Hospital IT security hiring about balancing academic, operational experience

Finding security pros with the right mix of knowledge and skills remains one of the top challenges for healthcare chief information officers, according to Curt Kwak, CIO of Washington-based Proliance Surgeons, which operates 100 sites.

Kwak, in an interview with, said during the process of hiring an experience security architect last year, he had to persuade someone he previously worked with to join his organization.

"On one side, you have very, very intelligent, educated and academic security professionals with very little day-to-day operational knowledge, and then on the other side you have [candidates with] very operationally-based and hands-on [experience], but who lacked the academic and true knowledge of security and security trends," he said.

Security expert and author Mansur Hasib maintains that it's better to focus on security skills over healthcare experience if it comes down to hard choices between the two when hiring.

Kwak added that not being able to find the "right mix of talent" was what lead him to going after someone he already knew could do well in the security architect position. It's a role that the organization has used to build out its security program, making use of the technical skills of its senior engineers, he said.

The program has focused on security medical devices, and reduced the number of individual sites buying their own medical devices. Employees go through a central committee that uses a standardized process to procure devices that the security team knows how to manage.

Healthcare organizations report resource constraints as one of the biggest challenges to creating a robust security program, according to a  recent survey from HIMSS Analytics and Symantec Corp.

To learn more:
- here's the article