Bryan Chnowski, Deputy Chief Information Security Officer for Nuvance Health, is one of the most personable cybersecurity leaders you’ll ever meet. His passion for providing security awareness education to his staff, combined with his 25-plus years of experience across the education, financial, healthcare, and insurance industries, makes him ideal for leading the cybersecurity strategy at the not-for-profit health system. Listen to Bryan’s full Speed Data episode to learn the key attributes he thinks all successful leaders should have.
Bryan Chnowski, Deputy Chief Information Security Officer for Nuvance Health, is one of the most personable cybersecurity leaders you’ll ever meet. His passion for providing security awareness education to his staff, combined with his 25-plus years of experience across the education, financial, healthcare, and insurance industries, makes him ideal for leading the cybersecurity strategy at the not-for-profit health system. Listen to Bryan’s full Speed Data episode to learn the key attributes he thinks all successful leaders should have.
Megan Garza: [00:00:00] Welcome to Speed Data, quick conversations with cybersecurity leaders. I'm your host, Megan
Megan Garza: Garza. My guest today is Brian
Megan Garza: Chinowski, the Deputy Chief Information Security
Megan Garza: Officer
Megan Garza: for NuVance Health.
Megan Garza: Brian leads the cybersecurity strategy for NuVance.
Megan Garza: In his words, to be successful at cybersecurity, you need to
Megan Garza: ensure that the common is done uncommonly well. Brian has more than 25 years of experience in a variety of
Megan Garza: leadership roles within the educational, financial, healthcare, and insurance industries, with previous roles at Travelers and Bank of America.
Megan Garza: Brian has his Master's of Science in Information Systems Engineering. is GIAC certified, has had his CISSP since 2006. Brian, you've been in the game a while.
Megan Garza: How would you say the threat landscape has changed since you began your [00:01:00] career?
Bryan Chnowski: Believe it or not,
Bryan Chnowski: I actually started my career as a
Bryan Chnowski: programmer in the late 1990s.
Bryan Chnowski: So I remember the Y2K non bug.
Bryan Chnowski: I remember in
Bryan Chnowski: the You know, early
Bryan Chnowski: 2000s, the, I
Bryan Chnowski: love you virus and the Melissa
Bryan Chnowski: worm. And I think things really started
Bryan Chnowski: changing back in, you know, right around
Bryan Chnowski: 2013 with CryptoLocker. I remember that was probably one of the first
Bryan Chnowski: ransomware, type of attacks.
Bryan Chnowski: And then, you know, follow that up in, Probably right around 2017 or so with the WannaCry virus and what differentiated those two, you know, from the others is I think, the, threat actors realized that there's money to be made, distributing viruses, uh, or there's revenue to be lost by organizations.
Bryan Chnowski: going forward, you're going to continue seeing an increase, um, both in frequency and sophistication of, you know, these types of viruses.
Megan Garza: And do you think these types of viruses, or ransomware, [00:02:00] or RAS, is the biggest threat to cybersecurity on the horizon,
Bryan Chnowski: I think right now, you know, what you're seeing in cybersecurity is, there is, you've heard the numbers, there's three and a half million open cybersecurity positions worldwide. I think, you know, six or 700, 000 in the United States, there's a skills shortage. so the way that that can be addressed is, kind of twofold.
Bryan Chnowski: I think educational institutions need to, continue and actually expand their offerings of cybersecurity programs, cybersecurity education programs. but then on the business side, businesses need to. Target individuals,
Bryan Chnowski: that can transition into cybersecurity roles, with proper training and, you know, certification, and then support their training initiatives, whether it's, boot camps or workshops or, online training platforms or even cross-training
Bryan Chnowski: what organizations need to do is look outside of IT.
Bryan Chnowski: there are individuals that are [00:03:00] more than
Bryan Chnowski: capable, to be successful in cybersecurity, uh, that might come from legal or risk management or even your training
Bryan Chnowski: team. So, you know, look outside of IT as
Megan Garza: the skill
Megan Garza: set, uh, what do you think it takes to be a successful
Megan Garza: security
Megan Garza: professional?
Bryan Chnowski: Um, I'll answer this two separate ways.
Bryan Chnowski: You know, I think to be a successful
Bryan Chnowski: leader, there are personality traits.
Bryan Chnowski: that that leader needs to have to be successful.
Bryan Chnowski: Uh, you know, I think first, um, they need to remember to breathe, not panic. Remember that, data should
Bryan Chnowski: drive decisions rather than
Bryan Chnowski: emotions.
Bryan Chnowski: second, You know, is passion. you know, remembering that, life is intended to be limitless.
Bryan Chnowski: persistence. You know, you know, with persistence, remembering that, you know, no,
Bryan Chnowski: more often than not means not
Bryan Chnowski: now. remembering that what you focus on You'll achieve. You know, me personally, I throw
Bryan Chnowski: everything in my
Bryan Chnowski: calendar. If it's important for me,
Bryan Chnowski: Yeah, yeah, I'm [00:04:00] gonna put it on the calendar and then I'll get it done. you know, surround yourself with people smarter than yourself.
Bryan Chnowski: They'll challenge you. If you're the smartest one in a room.
Bryan Chnowski: better off leaving that room.
Bryan Chnowski: Have coaches, mentors,
Bryan Chnowski: and sponsors. You know, a coach will talk to you, a mentor will talk with
Bryan Chnowski: you, uh, and a sponsor will talk about
Bryan Chnowski: you. in order to grow and expand, as a leader, um, you need to be uncomfortable.
Bryan Chnowski: You need to be vulnerable. And lastly, and most important you have to
Bryan Chnowski: believe in
Bryan Chnowski: yourself.
Bryan Chnowski: But, you know, I think, you know, to be a successful leader, you need to understand
Bryan Chnowski: what
Bryan Chnowski: cybersecurity truly
Bryan Chnowski: is
Bryan Chnowski: Okay, so as
Bryan Chnowski: leaders, what we want to do is
Bryan Chnowski: we want to present the risk
Bryan Chnowski: back to the business because then they can take that and they can, they know their value or
Bryan Chnowski: benefit.
Bryan Chnowski: Now they have their risk or
Bryan Chnowski: exposure and they can make that
Bryan Chnowski: determination.
Bryan Chnowski: Is the value
Bryan Chnowski: worth
Bryan Chnowski: the
Bryan Chnowski: risk? You know, the whole
Bryan Chnowski: value
Bryan Chnowski: [00:05:00] proposition.
Megan Garza: Yeah. And kind of moving back to the tech side, in your opinion, what is the best way to defend against a cyber attack?
Bryan Chnowski: I think first you need
Bryan Chnowski: to realize that, incidents and breaches will occur. They will. So our job as leaders is to, you know, limit the frequency and limit the impact,
Bryan Chnowski: but, you know, how you
Bryan Chnowski: actually, you know, you know, address a cyber attack or prepare for a cyber attack
Bryan Chnowski: you know, I like
Bryan Chnowski: to think of the, you know, the analogy, the, um,
Bryan Chnowski: three legged stool analogy.
Bryan Chnowski: Okay, so you have one leg that's technology, you have one leg that's
Bryan Chnowski: documentation, and you have one leg that's culture. so you kind of need all three, otherwise you're going to
Bryan Chnowski: fall. So, you know, on the technology side, we're all aware
Bryan Chnowski: of this as, uh, you know, as, uh, you know, IT
Bryan Chnowski: professionals. You know, that's where you have your strong passwords and your multi factor authentication and, you know, you have your network segmentation to make sure you have
Bryan Chnowski: backups and restores, and you have your security awareness training
Bryan Chnowski: and, you know, retired legacy systems.
Bryan Chnowski: and all
Bryan Chnowski: that sort of stuff. Those roll off. But, you know, I think it gets [00:06:00] more tougher when
Bryan Chnowski: you start thinking about
Bryan Chnowski: the other two legs. Okay? Documentation. Make sure you have up to date and accurate business impact analysis and, you know, business continuity and disaster recovery plans and incident response playbooks and um, you know, downtime procedures and the like.
Bryan Chnowski: Which leads to the last one, which
Bryan Chnowski: is culture. Your organization needs to feel comfortable that if there is such an attack, there is an event, you know, they're going to be able to
Bryan Chnowski: proceed. So the way you get
Bryan Chnowski: them comfortable is have, drill it, practice it, do tabletop
Bryan Chnowski: exercises. the more comfortable they are, you know,
Bryan Chnowski: the more successful you're going to be when you.
Bryan Chnowski: I like
Megan Garza: what type of data breaches or exploits do you worry about most? What keeps you up at night?
Bryan Chnowski: the analogy that, um, I sleep like a baby. I cry myself to sleep every two hours. But, uh, you know, we're thinking about the different [00:07:00] types of attacks that worry me. Really the biggest one is one that actually takes down any of our critical systems,
Bryan Chnowski: takes it
Bryan Chnowski: offline. I'm in healthcare, okay, so any offline system has the ability to impact patient lives in a negative manner.
Bryan Chnowski: So, you know, that's what really worries me.
Megan Garza: Yeah, And I, I see some sports memorabilia behind you. so I know you've got fashions outside of work. Uh, if you weren't in cybersecurity, what would you be doing?
Bryan Chnowski: if I wasn't in cybersecurity, I'd be a teacher. Uh, I do
Bryan Chnowski: find it, um, rewarding educating those that, you, know really want to learn.
Megan Garza: would you
Megan Garza: teach tech or would it be something else?
Bryan Chnowski: Probably something else. I have a lot of hobbies outside of, you know, technology. You know, I, I love, uh, working with my hands, working outside, you know, that sort of thing.
Bryan Chnowski: So, uh, it would probably be something outside tech. I love technology, but, you know, I'd love to You know, kind of branch out and, you know, learn something a little different.
Bryan Chnowski: Again, you know, [00:08:00] you know, get a little uncomfortable and, uh, you know, force me to grow.
Megan Garza: Well, I really appreciate you
Megan Garza: sitting down with me this morning,
Bryan Chnowski: before we go, um,
Bryan Chnowski: you and I were exchanging messages, uh, you know, over the past week, and, you
Bryan Chnowski: were still pushing
Bryan Chnowski: to get your training done, even while being under the weather, and I looked at myself,
Bryan Chnowski: and I'm like, what's your
Bryan Chnowski: excuse? Love running.
Bryan Chnowski: Um, but I took off between the holidays saying, you know, I need
Bryan Chnowski: a break. forgetting that I'm my best person when I exercise. My mind is there. I have more energy. So I'm like, she's pushing through this, what am I doing? So you got me back to running, you know, when, um, I didn't need a break. So I just wanted to thank you for that.
Megan Garza: Thank you so much. I'm not sure if you can tell, my voice is a little scratchy [00:09:00] But I actually, I ran four miles this morning, so back
Megan Garza: at it.
Megan Garza: And as always, if our
Megan Garza: audience has any
Megan Garza: questions I should ask during a future episode of Speed Data, please email me at PR@Varonis.com thank you, Brian.
Bryan Chnowski: You're welcome. Thank you, Megan.