Securing healthcare, HIPAA, and beyond: Cybersecurity insights from CISO Bill Dougherty

This episode features an interview with Bill Dougherty, CISO at Omada Health, a virtual-first, integrated care provider combining the latest clinical protocols with breakthrough behavior science to make it possible for people with chronic conditions to achieve long-term improvements in their health. Bill brings with him over 25 years of experience in IT and security at such companies as RagingWire, StubHub and Copart. And on this episode, Bill and host Tim Chase discuss the ins and outs of threat modeling, the cybersecurity basics every security leader should revisit, and why every IT or security leader should have another expertise within the business.Key Quotes*”If you've got the right relationships and you build the right risk model, you can get the resources you need. Not necessarily what you want, but the resources you need to do the job right.”*”The best IT people and the best security people that I know have some other expertise within the business first.”*”If you want to run Salesforce, run a commercial system. You should have some expertise in the sales side of the house and some affinity for what it's like to get up every morning and make 50 cold calls and get hung up on 50 times because that then gives you the knowledge you need to make the system better for the people who are going to actually use it. So I consider the fact that I didn't start out in IT or security actually a gift because it gives me empathy for my customers.”Time Stamps[0:16] Introducing Bill Dougherty, CISO at Omada Health[0:51] How does Bill navigate HIPAA?[2:26] How does Bill advocate for more budget?[5:01] Does Bill add more regulations to those imposed by HIPAA?[8:56] What’s the difference between following security regulations and compliance with the law?[11:20] What’s threat modeling?[13:15] How do you integrate threat modeling?[16:47] What’s the INCLUDES NO DIRT threat model?[19:41] Why is it important to revisit cybersecurity basics?[24:27] How did Bill first get involved in IT and cybersecurity?[28:46] Bill’s advice for other cybersecurity and IT professionalsLinksConnect with Bill on LinkedInLearn more about Omada HealthRead more about the INCLUDES NO DIRT threat modelLearn more about LaceworkThis podcast is brought to you by Lacework, the leading data-driven cloud-native application protection platform. Lacework is trusted by nearly 1,000 global innovators to secure the cloud from build to run. Lacework delivers true end-to-end protection, empowering customers to prioritize risks, find known and unknown threats faster, achieve continuous cloud compliance, and work smarter–not harder–all from one unified platform. Learn more at Lacework.com.