In this special Speed Data episode, Mike Taylor, Hospital Ship Joint Task Director for the U.S. Department of Defense, discusses his role in information security for USNS Mercy and USNS Comfort. He shares insights with host Megan Garza on managing security for floating healthcare facilities and challenges traditional perceptions of military ships.
In this special Speed Data episode, Mike Taylor, Hospital Ship Joint Task Director for the U.S. Department of Defense, discusses his role in information security for USNS Mercy and USNS Comfort. He shares insights with host Megan Garza on managing security for floating healthcare facilities and challenges traditional perceptions of military ships.
[00:00:00]
Megan Garza: Welcome to Speed Data. Quick conversations with cybersecurity leaders. I'm your host, Megan Garza. I'm excited to welcome Mike Taylor, Hospitalship Joint Task Director for the United States Department of Defense. Thanks for joining me, Mike.
Mike Taylor: Thank you, ma'am.
Megan Garza: Mike directs the CIOs for the US NS Mercy and US NS Comfort for the United States Navy.
He manages all things IT for both ships and oversees all the new hospital ships currently in production. The former Marine has more than 15 years of information technology experience covering a wide spectrum of IT disciplines, including networks, systems, storage and backup security and applications.
Mike deploys with the ships whenever they are activated, whether it be for a combat response or a humanitarian mission, spreading goodwill by helping other countries with health care and disaster [00:01:00] preparedness. Mike, you have one of the most unique jobs of any guest I've had on Speed Data. Tell me what led you here.
Mike Taylor: once I ended my military career, you know, they don't, and I'll let you do it forever. I actually, I went to school.
I went to college and I went to a tech school. Uh, so I had formal training for it. Worked at SAIC, Marathon Oil, a few other companies, but eventually, I got on doing healthcare IT, which is some of the contacts I had made, over the years, and working at hospitals was an interesting and much more challenging atmosphere, IT wise, than just traditional line IT, um, So I, I worked for a while at a, uh, Naval Medical Center San Diego at a, at a, regular brick and mortar hospital.
I was fortunate enough to, uh, to assist and work alongside the team that supported the hospital ship Mercy. So ba way back in 2012, I, uh, was fortunate enough to get asked to, uh, join the crew of that ship as a civilian. And, just kind of took off from there. I worked on Mercy from 2012 until 21.
Took a short break to work [00:02:00] at a startup and then, uh, got asked by Military Sealift to come back and help out both hospital ships. so it's been, uh, it's been an interesting and really fun ride doing deployments with the ship taking healthcare around the world.
Megan Garza: and how often do you deploy, and is it difficult living in somewhat of a limbo?
Mike Taylor: the hospital ships are, you know, What we call ROS 5, meaning they have five days to activate in the event of an emergency or request to activate in support of anything. the COVID mission was a great example. I was the Chief Information Officer for Mercy for our COVID mission to Los Angeles.
And they gave us five days, once, the President and, our Governor here in California, Gavin Newsom, requested Mercy Support. So we had five days to get everything we needed, you know, band aids, everything you could imagine. The right people, the right specialties, everything that a hospital needs, and then get underway.
you know, just going up to Los Angeles is one thing, but if you're asked to go somewhere, Far away, like the Philippines where they have [00:03:00] earthquakes and things like that. It is challenging. It, it kind of wears on you. You're always e even to this day. I still have alerts set up on my phone for when there's a, a typhoon in the Philippines or somewhere in the South Pacific from being on the ship.
The ships normally deploy on an every other year basis. Comfort gets to participate in, the humanitarian mission, Continuing Promise, where they go down to South America and, in our sphere of influence here, take healthcare down there and help people out. And Mercy participates on the opposite years, so Mercy usually goes on the odd years, Comfort will go on the even years.
and Mercy Does Pacific Partnership, where we head down to the South Pacific and Southeast Asia and do the same. Just basically take America's most wonderful and talented healers downrange to help other people, in different parts of the world.
Megan Garza: That sounds incredibly rewarding.
Mike Taylor: It really is. I've, got tons and tons of stories that we don't have enough time for, but, uh, You know, uh, just looking at my past life and then looking at what I, I've been doing, and looking at the difference it [00:04:00] makes, not just in the whole geopolitical perspective of, oh, America's helping people, but real people, kids that come onto the ship and get healthcare that's not available in their countries, And then we train their doctors, too, and everything else.
It's just wonderful, and it's, it's unfortunately a story that's not really told a whole lot about what our military does and how we take care of others, uh, in conjunction with other agencies. But, um, thank you for giving me the opportunity to talk about it.
Megan Garza: absolutely. So then tell me a little bit about your day to day responsibilities.
Mike Taylor: on the ships, it's, it's crazy, especially with all the, different evolutions that IT has been going through. In fact, both of the ships are, uh, Evolving as we speak, um, we're implementing most, if not all, of the facets of Zero Trust, this fiscal year, this calendar year, Varonis is a big part of that, because we have to make sure that we stay ahead of any threat actors, any, any parts of the game, but inherent to staying ahead is also [00:05:00] Your daily IT stuff, checking your network, looking at the health of, your file shares.
What's on those file shares? Is there anything malicious? How are we protecting our network? The basic stuff, network access control and all that. So every day, it's, you know, the teams aboard both ships, really, really talented, really, really great teams. I'm very fortunate. My job is easy because the guys on the ships are really, really good.
Dedicated and talented guys. you know, you come on the ship and it's just like going to an office. it's weird because you're in a moving platform, but you're actually inside a hospital and you sit down at your desk, you know, and it's just like you're at a brick and mortar hospital, except you move.
So you go through the motions of doing all your basic IT and then looking at, okay, well, what are the new things that we're implementing today? What are the new challenges we have to prepare ourselves for? And the ships do have unique risk because as we were discussing, they go all around the world and we have lots of, people from foreign countries come on the ship, not just as patients, but also tours and things [00:06:00] like that we're a great, you know, little showcase thing.
And, you know, not all those people have good intentions. A lot of them just see a U.S flag and they think that it's an opportunity to, take advantage. So we have to stay ahead of those kind of threats too. it's a very dynamic and challenging environment for sure.
Megan Garza: I wouldn't have even thought about that, but you say that and it's like, Yeah, I can absolutely see how that's different than your regular hospital. What is your favorite aspect of working in information technology?
Mike Taylor:
The biggest thing has been, that I enjoy, is direction. You know, the industry and outside, You know, stressors kind of dictate where IT is supposed to go, but then IT gets to look at creating elegant solutions in driving technology to implement those solutions. So being a driver of technology is always fun.
you go to these trade shows and things like that, and you see all this new tech and everything else that's been developed. Yeah, it's, they're cool toys, but at the end of the [00:07:00] day, it's, it's, it's They were developed, they, they're driving a solution for problems that we found, whether or not they're man made problems or they're, you know, just technology problems themselves.
So the driving part of IT is probably my favorite part of it.
Megan Garza: And so being in a hospital on a ship, what type of data breaches do you see the most often?
Mike Taylor: that's a really great question and not to, to air dirty laundry or anything, but we're, again, with that unique situation where we have lots of people who don't Live and breathe and work on the hospital ship coming on them all the time. We have to be prepared for everything. We have to be prepared for random people on a tour trying to plug a USB stick into a PC that they walk by at a nurse's station.
We have to be prepared for insider threats, maybe not even, uh, not even people that work on the ship, but people that might be military, people that might be from an agency. They get to work on the ship. and they just may not be happy with whatever situation, so we have to guard against that as well.
and again, I'll, I'll talk about [00:08:00] how Varonis has helped us in the past. We have lots of documented occasions where, anomalous behavior and things being placed in spaces where they shouldn't be placed, like email attachments or shared drives. You know, it's helped us to stay ahead of some of those threats.
it's a daily challenge, but leveraging intelligence, leveraging tools, we're able to take our, our small little teams on the ships. And, make sure that they're always ready for anything that comes our way.
Megan Garza: And I would think working in healthcare information technology. It's even more stressful because literally it could be the difference between life and death. You know, if somebody gets in there and they change a patient's records, or if they get in there and they modify, you know, medication. it's literally life or death type of situation.
Mike Taylor: it really is true, and I'll lean back again on how wonderful the teams that I have on the ships are because they take that mission and they take that responsibility to heart. They know that something that may disrupt a PC in a surgical suite during a procedure Could [00:09:00] have really, really dire consequences.
So, it's not just making sure things are patched. It's going to that next level of making sure, well, nothing can even get to this part of my network because I've got everything protected, you know, nothing's going to disrupt healthcare, nothing's going to create an additional risk to patient safety. Any of those things.
And, on the hospital ships, it's not just healthcare. It's also things like ship's navigation and all that. Everything's electronic. Everything's digital nowadays. So, any disruption to the environment also takes away from our civilian mariner's ability to safely drive the ship. You know, keep engineering running. U Up on the bridge, if the PC stops working, that's bad. So, you know, we have to keep all those things going too.
Megan Garza: that's so fascinating to me. So what do you foresee as the biggest threat or risk to information security on the horizon?
Mike Taylor: Operational technology threats are a huge thing. And of course on the ships, we've got lots of those, skated devices, industrial controls, [00:10:00] medical modalities, all those kinds of things.
And that's part of the reason we're being so ambitious with Zero Trust. is because leveraging all the tasks and tenets within Zero Trust, which the hospital ships have done for a long time. We've been able to do comply to connect. We've been able to do a lot of those things. the very, very granular, tight, environment that prevents something like a, as best you can, prevents like an insider threat, prevents things like malicious devices getting put on the network and then just going out and doing what they do.
that's probably my biggest, my biggest concern. And one of the reasons, again, why we're being so ambitious about leveraging zero trust, probably brisker pace than we need to, but we've got the right people in the right places to do it. We've got a lot of support and backing from our program and from higher military seal of command and force medical.
So everybody's on board to get it done which is great because when we take it away from the pier, all we have is ourselves and whatever [00:11:00] security we've implemented along with us.
Megan Garza: And obviously you have a background in leadership of being a former Marine. What do you think it takes to be a successful security leader?
Mike Taylor: Being
a successful security leader requires first and foremost commitment. You have to commit to learning and understanding the technology that you have to leverage, to protect your infrastructure, your network, your people, all of that. So it's not just a kind of fly by night Oh, I read the release notes, I read the instructions.
You really need to commit to understanding your environment, what your adversary thinks your environment is, be open-minded about your weak points, and then take all of that personal assessment and commit to finding elegant solutions, and very skilled, very dedicated people to do it. It's interesting being a leader in these times because lots of people will tell you all these things that you should be doing.
Great consultants, [00:12:00] they can certainly quarterback from afar and, tell you all the things that are tactically make sense in the world today and, are the new thing in cyber. But, Committing to looking at those, being open about your environment, and then finding those elegant solutions and dedicated people, I think are key to being a successful leader in the security environment.
Megan Garza: Yeah. And can you share the one thing you wish future security professionals knew?
Mike Taylor: Wow. Just one thing. Um,
has come so far. I mean, we all, wow, I'm dating myself, you know, I, I took typing in high school and stuff and it's, we, we look at just the, the ultra fast pace that technology changes and now with AI and everything else, machine learning was great because it helped us to kind of find interesting ways to make technology work better.
But now with AI, we really need to Sit back and focus on what do we want it to do for us? You know, how do we want AI to integrate with our [00:13:00] systems, enhance our systems, help us with decision making based upon what it's finding? And if I was to say there's any one thing that I would ask security pros to look at, look at where we've come from, and look at what we have and where we're going.
Look at the breadth of how time has progressed within IT because the Old school fundamentals still apply. Typing still applies, whether it's on a typewriter or a keyboard. But, um, if you look at where we've been and look at the solutions we've had to make in the past, and then look at these new and, and frankly, sometimes a little scary technologies that we've got on the horizon, don't forget where we've come from and how dedicated we've been in finding, Really good ways to implement this tech and let's find the right way.
The good way to implement future tech as well.
Megan Garza: Yeah, that's a great point. Well, I appreciate your time today, Mike. It was fascinating to get a behind the scenes glance of working in IT for the United States Navy. Thank you for joining me on [00:14:00] Speed Data.
Mike Taylor: Thank you so much for having me. It's been great.