, but everyone on the team should understand the overall gist. Second, the stakeholders are invested. People have an opportunity to voice their feelings, concerns, opportunities, and anything else on their minds. And lastly, when folks are really good at what they do, great ideas spring up.

Finally, convene the stakeholders again before a formal launch, a meeting best run by a product manager or product leader. No company’s go-to market process results in a release that never has any drama, but expect to have much less drama than in the past. The cross-functional teams allow for a real conversation to take place. A team may even stop a release for a few hours or even a day to ensure something gets fully locked down. These small release delays are generally unnoticed by customers, so it makes sense to take this step before product launch.

My trip through cancer was one I wouldn’t wish on anyone. And I have tremendous respect for people who have faced the diagnosis and powered through. I also have tremendous respect for the great challenge of releasing great products consistently, on time, and in a manner that doesn’t trip up the organization. Taking the lessons of Mayo Clinic and applying them to the dynamic environment of software product development shows the truth of the Mayo approach to triaging and managing a patient through their care journey. The Mayo Clinic built a resilient and enduring approach to caring for patients. I’m sure it would please the staff there to see the approaches they use on patients successfully applied to software that protects millions of people from cyber security threats.  

Keith Ibarguen, chief product officer, Cofense

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.