What can Holistic Integrative Medicine teach us about Cyber Security?
Posted 1st April 2019 by Joshua Sewell
This is the second instalment of a two-part blog post from Jothi Dugar, one of the pioneers in the field of Cyber Security. Here, Jothi explains how her experience with integrative medicine has transformed her approach to Cyber Security in a healthcare setting.
My holistic wellness approach to Cyber Security was discovered and developed as a result of my healthcare journey after the birth of my third baby. I had an experience where I used alternative medicine therapies, positive and mindful thinking, and an integrative medicine approach to achieve full recovery, healing myself naturally. without any invasive surgeries from severe complications and extreme pain due to an incompetent healthcare practitioner.
I am happy to share my personal healthcare journey and create awareness because I believe that by demonstrating how it changed my approach to life, health, and my profession, I might inspire others to do the same.
The way that the integrative medicine approach came into play was when I noticed in my personal experience was that there wasn’t just one healthcare solution. This is a principle that is widely applicable, as there is rarely a ‘magic bullet’ that fixes everything, especially in a complex situation. This is certainly the case when it comes to Cyber Security, as it’s a complex field. It is not just a technological issue, but more so a holistic one, and one that also involves the psychology of humans.
My healing journey created a “new me”, one that is whole, stronger, and happier, and I have applied the same concept to life and my workplace. Where this has helped me the most – particularly in a healthcare setting – is that I have started looking at everything from a holistic and integrated perspective, in other words, a “Whole360” way of looking at things.
What does the Whole360 Approach to Cyber Security look like?
To begin with, this means looking at the organization from a holistic point of view: seeking to influence the mindset of an organization’s leadership by building rapport and gaining influence through inspiration, effective communication skills, and motivating all levels of staff. It means looking at the organization as a whole, and how each department and person is inter-connected. It means thinking about how we can do things differently, and determining what kinds of resources to include people, processes, and tools the organization needs as a whole – not just in Cyber Security.
A lot of people forget about the actual users and customer. The goal of Security is not to prevent them from doing what they need to do. Users and customers won’t respond well to the security community telling them what to do, but they respond well when it is explained how we’re helping them perform their actual job more securely to serve the actual end user, which in a healthcare setting are innocent patients.
The mindset of an organization is key in determining whether it succeeds or fails. = The art and science of psychology and knowing how to communicate with whom is key in the Cyber industry. The manner and points I would communicate to a CFO would be different from a CIO and would be very different again from speaking to clinicians, scientists, or researchers. An integrated management approach requires combining different theories, solutions, and modes of operating together to form a solid solution.
I often found a lot of vendors selling products that offer to fix a specific problem. These products do offer specific solutions, but we could often gain more by looking at the situation from a holistic perspective. Is there something else we can do that might have a broader positive impact to the organization as a whole?
For example, increasing the security awareness of staff and clinicians. If we can impress on all staff the importance of security in an innovative way that is exciting and engaging for them, then they are empowered to be more security conscious and do their jobs for securely from the offset. They will be unlikely to fall prey to the common attacks that many organizations still fall for. Additionally, helping staff understand that the Cyber Security officers are there to help them in their roles, not block them from doing their jobs, would create better relationships between Cyber Security personnel and other technical operations teams as well as customers.
Benefiting from diversity through holistic recruitment
I believe that a holistic and integrative approach to recruitment would greatly benefit the Cyber Security field going forward.
We know that globally only about 11-14% of Cyber Security personnel are women. When I interview for my team, it’s overwhelmingly male applicants and they often come with certain pre-dispositions. They may think that they have a significant amount of technical expertise and experience, and therefore have a “I don’t need anyone to tell me what to do” mindset. I have found that this is a very hard mindset to manage.
This is why I tend to recruit people that are straight out of college with little to no experience. As contrary as that may seem to most organizations wanting people to “hit the ground running” as soon as they join, I have found that younger yet eager employees are willing to learn quickly and eager to gain experience. Even if they are not the most technical, but they have a positive and upbeat personality with good work ethics, I would much prefer that combination of traits over a senior experienced person who has an air of authority and does not respond to direction positively. I have found that the majority of people who may have strong technical skills or experience are missing basic social and emotional skills that are needed to succeed in the workplace, especially in the Cyber Security management field.
There is a common myth that an artistic person won’t succeed or flourish in a technical field, but that’s not accurate. I’ve brought a lot of my artistic and creative skills into Cyber Security, like the art of communicating well and finding innovative and creative solutions by thinking outside of the box. It is possible that people may lose that essential creative side if we’re only utilizing our technical and logical side.
I talk a lot about how we desperately need women in Cyber Security. Women come with a unique and different skill set, so we limit ourselves by hiring mostly men. By increasing the diversity of a team, we also increase the productivity of the team and enhance happiness amongst the team, and therefore the workplace. Women and men are wired very differently, and therefore create the dynamics of what makes a successful team, just by having different “sides of a coin”.
Even looking at programs in schools, there aren’t a lot of girls that are continuing to do STEM. Often, they quit by their 4th Grade, and if they do continue they often quit before college. It’s often even the professors and teachers who aren’t encouraging or empowering girls to persevere with STEM.
I think we need to do a better job as an industry in closing that diversity gap and taking a practive lead in this area. Something that could help enormously is exploring different avenues in recruitment, and perhaps even finding people from other job functions such as the arts.
Jothi Dugar is CISO at the NIH Center for Information Technology, Office of the Director, USA. We are excited to be welcoming her to CybSec and Blockchain Health later this year.
The CybSec and Blockchain Health agenda is now available to view online. Download it now and see what experts from international healthcare organisations, academia and technology solution providers will be presenting on.
Leave a Reply