Security professionals might not always first look to healthcare when it comes to developing their careers. There’s a general perception that healthcare has fallen behind other sectors in terms of security program maturity. Last year, the Brookings Institute called out healthcare organizations as vulnerable targets "…lagging behind other industries on key measures of cyber-readiness.”

By some estimates, healthcare defenses are a generation behind today’s cyberattacks. But these circumstances also make healthcare a great industry for talented people who want to take the next step in their careers—defining their vision for a successful security program and learning how to become an effective leader. Emerging security talent should consider healthcare as a foundational career opportunity because they can:

  • Make a difference.

If the COVID-19 pandemic has proven anything, it’s that our healthcare institutions deliver essential services—and they’re in desperate need of better cyber protection. Approximately half of the world’s hospitals experienced an IT shutdown as a result of a cyberattack in the first half of 2021. The critical nature of healthcare—combined with the shift to virtual care and relatively low levels of cyber controls—makes these organizations a prime target. Data breaches in the healthcare carry the highest total cost per industry—an average of $7.13 million per event, a 10% increase from the year prior, and a higher average cost than both the energy and financial sectors].

In choosing healthcare for a security job, it’s not just protecting data and devices. Security pros in healthcare help doctors and staff offer the best care possible while keeping patients safe from disruptions that could endanger their lives. Given the potential impacts to patient safety and infrastructure, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently advocated for greater investment in healthcare security to improve the sector’s overall cybersecurity posture.

  • Grow as a person and professionally.

I’m a big NBA fan—I follow the Toronto Raptors. I love that the Raptors organization has built a winning culture from the ground up by developing young players. If I were an NBA rookie, I wouldn’t necessarily want to go to a big market team loaded with free agent All-Stars. I probably wouldn’t earn meaningful playing time for a few years. I’d much rather go where there’s an opportunity to prove my skills immediately—to grow and learn with regular minutes on the court.

Joining a company with a mature and established security program often means inheriting someone else’s vision and technology roadmap. Because many healthcare organizations are playing catch-up, this can offer a chance to help build a winning security program from the ground up.

Earlier in my career, I took a leadership role with a healthcare provider—but it wasn’t something I had necessarily planned. A combination of circumstances led me to that choice. Some of it was personal—I just had kids and I didn't want to be on the road all the time like I had in past roles. But another major factor was that the organization’s executive leadership invited me to define my vision, build out a roadmap of technologies and processes, and really affect change. I don't know if I would have gotten that kind of opportunity in another industry at that stage of my career.

  • Learn leadership skills.

There’s a huge security leadership vacuum in healthcare—40% of healthcare organizations still don’t have a dedicated CISO. As security becomes a higher priority in the face of increasing attacks against health organizations, new leadership opportunities will emerge.

Any successful CISO can talk about how they came into a new organization and needed to turn things around. Many worry that they're going to inherit a mess. How can I manage people and technologies that I didn’t choose? Taking what exists and making the best out of it until the culture can be changed takes great skill. It becomes an assessment of: What tools/resources do I have?; Where are my risks?;  and How do I advocate for my team and build momentum?

Every situation is different. But for a highly-focused individual who wants a chance to cut their teeth on leading an organization, healthcare offers an excellent opportunity. A young executive will have a lot more responsibility and a chance to push that envelope a little bit more than they would in other sectors.

Going back to my NBA analogy, why warm the bench in banking when it’s possible to crack the starting lineup in healthcare? Career development in cybersecurity requires meaningful minutes on the job—opportunities where a security pro can make an immediate impact, show results, and prove themselves. It's a great chance to lead change in an industry that needs cybersecurity skills—and where it’s possible to feel good about keeping essential services running for the local community.

Damian Chung, CSO Healthcare, Netskope