CIO Magazine www.theciomagazine.com is a global knowledge sharing digital platform published by Connecta Innovation Private Limited. All rights reserved. The opinions expressed in the content and pictures provided are those of the authors. They do not purport to reflect the opinions or views of Connecta Innovation Private Limited or any of its subsidiaries, its members or associates and we do not assume any responsibility. The publisher does not assume any responsibility for the advertisements. The content, pictures, and all warranties made in such advertisements are the sole responsibility of the advertisers. CIO Magazine www.theciomagazine.com is a Free Subscription and Free-to-read digital platform strictly not for sale and must be strictly for internal private use only. Publisher does not assume any responsibility arising out of anyone modifying content and pictures, printing a copy of this digital platform in any format and in any country and all matters related to that. “CIO Magazine www.theciomagazine.com“ and “The CIO Magazine www.theciomagazine.com“ trademarks are owned by Connecta Innovation Private Limited.
THE UNSUNG HEROES BEHIND EVERY DIGITAL REVOLUTION
Afew days ago, I found myself frustrated over a simple software update that froze my laptop for what felt like hours. At that moment, I couldn’t help but think: This is exactly why CIOs exist. They’re the ones who make sure that technology doesn’t break when we need it most—and when it does, they’re the ones driving the solutions.
Today’s CIOs aren’t just managing IT infrastructure—they’re steering the ship when it comes to digital transformation. They’re the strategic leaders behind the scenes, ensuring businesses not only keep up but stay ahead in an increasingly tech-driven world. From refining IT strategies to launching innovative solutions, CIOs are pushing the boundaries of what’s possible.
That’s why we’re launching CIO Magazine. Our mission is simple: to spotlight the incredible work CIOs are doing and to offer insights that help them—and the broader business community—stay on top of the fast-paced digital landscape. Whether it’s tackling cybersecurity challenges, leading business transformations, or aligning IT with overall strategy, we’re here to cover it all.
In this maiden issue, we’re thrilled to feature Kristie Grinnell, Senior Vice President and Chief Information Officer at DXC Technology, as our cover story. An award-winning leader, Kristie has redefined IT’s role in delivering value across global operations. Her insights into digital strategy and operational excellence are invaluable, and we’re excited to share her story with you.
We’ve also packed this issue with interviews and op-ed pieces from leading CIOs and industry experts, providing a range of perspectives to keep you informed, inspired, and ready for what’s next.
Welcome to the future of IT leadership. We’re here to guide, support, and connect the CIOs who are shaping tomorrow’s digital world.
Enjoy Reading.
Sarath Shyam
CHAMPIONING A CULTURE OF DIVERSITY, EQUITY, & BELONGING
COVER STORY
CIO INSIGHTS
Alexander Nelles
Chief Information Officer, Kantonsspital Winterthur
Delivering Long-lasting Tangible Results Through Digital and Business Transformation
Noel Toal
Chief Information Officer, DPV Health
Making a Positive Impact by Delivering Digital Health Innovations
James
Group Chief Information Officer (CIO), UCSI Group
Ensuring a Seamless Fusion of Technological Innovation & Operational Excellence Across Diverse Industries
Sharon
Senior Director- Regional Solutions Area Lead, Avanade
Committed to Shaping the Future of Technology & Inspiring the Next Generation of Tech Leaders
TECH TALKS
Ekaterina Serban 26 Head of Privacy and Information Security (Industrial Technology and Consumer Goods Sectors), Bosch & International Partner WBAF
Inspiring & Empowering the New Generation of Global Leaders
Alexander Antukh 34 CISO, AboitizPower
Helping Businesses Navigate the Complex Landscape of Digital Risks
Carolin Desirée Toepfer 64 Founder & Chief Information Security Officer as a Service, Cyttraction.com
Helping Companies Reach the Next Level of Cybersecurity
EXECUTIVE OP-EDS
Jian Gong 78 Senior Director, Information Security and Technology Patient Safety and Trust: Embracing the Paradigm Shift in Healthcare Device Security
KRISTIE GRINNELL
SENIOR VICE PRESIDENT AND CHIEF INFORMATION OFFICER, DXC TECHNOLOGY
CHAMPIONING A CULTURE OF DIVERSITY, EQUITY, & BELONGING
Kristie Grinnell is an award-winning senior transformation executive with extensive experience driving change and elevating IT’s role in delivering business value. She leads business transformation including defining IT strategy for new digital capabilities, streamlining operations, improving overall efficiencies, and enabling an IT environment which produces innovative offerings to customers on a worldwide scale. She has driven strategic differentiation in cyber risk, AI implementation, data governance, IT operations, supply chain, and mergers and acquisitions. She also has redefined IT as an influencer in the business and serves as strategic partner to deliver value for customer engagement.
In addition to her current role, Kristie is a Member of the Board of Directors for The Cyber Guild (chairs its premier event, Uniting Women in Cyber), Chair Emeritus of the Capital CIO Advisory Board (National Chair for Inspiring Women, a special program of the Inspire Leadership Network), Member of the Advisory Council for STEM for Her, and Member of Women Leaders in Data and AI (WLDA) (Talent & Leadership Development Council).
Some of her recent awards include CIO to Watch in the U.S. 2024 (AIM Research), Top 100 Women in Tech (Technology Magazine), Top 25 Women Leaders in Consulting (The Consulting Report), Top 100 CIO in the US (Wire19), 100 Executive Women in Tech to Watch in 2023 (Womentech Network), 2023 Cyber “Warrior” Award (Cyber Guild), 2023 Sustainable IT Impact Award: Social Impact (SustainableIT.org), National CIO of the Year ORBIE 2021 (Inspire Leadership Network), and Capital CIO of the Year ORBIE Award in 2020.
In an exclusive interview with the CIO Magazine, Kristie shared her professional trajectory, insights on the importance of diversity and inclusion in tech, personal sources of inspiration, future plans, words of wisdom, and much more. The following excerpts are taken from the interview.
Hi Kristie. How did you first become interested in technology and what propelled you into it?
I'm an engineer by degree. Early in my career, technology with IT as we know it was just becoming a big thing. Email was just coming out when I came into the workforce, and as I graduated Business School, the concept of B-to-B and B-to-C portals became a part of our working world. And I just happened to have a business partner at PWC who said, “Kristie, you have an engineering background, and you have all this business training. Will you help us start our portal strategy and methodology?” So, I just jumped right in.
Throughout my career I have chosen roles where I know my role and the technology I enable drive value for people, customers, and my business. I have been at DXC since 2021. We are passionate about how technology and people come together, and bringing innovation into peoples’ everyday lives, whether it’s working with transportation companies to keep passengers moving; working with health care providers to enhance patient care; or even helping financial services companies to innovate and improve the customer experience. Among the talent of 130,000 globally and consultants with deep industry expertise, we drive the value of technology in shaping our customers’ digital transformation journey, especially now in the evolving era of AI.
What is your favorite part about working at DXC Technology?
My favorite part is our people. We have 130,000 amazing people across more than 60 countries, focused on simplifying complexity for the mission-critical work for our customers.
My favorite part is our people. We have 130,000 amazing people across more than 60 countries, focused on simplifying complexity for the missioncritical work for our customers
Having colleagues that bring a diverse perspective -- from the number of years they've worked to the countries they come from -- is a real asset and strength and we harness that power of diversity to deliver for our customer solutions. We deliver innovation, engineering talent, and unmatched industry knowledge to customers, with operational excellence at scale and with the highest level of security, reliability, performance, and compliance across five key focus industries: Financial Services, Public Sector, Automotive & Manufacturing, Healthcare & Life Sciences and Airlines.
How have you seen the role of the CIO change in the last 5-10 years, and what changes do you see on the horizon in the years ahead?
The CIO used to be the person who was keeping the lights green in the back closet, and you just needed the stuff to work. I think we saw, especially with COVID, how important technology was; that it's not just there to keep the lights green, but it's there to run your business, and can really become the key enabler of your business.
So, the CIO role has changed from being this really technical person who could follow all the cables and wires, to this strategic business leader who's really thinking about how we can bring technology as a solution to solving key business problems.
And that's what's so exciting to me, and especially now, when you think about the onset of Generative AI. Let's be real, AI has been around for decades, and we are now seeing what we can do to leverage its possibilities. AI innovation is the golden thread in everything we do for customers on their transformation journey.
We now have Generative AI, which has fastforwarded so many things that we've all been trying to do and that's just going to continue to change.
We are in the infancy of this technology, and we are going to see it just explode ahead.
When you think about that, on the foundation we've all been building with data and automation and now with Generative AI… really, the sky is the limit. Especially at DXC, because we have these 130,000 brilliant people who can really think about how to bring that technology to life. It's really going to be exciting to see the different solutions that we put in front of our customers regardless of the industry. We are working within those industries to deliver customized solutions to solve their unique challenges on the transformation landscape.
With AI, we are leading into an uncharted chapter of data that will require proper governance, data protection and integrity.
What do you think are the new technologies and cultures/ methodologies which will define the future workplace, and what do you think is the role of the CIO in helping design and deliver these?
Definitely Generative AI, but truly it's anything that's going to continue to help us become this more data-driven organization. And what I mean by that is, we have automated ability to see insights and foresights from our data into the future through automated process and technologies. So, bringing Generative AI across all of that is going to be key.
We see ourselves doing that, as well as many of our customers, and the role of the CIO is helping to see the art of the possible in using those technologies to solve real business problems; to think about how we might solve problems or provide insight and foresight into our business landscape using these technologies; thinking about how data works for the business; and how
we can become a more efficient organization for our business partners. In the unique position we have at DXC, running the world’s most innovative businesses transformation and innovation journey, bringing together the art of the possible with secure multi-cloud environments, driving efficiency with AI and delivering value with their data. This is a launching point for our customers. Speed and knowledge will matter for how you bring this all together.
With respect to cultures and methodologies, this is where that diversity really means something, because if you had 10 Kristies around the table, you're still going to get Kristie’s answer. But if you have a Kristie and other people at the table, you’re going to start with one answer to a problem, and then we're going to continue to build on it, and we're going to get to the best answer for that problem. We build that by creating a culture where we invite diverse voices and perspectives, and we listen to those voices at the table. We're really going to get to the best solution, and not just a solution.
Is there a particular person you are grateful for who helped get you to where you are?
I would say it's the mentors, which I refer to as my Board of Directors that I have in my life. I've always had amazing mentors who don't give me the answers, but who challenge me in very different ways to think about what's next in my career, and what I need to think of next. It’s a Board of Directors who acts as my sounding board when I need one, be it a technical issue, a business issue, a career issue, or whatever the case may be. Having that circle of people around you who help lift you up and be the best you, you can be, really can help you to do anything.
What does the term "authentic leadership" mean to you?
Being yourself, but also being vulnerable. You know, I am Kristie. I am a mother of three college kids, the wife of an amazing husband. I have two dogs and I have parents who are aging and all of that comes to work with me, and sometimes I need to be vulnerable and say this is who I am, and what I am. But in doing so, it allows my team to open up to me and help understand them, and then we can come together and do anything.
What are your thoughts on diversity and inclusion in tech? How important is it to have authentic conversations with leaders, professionals, and changemakers to create more acceptance across the globe?
This is my passion. I believe that it takes everyone – everyone’s voice matters; everybody’s opinion matters; the characteristics we see on their face, but also the characteristics internal to them-- are the things that help us get to the best solution.
I've seen it over and over again. For example, we had a cyber intern who came in
and helped us to solve a problem we’d been looking at for over a year, just because she asked why in a different way and it brought a new direction to light. That fresh perspective, those fresh eyes, that different point of view makes a difference around the table. By encouraging us all to listen to those voices, we are always going to be better off for it, in getting to a better answer.
And it’s my job as a leader to make sure that we're empowering all those voices to be heard and that their voices matter and that we take that into consideration as we're building a team; as we're hiring for a new role; as we're thinking about that next solution that we bring together.
For example, our DXC Dandelion Program to support neurodivergent individuals; that's where everybody's abilities contribute to a successful outcome and help us to do great things. We have a lot of roles that go unfilled because we just don't have the traditional talent that we think fills that, so we need to start getting creative and thinking out of the box. That includes thinking about neurodivergent people; that's thinking about
With AI, we are leading into an uncharted chapter of data that will require proper governance, data protection and integrity
different genders. That's thinking about how to bring as an example, women back into the workforce.
We always talk about bringing women up through the pipeline, but how do we bring them back into the workforce once they left to go have a family and you know their career stalled or technology surpassed them? It's our job to do that.
The same is true with veterans. In the work that they did, how do we transition them from working in that space to coming into the civilian space? It's our job to make sure that we think about how to make those transitions happen; to embrace a workforce and a workplace that finds the value in doing that and making it easy for them rather than everybody else having to fight their way in.
We always talk about bringing women up through the pipeline, but how do we bring them back into the workforce once they left to go have a family and you know their career stalled or technology surpassed them? It's our job to do that
We are proud of our approach to diversity and have received industry recognition for it, including receiving the 2024 Autism Inclusion Company of the Year award by Disability:IN, and we have been named one of America’s Greatest Workplaces for 2024 by Newsweek.
What are some of your passions outside of work? What do you like to do in your time off?
It’s really changed over the last year with my kids going away to college. I'm an empty nester, so I had to rethink what am I passionate about outside of work. Besides really thinking about women in STEM and bringing that workforce together, I like to golf, kayak, play pickleball and hike. I love to stay active and be outdoors.
In addition, I sit on an advisory council called STEM For Her, which is all about bringing girls who are under resourced to the STEM field, helping them learn what the career possibilities are. I sit on the board for Cyber Guild, which is all about building cyber into everyday life for national security, and I serve on the Uniting Women in Cyber to help to educate and bring more women into the cyber field. These are just things that I do because I know they're important.
Which technology are you investing in now to prepare for the future?
AI, AI, AI. AI. We know that embracing AI is at the heart of our own enterprise and our customers’ strategy. There is tremendous appetite for innovation in the market, as clients are looking to transform in the era of AI. Yet, they are grappling with questions of AI knowhow -- data governance, security, regulations, and more. They need a partner they can trust who can take them on this journey securely –
My personal career goal is to be sitting on a Board so I can bring a new perspective from another company, and also bring my perspective from working at a large global company like DXC, to the benefit of others in various industries
we have been on that innovation journey with nearly half the Fortune 500 as clients and our commitment is centered at trust and innovation, together.
What is your biggest goal? Where do you see yourself in 5 years from now?
At DXC, we are driving this digital transformation with deep engineering and industry expertise. My personal career goal is to be sitting on a Board so I can bring a new perspective
from another company, and also bring my perspective from working at a large global company like DXC, to the benefit of others in various industries.
At DXC, we help drive mission-critical operational excellence at scale with security, reliability, performance, and compliance. We help our customers to transform their business and maximize efficiency through innovation, automation and AI capabilities. This is valuable perspective for another company to learn from as well.
Given your experiences and achievements, what advice would you give to aspiring technology leaders who aim to make a positive impact in their organizations and the industry as a whole?
Be curious. Technology has never moved faster than it is now. Gen AI is showing us that. We’ve seen how many iterations of ChatGPT come out in such a short amount of time, and it's changing the way we work.
The second piece of advice is to take a risk. You need to manage this business and that means you need to weigh the pros and cons of doing things and be willing to take some risks and look at what you can do. That's risks in yourself as well as for your corporation. Sometimes you must make big bets in order to continue moving forward.
And then the last thing is just to be yourself. We need all people to come and be themselves so that we can learn from one another and that we can leverage those best talents so that we can continue to drive a great organization.
Want to Sell or find Investor for your Business?
Alexander Nelles
Chief Information Officer, Kantonsspital Winterthur
Delivering Long-lasting Tangible Results Through Digital and Business Transformation
Alex Nelles is a Senior Executive who speaks Business and IT and marries both worlds with over two decades of experience in various sectors such as Telco, Retail, Travel and Health Care. Passionate about creating value through Business and Digital Transformation, he brings forth innovative solutions that are strategic and create competitive advantage. In roles such as CIO at Kantonsspital Winterthur and previously as CTO at Kuoni Global Travel Services, he has successfully led large-scale digital transformation programs and has a robust experience working with teams across the globe.
Recently, in an exclusive interview with CIO Magazine, Alex shared his professional trajectory, his favorite part about working at Kantonsspital Winterthur, the potential barriers to digital transformation in the healthcare industry, the secret sauce behind his success, future plans, words of wisdom, and much more. The following excerpts are taken from the interview.
I BELIEVE THAT THE ROLE OF THE MODERN CIO IS TO GRASP THE BUSINESS MODEL AND PROCESSES AND IMPROVE THIS BY EVOLVING THE COMPLEX IT SYSTEMS LANDSCAPE
Alexander, can you tell us about your professional background and areas of interest?
I believe technology should make our life easier and I love to help people and organizations achieve this vision.
In the past I successfully combined my passion to bring businesses to new highs with my know how about digital technology. This has led me to manage Digital Transformation projects in several industries, including telecommunications, retail, travel, and now healthcare.
What is your favorite part about working at Kantonsspital Winterthur?
This is simple: it is all about the people. I'm part of a fantastic and diverse team, and I learn from them every day. The staff at our hospital are both caring and grateful. Receiving their thankfulness is the greatest reward for me, especially when we go the extra mile to implement a Digital Transformation strategy or project. On top of that, the System "Hospital" is very complex. While we have a great amount of specialties in modern medicine, we have a different level of digitalization across the organization. The kind of technology being used in surgery or diagnostics is impressive, the machines are mindblowing, but then you turn around and look at the administrative processes and you see how far they are behind. To bring all this together can be quite challenging which makes the job very interesting.
In your opinion, what are the potential barriers to digital transformation, especially in the healthcare industry and how can those be overcome?
Hospitals aim to operate at full capacity, which requires doctors, nurses, and other staff involved in patient care to dedicate nearly all their time
to this process. However, a successful digital transformation cannot be achieved solely by an IT team or similar groups. It requires a collaborative
Moreover, people tend to hire people from the same industry because they think experience of the industry is high value- and it is. However, when it comes to transformation diversity is a key. People from other industries bring fresh ideas and best practices from outside insiders would not think of. Healthcare professionals often lack experience in managing large-scale transformation projects. This leads to a gap in essential skills, ranging from basic ones like project and process management to more complex areas such as understanding the importance of data. Implementing functions like data science is crucial to transition complex and large hospitals into data-driven organizations.
I believe that overcoming these challenges requires bringing in people from different industries and initiating transformation at every level. Key areas to focus on initially include leadership, fostering a culture of innovation, process-oriented and human centered design thinking, focusing on patient experience (along with patient care), and upgrading technology. The most important however is to maintain the right mindset throughout a structured change management. People need to understand "what's in for me" if we want them on board.
How much have you seen the CIO role change, and to what extent do you expect it to continue to evolve?
In the past, Information Technology was just seen as a cost factor. People tried to cut those costs as much as they could. The CIO was an IT guy
running data centers and applications while being asked to make it cheaper.
Meanwhile, Digital Technology became a central component of a company’s value creation and serves as a strategic tool for differentiation and securing competitive advantages. That is a fact nowadays, but many people in top management still miss its strategic value to drive innovation or market leadership.
I believe that the role of the modern CIO is to grasp the business model and processes and improve this by evolving the complex IT systems landscape. Over time I see the role of the CIO evolving furthermore in this direction as he's probably the only one in the C-Level suite who is able to merry the business world with the complexity of technology and its amazing speed of development.
What do you think are the new technologies and cultures/ methodologies which will define the future workplace, and what do you think is the role of the CIO in helping design and deliver these?
Artificial Intelligence (AI) and Machine Learning have been around for decades, so they're not exactly new technologies. However, the emergence of Large Language Models (LLMs) like ChatGPT and Google Bard is changing the game completely. Unlike earlier AI models that required extensive coding and data preparation, these new models understand human language in a way never seen before.
These developments allow companies to automate processes almost with a blink of an eye. Now, individuals can access this powerful
IT IS IMPORTANT TO NEVER STOP LEARNING AND REFLECT ON PERSONAL DEVELOPMENT, BUT NOTHING BEATS THE JOY TO SEE WHEN YOU ARE ABLE TO EMPOWER OTHERS AND TO COMBINE ALL SUPER POWERS INTO A GREAT TEAM
IF YOU WANT TO RUN DIGITAL TRANSFORMATION, DIVERSITY IS KING AND HUMAN CENTRICITY IS QUEEN
technology without needing to invest in big projects or seek external help. The pace of this progress is astonishing, and I believe it won't be long before everyone has access to personalized digital assistants capable of handling any task they're given. People will learn to manage multiple assistants simultaneously, potentially boosting productivity to levels we cannot even imagine.
However, this rapid advancement also brings significant risks. All outputs need to be carefully reviewed, and the security of personal data and IT systems that store such data is crucial. Chief Information Officers (CIOs) will play a key role in integrating these innovations into business models while simultaneously managing the associated risks. At the moment it's already incredibly challenging just to keep up with the rapid development of tools in the world of generative AI.
In your academic or work career, were there any mentors who have helped you grow along the way? What’s the best piece of advice you have ever received?
Throughout my career, I've been lucky to meet incredible people. I have found mentors and made friends in nearly every part of the world, experiencing diverse cultures. This has allowed me to learn a great deal, taking bits of advice and knowledge from various places and combining them to shape who I am today.
Which technology are you investing in now to prepare for the future?
As many others we are trying to find the optimal way to make use of generative AI models and to
shape the workplace of the future. We need to find out how we can implement those into our business processes and integrate into the heavy IT Systems we have in place.
What are your passions outside of work?
I love exploring the world, experiencing new places, cultures, and the stunning natural beauty our planet offers. Living in Switzerland allows me to appreciate the magnificent mountains, but I also have a strong passion for white sandy beaches or e.g. the fascinating wildlife in Africa.
You were recognized as one of the top 10 healthcare CIOs in Europe, 2023. Our readers would love to know the secret sauce behind your success.
I believe it is crucial to understand that it's not about to be an individual superman, but it's being part of a great team that really creates impact. Of course, it is important to never stop learning and reflect on personal development, but nothing beats the joy to see when you are able to empower others and to combine all super powers into a great team.
Where do you see yourself in the next 5 years?
I would be happy to keep adding value through optimizing and digitally transforming business organizations and companies while helping others to become rock stars in this field.
What is the one piece of advice that you can share with other professionals in your industry?
Never judge a fish by its abilities to climb a tree. If you want to run digital transformation, diversity is king and human centricity is queen.
Inspiring & Empowering the New Generation of Global Leaders
Ekaterina Serban
Head of Privacy and Information Security (Industrial Technology and Consumer Goods Sectors), Bosch & International Partner WBAF
With over 16 years of extensive experience in Supply Chain, Logistics, and Global Operations, Ekaterina specializes in B2B and B2C business, IT, digital, privacy, and information security across diverse markets including the US, Mexico, China, India, Malaysia, Turkey, UK, Germany, and Russia. She has a proven track record of successfully building and leading high-performing cross-cultural global teams, as well as driving strategic transformations towards modern digital, compliance, and IoT organizations. Her expertise also extends to establishing privacy and cybersecurity governance, risk management, and operational resilience frameworks.
Ekaterina is also recognized as a "Next Horizon Leader" in the new generation of global leaders, with a commitment to making significant impacts in her field and beyond, particularly in preparing industries for the digital era and strategically shaping the future landscape while cultivating future global leaders. She is an expert speaker on leadership, emerging technologies, cybersecurity, privacy, AI, digital transformation, women in the technology industry, diversity and inclusion, the future of industries.
Recently, in an exclusive interview with CIO Magazine, Ekaterina shared her professional trajectory, the most favorite aspect of her current role, insights on the future of cybersecurity, personal leadership style and approach, the best piece of advice she has ever received, pearls of wisdom, and much more. The following excerpts are taken from the interview.
Hi Ekaterina. Please tell us about your background and areas of interest. I was born and raised in a multicultural family, and I pursued an international mindset from the early stages. And having my father as a great leader and a role model predefined many unconscious traits in my development as a leader, and the most important as a Female Leader.
I studied international economics and law, as well as having an executive education at Harvard Business School. I have gained an experience of building a career and working in different fields (logistics, supply chain, IT, legal and compliance related), and many countries as well.
I can say that throughout my entire career I was the one who was (and is) creating and implementing a vision for the team and organization and being a visible leader as a pioneer of change. Always leading by example and I inspire employees to take smart risks and to drive positive change in their professional lives.
On a private note, I am a mom of two fantastic daughters and enjoy having time with my family.
What aspects do you enjoy the most of your current role?
It’s never boring. There are several aspects of my role that I find particularly rewarding and enjoyable. Firstly, I appreciate the opportunity to contribute strategically to the organization's overall privacy and information security. Being able to develop and implement comprehensive strategies that align with business objectives allows me to have a significant impact on the organization's success.
Secondly, I enjoy the continuous learning and problem-solving aspects of the role. The digital landscape is constantly evolving, presenting new challenges and opportunities for innovation. Staying abreast of emerging threats, technologies, and best
STAYING ABREAST OF EMERGING THREATS, TECHNOLOGIES, AND BEST PRACTICES KEEPS ME ENGAGED AND MOTIVATED TO FIND EFFECTIVE SOLUTIONS TO PROTECT OUR ORGANIZATION'S SENSITIVE INFORMATION
practices keeps me engaged and motivated to find effective solutions to protect our organization's sensitive information.
Thirdly, I value the collaborative nature of the role. Working closely with cross-functional teams, executives, and stakeholders allows me to leverage diverse expertise and perspectives to address challenges effectively. Building strong relationships and fostering a culture of privacy and security awareness throughout the organization is fulfilling and rewarding.
You are an International Partner at World Business Angels Investment Forum (WBAF). Can you please tell us about this organization and your role in it?
The World Business Angels Investment Forum (WBAF) is an affiliated partner of the G20 Global Partnership for Financial Inclusion (GPFI). WBAF is committed to collaborating globally to empowering the economic development of the world and aiming to ease access to finance for businesses from start up to scale up to exit, with the ultimate goal of generating more jobs and more social justice worldwide.
I am an International Partner for Germany, and the Forum interacts with leaders in all areas of society, first and foremost in business and political spheres, to help assess needs and establish goals, bearing in mind that the public interest is of paramount importance. We engage a wide range of institutions, both public and private, local and international, commercial and academic to help shape the global agenda.
According to you, how has cybersecurity changed over the last few years?
In recent years, privacy and information security have undergone profound changes driven by digital
transformation and the proliferation of AI technologies. Organizations now prioritize robust measures to safeguard sensitive data amidst evolving cyber threats. AI-driven technologies have revolutionized cybersecurity practices, emphasizing the need for adaptable frameworks that uphold privacy principles in dynamic digital environments.
Security and Resilience are two interlinked concepts. From your perspective, why is it important to equally focus on building resilience? Focusing equally on building resilience alongside security is paramount for organizations, particularly in the context of emerging technologies like artificial intelligence (AI), blockchain quantum
computing, Web3, etc. As AI continues to advance, it introduces both new capabilities and potential vulnerabilities, necessitating organizational resilience to adapt to evolving cyber threats. In the broader spectrum of emerging technologies organizations must fortify their resilience strategies to navigate increased complexities and mitigate risks
effectively. This balanced approach ensures that organizations can maintain operational continuity, safeguard sensitive information, and uphold stakeholder and customer trust in the face of cyber incidents and disruptions.
What is your leadership style and approach?
I consider myself as a new generation of global leaders, I call it “Next Horizon Leader”. Today’s leaders are expected to be collaborative, transparent, innovative, visionary, boundarypushers, trendsetters, pioneers, trailblazers and future-oriented. I am deeply convinced that companies’ greatest asset is their PEOPLE (yes, people- not technology or/and data!).
And I see as my mission to develop new global leaders, the individuals who anticipate and navigate upcoming challenges and opportunities with a strategic focus on shaping the future landscape.
AI-DRIVEN TECHNOLOGIES HAVE REVOLUTIONIZED CYBERSECURITY PRACTICES, EMPHASIZING THE NEED FOR ADAPTABLE FRAMEWORKS THAT UPHOLD PRIVACY
PRINCIPLES IN DYNAMIC DIGITAL ENVIRONMENTS
What does working in privacy and information security mean on a practical level, and what kinds of skills/personality traits are an asset in the field?
Working in privacy and information security entails the dual responsibility of safeguarding business interests while ensuring regulatory compliance. On a practical level, this involves collaborating closely with IT and business teams, executives, and stakeholders to develop a holistic approach to privacy and information security. This approach, encompassing both operational and strategic aspects, is aligned with business objectives. Effective communication and leadership skills play a pivotal role in emphasizing the significance of these matters and cultivating a culture of security awareness across the organization.
What are some of the roadblocks you face to doing your job well? What do you do to overcome those challenges?
There are some of them:
Number one is the current complex regulatory landscape in the world and especially in Europe right now. It requires a thorough understanding of various regulations and standards, as well as ongoing efforts to ensure compliance across all aspects of the organization. Next 2-3 years many industries will face massive impact from upcoming digital regulations, especially when it comes to digital platforms and services, connected products. And what I see right now many companies still underestimating upcoming impact and not putting this topic in the board room. And this is a part of my job as well to prepare business for those regulatory changes and advocate for a proactive approach to compliance, positioning it as a strategic enabler rather than a mere obligation.
Number two is rapidly evolving threats and lack of organizational buy-in. The cybersecurity landscape is constantly evolving, with new threats and attack vectors emerging regularly. However, many people believe that cyber related risk and disruptions won’t affect them and it’s “happening only in a movie”. Building a strong security culture within an organization requires active engagement and buy-in from leadership, employees, and stakeholders. And on that matter, we work on ensuring that privacy and information security initiatives are aligned with the organization's overall business objectives and risk tolerance, and that it seen as a strategic priority for the organization.
Number three is cross-organizational silos. There may be differences in knowledge and
understanding of cybersecurity risks and best practices among various departments and external suppliers, especially when it comes to the supply chain. There may be resistance or skepticism from some departments or external suppliers regarding the need for measures or the perceived impact on their operations. Therefore, we are building collaborative partnerships across different departments and with external parties in overcoming siloed thinking and organizational barriers.
In your academic or work career, were there any mentors who have helped you grow along the way? What’s the best piece of advice you have ever received? Throughout my professional career, I have been fortunate to have several mentors who have played instrumental roles in my growth and development. These mentors have provided guidance, support, and valuable insights that have helped shape my career trajectory.
One of the best pieces of advice I have ever received from a mentor is to embrace continuous learning and never stop seeking new knowledge and skills and be open for new opportunities. This advice has encouraged me to stay curious, be open to new ideas, and continuously strive for personal and professional growth. It has inspired me to pursue opportunities for learning and development, whether through formal education, professional certifications, or informal mentorship relationships.
Another piece of advice that has resonated with me is to embrace failure as a learning opportunity rather than a setback. Failure is inevitable (nobody is perfect) in any journey of growth and success, and it is how we respond
MY GOAL IS TO CONTINUALLY PROGRESS IN MY CAREER WHILE ALSO MAKING SIGNIFICANT IMPACTS IN MY FIELD AND BEYOND, PARTICULARLY IN PREPARING INDUSTRIES FOR THE DIGITAL ERA AND GUIDING GENZ TOWARDS SUCCESS
to failure that ultimately shapes our resilience and determination. This advice has taught me to view failures as valuable learning experiences, to reflect on what went wrong, show your vulnerabilities and to use those insights to improve and grow stronger. Overall, the guidance and wisdom imparted by my mentors have been invaluable in shaping my career path, instilling a mindset of continuous learning and growth, and empowering me to overcome challenges and achieve success.
Where would you like to be in the next 5 years?
My goal is to continually progress in my career while also making significant impacts in my field and beyond, particularly in preparing industries for the digital era and guiding GenZ towards success. Ultimately, I aspire to embody the qualities of a "Next Horizon Leader" – bold, yet humble, and dedicated to making a positive difference in the world.
I view it as my mission to cultivate future global leaders who possess the foresight and skills to tackle upcoming challenges and seize opportunities, strategically shaping the future landscape. I firmly believe that opportunities don’t happen, you create them.
What advice would you give to aspiring cybersecurity professionals?
I would advise embracing continuous learning, building a strong technical foundation, and gaining hands-on business experience. Cultivate a security mindset, prioritize ethical behavior, and stay adaptable to the fast-paced nature of the field. Lastly, network actively, maintain integrity, and approach privacy and information security as a mission to protect and defend the digital world.
Helping Businesses Navigate the Complex Landscape of Digital Risks
Alexander Antukh
CISO, AboitizPower
Alexander Antukh is an award-winning cybersecurity leader with 15 years of experience in various companies, from tech unicorns and consultancies to some of the largest financial organizations in the world. He successfully completed his Executive MBA cum laude and actively supports various non-profit organizations that promote education and equality. On a personal level, Alex loves brewing tea, playing chess, and having conversations around philosophical topics. He currently holds the position of Chief Information Security Officer at AboitizPower.
Recently, in an exclusive interview with CIO Magazine, Alexander shared his professional trajectory, the most favorite aspect of his current role, the best piece of advice he has ever received, future plans, pearls of wisdom, and much more. The following excerpts are taken from the interview.
WITHOUT ENJOYING THE PROCESS OF CONTINUOUS LEARNING AND ACCEPTING THAT WE CANNOT KNOW EVERYTHING, IT SEEMS IMPOSSIBLE TO DEVELOP A GOOD UNDERSTANDING OF THIS COMPLEX FIELD AND STAY ON TOP OF THE EVOLVING DIGITAL LANDSCAPE
Hi Alexander. Can you please tell us about your background and areas of expertise?
Hi there! I’m Alex, currently serving as a Chief Information Security Officer (CISO) at AboitizPower, the largest energy company in the Philippines. My journey began in 2009 as an intern malware analyst at Kaspersky. Since then I have worked in such fields of cybersecurity as malware analysis, vulnerability research, ethical hacking, and application security, before moving to security governance. In 2021, I founded Cyber Hermes, an Estonian consultancy with a mission to help small and medium businesses build their first cyber programs and serve as a trusted cyber advisor, helping them navigate the complex landscape of digital risks.
What part of your current role do you enjoy the most?
Making the impact. In hindsight, this explains why I was moving towards higher levels of abstraction, as it helped me to see the broader perspective of corporate governance, and how cyber efforts fit there. By understanding business context and working with peers from other verticals as well as the Board of Directors, we are able to come up with a tailored strategy to manage our digital risks while being closely aligned with business objectives.
According to you, what will cyber security look like in the next 5 years?
While it is hard to accurately predict anything that might happen in five years in such uncertain times, I think that we will see further regulatory developments related to breach disclosures, cyber-physical systems, artificial intelligence,
and collective defense. It is not unreasonable to imagine stricter controls for supply chains as they increasingly become targets. Furthermore, there is certain optimism about the broader use of AI for security, potentially allowing us to tilt the scale of the Defender’s Dilemma in our favor. Finally, I think there will be more awareness of cybersecurity in the boardrooms, which will allow for better protection and resilience overall.
What are some of the challenges with cybersecurity and risk assessment right now that you see no one is talking about?
Difficult question. I see there is no shortage of discussions about the many challenges, but sometimes what’s missing are real solutions that can be applied today, especially at companies outside of Fortune 500. Furthermore, it is often assumed that it is somehow possible to “fix cybersecurity” without addressing foundational issues related to areas such as general corporate governance, IT, Risk, Legal, Compliance, PR, HR, and more. I believe it is understood that the nature of cyber risk is systemic. That implies that the solutions must be systemic too, and if we accept that premise, we return back to square one where cybersecurity’s success is a direct responsibility of the CEO and the Boards.
What are the top skills, both technical and soft skills, that are greatly needed as a cybersecurity professional in the current digital landscape?
The term “cybersecurity professional” encompasses a wide range of roles, each demanding its own set of skills. Nevertheless, if I’m to outline
some of the common skills of the many talented individuals I’ve met during my career, I’d place curiosity and humbleness in the broad sense at the top of my list. Without enjoying the process of continuous learning and accepting that we cannot know everything, it seems impossible to develop a good understanding of this complex field and stay on top of the evolving digital landscape. Ideally, cybersecurity professionals should also have a few hobbies and interests outside of the field, as this helps to develop systems thinking, see interconnectedness of the world more clearly, and bring fresh ideas “from the outside” and of course, don’t forget communication skills!
How do you think we can attract more young people to this field?
Cybersecurity is a fascinating but not necessarily well-understood field, and as such the primary motivation to enter it is often financial stability. While compensation is an important factor, I’d argue that we need to show the intrinsic value of being in the field more clearly - in other words, to make it interesting in the first place. There are successful examples of organizing school Capture-The-Flag (CTF) events, engaging people in open-source community projects, running mentoring programs to show different aspects of cybersecurity, and even assisting public entities in hunting threat actors. The diversity of choice should also be noted, as not all roles must be focused just on technology. Finally, as cyber attacks become more prevalent and disruptive, there is an important ethical aspect of becoming a cybersecurity professional. In my view, developing a strong message based on the above and promoting it across both public
CYBERSECURITY IS A FASCINATING BUT NOT NECESSARILY WELL-UNDERSTOOD FIELD, AND AS SUCH THE PRIMARY MOTIVATION TO ENTER IT IS OFTEN FINANCIAL STABILITY
and private sectors will ensure succession of the next generation of experts.
What has been your most careerdefining moment that you are proud of?
Disassembling a virus that has infected my father’s desktop computer, which I used for games. This triggered my interest in the field of malware analysis and led me to my first job as an intern.
In your academic or work career, were there any mentors who have helped you grow along the way? What’s the best piece of advice you have ever received?
I’ve had a number of great examples throughout my career of how to be effective in my role–and sometimes, how not to be. One piece of impactful advice I received was while working at Goldman Sachs, where the then-CISO told me about the importance of storytelling, offering vivid examples of how to engage an executive audience. I also learned a lot from leaders who deeply cared about their team and embodied the principle “it’s not all about you.”
What are your passions outside of work?
I love brewing and drinking tea using gongfu style for many years, and at some point, I decided to get more serious about it and to become a certified tea sommelier. Apart from this, although philosophy has never been my major, I’ve grown to appreciate it over time. The more I read the works of past and contemporary philosophers, the more this field fascinates me.
Where do you see yourself in the next 5 years?
This question is even harder to answer than about how cyber will look like in the next five years. I find beauty in the flow of life and its inherent uncertainty, and I consider it equally possible for me to remain in my current role or to find myself in Uruguay, embracing a new passion for tango and mate.
What advice do you have for anyone who is in a CISO role?
You are not your job.
Noel Toal
Chief Information Officer, DPV Health
Making a Positive Impact by Delivering Digital Health Innovations
Noel Toal is the CIO for DPV Health. With over twenty years ICT leadership experience including ten years as a healthcare ICT Executive. He has experience leading a range of ICT and Non-ICT teams in healthcare. He was judged by CIO Magazine as one of the top fifty Australian CIOs in their CIO50 list for 2022 and 2023. He was also awarded a spot in the CSO30 list for 2023 as one of the top thirty cyber security leaders in Australia and in 2024 the CRM project he led for DPV Health was a finalist in the ITnews Benchmark awards for Best Health project. He is a regular speaker at Healthcare and ICT Executive events discussing Data, AI, Cyber Security and Digital Transformation. His extensive experience as an Executive, Board Director/Chair and Business Owner who sold a business to an ASX listed company provides a business perspective that shapes his view of ICT as a value creator for organisations.
Recently, in an exclusive interview with CIO Magazine, Noel shared his professional trajectory, insights on the most significant changes he has witnessed in the healthcare IT landscape, the secret mantra behind his success, future plans, pearls of wisdom, and much more. The following excerpts are taken from the interview.
Hi Noel. Tell us a little about your educational and professional history. Education: Completed a Bachelor of Business (Computing) at RMIT with the intent of been a developer.
In 2017 completed a Master of Business Administration (Executive) at Australian Graduate School of Management with the MBA jointly awarded by The University of Sydney and The University of New South Wales. I undertook this to improve my understanding of the broader business, to speak their language and be better able to bridge the divide between business teams and ICT.
Throughout my career I undertook a number of certifications ranging from vendor certifications including Novell, Microsoft and HP through to industry certifications such as ITIL and Prince2.
Professional history: I began my career in the middle of a recession in 1991 when I cheekily applied for a senior COBOL programmer role with a start up financial software company called Hiportfolio. The owner rang me up and said that role is beyond your experience but your cover letter showed the enthusiasm I want and invited me to have a chat with him. He then created a new role where I was the assistant programmer to his most senior programmer and I also took on all the ICT network and desktop support.
As the organization grew rapidly with international offices I found myself setting up data links to these sites in the days before internet was around. I was totally out of my depth and learning on the fly but it was an exciting time that taught me a lot. As the organization grew I was told I had to pick between been a developer or been an ICT network and desktop
I JOINED DPV HEALTH AS THEIR INAUGURAL CIO SIX MONTHS AFTER IT WAS FORMED FROM THE MERGER OF TWO HEALTHCARE ORGANISATIONS, WITH THE TASK OF DEVELOPING AND IMPLEMENTING A DIGITAL TRANSFORMATION STRATEGY
support person. I had realized that been stuck behind a desk coding predominantly bug fixes to someone else’s code was not as exciting as engaging with people and solving the network, application and desktop issues.
My next role was as the inaugural ICT network and support engineer for Victorian Breastscreen supporting the first seven sites. I only lasted nine months in the role because while I was busy I didn’t find it technically challenging enough after my time at Hiportfolio.
The next role was a Senior Systems Engineer for a systems integration company called Business Computers of Australia. This was far more technically challenging getting called in to deal with major issues. I provided project and problem resolution to a range of organisations including JP Morgan, BHP, Shell, Coles, Norwich Union and the Australian Grand Prix Corporation. This is where I got my first taste of management when I was made a team leader for five staff who were delivering a six month project to convert BHP Petroleum from Novell to Microsoft. I loved it and I learnt early lessons about how trusting and supporting staff was a powerful way to get good outcomes and the hard lesson that organisations need to recognize the career aspirations of talented staff or lose them.
Hiportfolio had continued to grow when I had left and had been bought out by a subsidiary of the multi-billion dollar multinational DST Systems and was now called DST International. They head hunted me back into the organization as a Senior Systems Engineer to help them deal with some issues they were experiencing. When my manager left I put up my hand for the role and was Acting Regional Head of ICT for six months before taking on the role permanently and stayed in that role for eleven years. The international
clients included National Australia Bank, JP Morgan and Swiss Re-insurance. With Australia the main development centre for the organisations most important product we were providing 24 x 7 support for the servers and network.
After competing my MBA while working for DST International I purchased a Cardboard Box manufacturing business which I went to work for. It was a totally new experience and taught me a lot about all elements of business as I transformed it and then sold it three years later to a company listed on the Australian Stock Exchange (ASX).
I then joined Access Health and Community as their inaugural General Manager Information Systems. It was my first big role in Healthcare and I was with them for six years through three mergers. This was the first role that I was given some Acting CEO experience in when the CEO took leave. I moved from an outsourced ICT support model to internal and built a high performing team. I was also given responsibility during my time there for Facilities Management.
I left that role for my current role as Inaugural CIO for DPV Health. It was formed from two newly merged organisations and the new CEO was assembling a new executive team and I took it as a great opportunity to get in at the ground floor and really make an impact. In august this year I will have been with the organization for five years. I heard my role described as CIO plus because I also manage three non-ICT teams under Client Access. These are Reception/admin across all sites, intake who are the call centre and referral processing team, Language services who provide the interpreters. I was asked to take this on during my tenure to utilize my expertise with data and processes to improve the client waiting lists and wait times for services. It has
been a good learning experience to build broader management and leadership skills.
Brief us about your role and responsibilities as Chief Information Officer at DPV Health.
I joined DPV Health as their inaugural CIO six months after it was formed from the merger of two healthcare organisations, with the task of developing and implementing a digital transformation strategy.
DPV Health provides services to the community of Northern Melbourne that experience significant levels of disadvantage and is a negative outlier on most health metrics. The organization needed ICT systems that would support the growth in clients, new services and sites while also supporting the provision of excellent care for every person, every time.
Technical debt was restricting the organisations ability to grow. The network and systems were slow and unreliable leading to frustrations for staff and clients. Something as simple as entering consultation notes into a medical record was interrupted regularly with issues.
The network was very rigid and didn’t provide the scalability of easily adding new sites while also not supporting the mobility that clinicians needed to deliver new services in clients homes and at non DPV Health sites.
The COVID-19 pandemic threw up its own challenges and the organization rose to the occasion running large vaccination hubs and popups, site based and mobile testing, and a range of community support programs. These saw revenue increase by 65% in two years as staffing numbers increased. At the same time core services were moved where possible to telehealth with Doctors adopting
a fully documented and supported telehealth service they had been trained on within two weeks. The implementation of a collaboration platform with video conferencing capabilities was accelerated to support work from home and service delivery in the community.
Thin client pc’s and the Citrix farm were replaced with laptops and tablets with Azure Virtual Desktop. This was accelerated to provide secure and controlled work from home environment during the pandemic but also provided the mobility capabilities needed to support provision of services in peoples homes and at sites in the community. This enabled the organisation to grow services beyond its sites.
The new ICT strategy to deliver the much needed Digital Transformation included a focus on simplifying and streamlining the ICT environment by building out the Microsoft Technology stack, merging applications and reducing the number of systems used. Simplifying the ICT environment reduced the management overhead and allowed a focus on improving what was retained while also creating capacity to bring in core functionality that was needed by the business but not provided by the legacy systems.
Simplifications included replacing eight Human Resource systems from the previous two organisations with a Human Resource Information System (HRIS) that included recruitment, onboarding, performance management, learning management, credentialing and payroll.
Another example was merging two client management systems used by Allied Health clinicians so they no longer had to switch between systems when seeing different clients. This was also a foundational piece in making the move to a single client view in the CRM possible.
HEALTHCARE IS NOW LOOKING AT THE TREMENDOUS OPPORTUNITIES OF AI TO IMPROVE BOTH CLINICAL AND BACK-OFFICE USE CASES. IT REPRESENTS THE GREATEST RISKS AND OPPORTUNITIES FOR HEALTHCARE IN A LONG TIME
TO MAXIMISE CLINICIAN ABILITY TO HELP MORE CLIENTS AND REDUCE THEIR BURNOUT WE NEED TO FREE CLINICIANS FROM THE ADMINISTRATIVE BURDEN THAT CONSTRAINS THEM, AND RECTIFY THE DELAYS THAT INEFFICIENT ICT SYSTEMS IMPOSES ON THEM
An example of bringing in new functionality was the implementation of a system to support the efficient provision of NDIS and Home Care Packages (HCP). This allowed the organisation to turn loss making NDIS services into profitable ones to support other essential services. It also allowed the organisation to start providing HCP services. As both NDIS and HCP services are uncapped it allowed the organisation to grow its provision of services to clients without the constraints of block funded services.
The organization migrated to the cloud providing the scalability needed for growth while also allowing the full range of the Microsoft Technology Stack to be utilized. The network was rebuilt on a Clinical Grade Network (CGN) co-designed for the Victorian Community Health sector with Optus and the Victorian Department of Health. The CGN provided link redundancy, auto-failover of ICT infrastructure, improved speeds, express route to Azure, improved connectivity to the Acute Health organisations.
As the organization moved to the cloud, built out the CGN and implemented new systems it was taken as an opportunity to embed Cybersecurity improvements at all levels. This led to very significant and measurable improvements to better protect the privacy of client data. The success of this has been recognized in Department of Health reviews and audit results.
A CRM was developed that pulled together the client data from siloed client management systems. This has provided a single client view allowing us to personalize the client experience when they call and capture inclusion information and enquiries. Changes to demographic details
in one system are now reflected in all of them providing a consistent record.
The CRM was linked to a new cloud based omnichannel contact centre providing the client with the ability to contact via phone, sms and chat while also automatically identifying them to the call taker. This can then use the skills based routing to route calls based on their preferred language when we have someone who can speak that language. This all improves the client experience.
To provide the organization with the ICT support levels it needed and support the major projects the organization moved from external ICT to internal teams. This has led to a significant uplift in staff satisfaction levels with the helpdesk with them regularly achieving 99% plus satisfaction.
One of the new teams implemented was a data and clinical application support team. They have introduced a data lake pulling together the data from the different client management systems and integrating it with the CRM. They also created a range of interactive PowerBI Dashboards that provide real-time interactive information for clinicians and leaders, replacing the clunky excel spreadsheets. This has changed the management of productivity from end of month when reports were available to say if targets were hit to real time information on whether the end of month target will be met. This allows leaders time for corrective actions.
Additionally during my time with DPV Health I was asked to take on executive responsibility for three non-ICT teams under the Client Access structure. These teams are Intake who run the primary call centre and process referrals, language services who
provide interpreters for clinical consultations and the Client Services team who undertake the reception and administration duties including phone answering across the twenty sites.
This has been an opportunity to improve my business leadership skills and use my data and process experience to improve the management of service waitlists and reduce client waiting times for appointments.
What is the most significant change
you’ve witnessed in the healthcare IT landscape since you began your tenure at DPV Health?
Cloud: The use of the cloud by healthcare organisations has continued to increase and while some services are lagging in its adoption there is a clear understanding that Cloud is an important component of a modern ICT infrastructure.
Hackers target healthcare: There used to be a time pre-pandemic when Healthcare was not heavily targeted by hackers with many hacking groups respecting the important services they provide. Since the pandemic this has dramatically shifted and hacking groups now see healthcare as an easier target than many corporates and they have realized the high value of the client data that healthcare organizations store. As a result the number of large scale and sophisticated attacks on healthcare has significantly increased.
AI: While AI has been around since the 1950’s it was the advent of generative AI easily accessible by everyone via systems like ChatGPT that has caused the biggest hype. Healthcare is now looking at the tremendous opportunities of AI to improve both clinical and back-office use cases. IT represents the
greatest risks and opportunities for healthcare in a long time.
Recognition for Digital Health: ICT teams used to be seen as keeping the lights on and reactive problem solvers. This has now shifted and healthcare boards and executives now see ICT as an important proactive driver of efficiencies and innovation that can positively support the cost effective and high quality delivery of service to clients. The gradual shift from government block funding for delivery of healthcare services to competitive and leaner fee for service funding has heightened the need for efficiencies. This has led healthcare organisations to see ICT as key drivers of their sustainability and success.
How and why is technological innovation so central to the development of the healthcare landscape?
We saw during the pandemic how strained our healthcare systems are with low numbers of qualified staff who have to deal with lots of complex and diverse client health issues. The health care needs are far greater than the scarce clinical workforce and it causes increases in waiting times for a range of services.
To maximise clinician ability to help more clients and reduce their burnout we need to free clinicians from the administrative burden that constrains them, and rectify the delays that inefficient ICT systems imposes on them. Networks and systems that are slow or unreliable cause clinical consultations to be longer or cancelled. This has an impact not just on the clients ability to get a needed clinical appointment but also on the clinical deterioration they may experience while waiting for service.
HEALTHCARE IS ONE OF THE SECTORS THAT CAN MOST BENEFIT FROM THE ADOPTION OF AI BUT IT IS ALSO AN AREA THAT IS BY ITS VERY NATURE CAUTIOUS
Automation of manual workflows and the use of AI are areas of technological innovation that can greatly assist clinicians, giving them back time for more consultations.
Historically the data about a clients various medical conditions is locked into siloes created by different specialized Electronic Health Record (EHR) systems and spread across multiple health organisations. This causes a clients medical record to be fragmented with no complete medical record available to any clinician. This lack of a single client view is impacting on the level of care that can sometimes be provided. My Health Record is meant to address this but is not currently delivering the consistent level of information needed.
Innovation in the integration of clinical records both within an organization and between them can address this problem and also provide the data needed for a clients health journey to be tracked and the impact of each health service provided to be measured. This ability to share client data will be central to realizing the full value of AI to augment client care and provide reliable clinical predictions.
So innovations that address this core problem of a lack of client health record integrations are highly sought after and can greatly improve the quality of clinical care and also provide more opportunities to better inform clients and involvement them in the management of their own health.
How about AI in healthcare...what are your thoughts of what's working and where we'll see better use of AI in healthcare?
Healthcare is one of the sectors that can most benefit from the adoption of AI but it is also an
THE
ROLE
OF THE CIO
IS
CHANGING AS IT VERY MUCH BECOMES
ACCEPTED AS A TRANSFORMATION DRIVER FOR HEALTHCARE ORGANISATIONS TO MAXIMISE THE DELIVERY OF HEALTHCARE SERVICES TO MORE PATIENTS
WITHIN CONSTRAINED CLINICAL STAFFING
area that is by its very nature cautious. So the descriptors we have had of early generative AI such as “sometimes usefully wrong” and “can have surprises” are not something we can afford to have when dealing with decisions that can impact a persons life span and quality of life.
For this reason there will be parts of healthcare that are slower to adopt AI for clinical use and will wait for Large Language Models that are certified for medical use just like we certify drugs and medical devices.
It will be important for patients to understand that AI will augment clinicians not replace them, ultimately AI will be there to reduce cognitive load and allow clinicians to focus on the client. A good example of this is Ambient
Intelligence in a consulting room where the AI listens to the conversation between a doctor and patient. The Doctor doesn’t need to do any data entry so they can focus on the patient. At the end of the consultation the AI will summarise the information from the consultation into a medical format suitable for upload to a medical record system. The Doctor will review the notes and made amendments if necessary before approving for upload. A patient friendly patient will be automatically generated that provides information the patient needs such as medication dosage, tests required etc. This too will be reviewed by the doctor before it is sent to the patient.
The back office supporting functions for healthcare are safe areas for AI to be initially
used and learnings to be gained. An example is the pilot DPV Health did with an appointment predictive model that allows a call taker to know the appointment times that are most likely to be attended versus those with a high risk to a patient not attending. This model was 91% accurate and can be used to improve appointment attendance thereby increasing the number of patients seen by a clinician in a week which reduces overall wait times for appointments. We know that some health conditions deteriorate over time so improving the attendance rate to appointments allows clients to be seen earlier before their condition worsens.
Other examples of Ai use that can be adopted early are sentiment analysis of omnichannel communications with clients to identify opportunities to improve our engagement with clients. The creation of chatbots available 24 x 7 to answer patient questions and the translation of brochures etc into other languages to make services more accessible.
The opportunities for AI to be used in nonclinical healthcare use cases is substantial and is a safer way for it to start delivering early value.
In the coming years, how do you see the role of the CIO evolving in the healthcare industry?
The role of the CIO is changing as it very much becomes accepted as a transformation driver for healthcare organisations to maximise the delivery of healthcare services to more patients within constrained clinical staffing.
So a CIO is a business leadership role with an ICT specialty that strategically utilizes Technology to solve problems and take advantage of opportunities. The old days of a CIO only keeping the ICT functioning so clinicians can use
it to deliver services is already on its way out. The modern Healthcare CIO needs to deliver increased value from the technology investment. The growth of AI puts more focus on a Healthcare CIO to have strong governance skills so that its use is governed to reduce risks. As AI is so new to many and not readily understood beyond the use of ChatGPT, it will be the CIO who needs to educate the Board, Executive and broader leadership team on how AI can be utilized and the risks that need to be considered.
So a Healthcare CIO in the age of AI needs to be a thought leader, an innovator, someone who can think outside the box and imagine the possibilities while pragmatic enough to understand what is deliverable today and what needs to wait for regulatory and technology change.
You have been recognized as one of the top fifty Australian CIOs for 2022 and 2023. You were also recognized as one of the top thirty Cybersecurity leaders on the CSO30 list for 2023. Our readers would love to know the secret mantra behind your success.
I always tell my teams that “I want us to be known as the best team in the country at ….” So I want each of my teams to be the best at what they do. I often use the analogy of the forwards, mids and defenders in a football team. They are each a mini team with a specific desired outcome, if one excels and the other doesn’t they can still be a good team but if they all excel they will be a premiership winning team.
So I am always striving for excellence and whether it is an existing team that I want to uplift to excellence or building a new team the target is always excellence. “why be average when you can be excellent”.
The secret to my success is that I have always hired or promoted the people who are the best at what they do or can be if given the opportunity.
So I hire potential a lot, I have a knack for identifying it and then enjoy nurturing it.
My teams are always full of very different sorts of people who all bring a unique set of skills and views that allows great outcomes to be delivered. They are all the same in that they want to be the best.
I don’t worry about one of them been able to replace me, in fact I always seek to develop a successor so that when I leave the organization, what has been achieved can be maintained and built on. My chosen successor also needs a strong 2IC who can step up and replace them. What this does is create great depth of leadership in the teams and this drives great results.
I received the accolade of a CIO50 and CSO30 award, but it is really recognition of the amazing people who work for me delivering on the ICT strategy and innovation.
What drives your passion for healthinformation technology?
Healthcare has been a backwater in its use of information technology and yet it is a sector that can really benefit from innovative use of it. We have all at some point in our lives engaged with the health sector and had family and friends who have. So healthcare touches us all and has a dramatic impact on our lifespan and life quality so I am driven to contribute to it.
With healthcare been behind in its adoption of technology there is huge opportunity to innovate and deliver great value. So I see it as a great sector to drive improvements and there is a growing movement to utilize technology better.
Its always a great feeling to go to work knowing that what you do is helping the community by improving their access to and the quality of healthcare services. So while I am not a clinician I can contribute my ICT skills and experience to assist on a broad scale which is very satisfying.
What is your biggest goal? Where do you see yourself in 5 years from now?
My ultimate goal is to be seen as one of the best Healthcare CIO’s in the world through delivering innovations in digital health. The two areas that I see as critical to this are enhancing data integrations between health record systems within healthcare organisations and the interoperability of systems to allow controlled client data flows across the different organisations they visit in their healthcare journey.
In five years time, I would like to be in a larger healthcare CIO role with the ability to positively impact even more patients through digital health innovations.
Many companies are currently undergoing digital transformation processes – what are your tips on a successful digital transformation?
1. Even big ambitious projects should start with smaller pilots to test out assumptions, make improvements and get learnings.
2. Successful small pilots create proof and excitement about the change that you are providing and if done well you won’t have to push other teams to accept the change, they will actually line up to have it. The easiest way to affect change with ICT is to have people asking for it and lined up waiting for it. Successful pilots will do this for you.
3. Know that change fatigue really is a thing, non-ICT people don’t find technology as interesting as you do and can get tired of it. So wherever possible effect change so it is not noticeable for things like cybersecurity and infrastructure changes. Because if they notice it then it contributes to their change fatigue.
4. The best way to get end users to adopt to your digital transformation is for them to see the value of the change and trust in your vision.
This will only happen if you have successfully delivered on some earlier changes that make a positive impact for them. Then when you say the next change will also be positive they are more open to it.
5. Always have the final goal in mind and visualize and plan for the steps to achieve it. The worst thing you can do is make short term decisions and implement things that you need to replace later or majorly change to get to the end goal. This will increase the change fatigue, drive up costs and increase the time required. So strategically think through where you want to get to and how to make it happen.
6. Ensure that you have the board and executive support for the digital transformation elements because technological issues, resourcing constraints and push back from some teams will occur and you need support to continue.
IN FIVE YEARS TIME, I WOULD LIKE TO BE IN A LARGER HEALTHCARE CIO
ROLE WITH THE ABILITY TO POSITIVELY IMPACT EVEN MORE PATIENTS THROUGH DIGITAL HEALTH INNOVATIONS
7. Don’t be afraid to change your mind. Sometimes you may be committed to a technology direction and you have communicated that. As things progress you learn more, technology options change and your knowledge can improve to the stage where you now see a different path as the best one. If you doggedly continue on the original path even though you no longer think it is the best one you are setting yourself up for failure. Be brave, say you changed your mind and follow the best path because you will ultimately be judged on the outcome of the digital transformation not whether you followed the path you initially intended.
One word that best describes how you work. Strategically.
James Thang
Group Chief Information Officer (CIO), UCSI Group
Ensuring a Seamless Fusion of Technological Innovation & Operational Excellence Across
Diverse Industries
James Thang is a Group CIO at UCSI Group Holdings, with 26 years of experience in software development, digital transformation, IT project management, and people management. He led the implementation of UCSIPAY, a cashless payment mobile app solution integrated with UCSI’s parking and retail systems. He also develops digital roadmaps for UCSI, focusing on hybrid workspaces and cloud solutions. He has held C-level positions in MNCs and public listed companies and presented to their boards and shareholders. He has received several awards, such as ETCIO Transformative CIO 2022 & 2023, The World CIO 200 (Legend Category) for 2023 & 2024, and IDG FOUNDRY ASEAN CIO100. He has been chosen to represent Malaysia at the upcoming World CIO 200 Summit 2024 Grand Finale in South Africa.
Recently, in an exclusive interview with CIO Magazine, James shared his professional trajectory, current roles and responsibilities as Group Chief Information Officer (CIO) at UCSI Group, insights on how the role of CIO has evolved and will continue to change in the future, significant career milestones, future plans, words of wisdom, and much more. The following excerpts are taken from the interview.
James, please explain your career journey. How have previous roles supported your current role as Group Chief Information Officer (CIO), UCSI Group?
As the Group Chief Information Officer (CIO) at UCSI Group, I orchestrate the meticulous design and execution of visionary IT strategies, ensuring a seamless fusion of technological innovation and operational excellence across diverse industries. My professional journey has been distinguished by hands-on expertise in technical development, strategic planning, and design, exemplified through transformative projects across varied domains.
Key highlights of my previous leadership include:
a. Pioneering and implementing cutting-edge eBanking solutions, setting new benchmarks in the banking sector.
b. Spearheading digital transformation initiatives and deploying self-service portal platforms to redefine user experiences in the telecommunications sector.
c. Elevating digital transformation frameworks, AD security access control, and SkillDB systems to unprecedented levels in the automotive sector.
d. Implementing RFID and IR4 automation technologies to revolutionize operational efficiency in garment manufacturing.
e. Establishing a sophisticated document collaboration and review platform, fostering innovation in the life science sector.
f. Innovating a cloud-based CCTV solution, enhancing surveillance capabilities in critical sectors.
g. Contributing to digital health services, driving advancements in the healthcare sector.
h. Architecting a cryptocurrency trading platform with blockchain technology, navigating the forefront of financial technology.
i. Streamlining eProcurement, eCommerce, loyalty rewards, and eBidding processes with precision across diverse sectors.
j. Designing and implementing a multifaceted genealogy system, elevating network structures in the multi-level marketing sector.
These endeavors underscore my ability to navigate complex challenges, delivering innovative solutions while fostering collaboration across diverse teams. Positioned as a strategic leader, I am poised to lead UCSI Group's IT function to unparalleled heights, aligning seamlessly with the organization's vision and mission.
What are your biggest challenges and opportunities, and how is the CIO function supporting the organisation’s priorities?
As the CIO of UCSI Group, I thrive on solving problems and creating value. I have successfully delivered the UCSIPAY eWallet & LPR Parking system project with limited resources and tight deadlines, making us the first educational institution to offer a digital wallet and an integrated parking system. I constantly scan the horizon for emerging technologies, anticipating how they will shape our industry and our future. The CIO role is not static, but dynamic and adaptive, reflecting the digital era's rapid changes. I embrace this evolution, and I am ready to lead UCSI Group through this journey, ensuring we harness the power of disruptive technologies to our benefit. I anticipate further evolution, and I am keenly positioned to guide
POSITIONED AS A STRATEGIC LEADER, I AM POISED TO LEAD
UCSI GROUP'S IT FUNCTION TO UNPARALLELED HEIGHTS, ALIGNING SEAMLESSLY WITH THE ORGANIZATION'S VISION AND MISSION
UCSI Group through this journey, ensuring we leverage disruptive technologies to our advantage.
Which disruptive, emerging technologies do you expect to have the biggest impact on your organisation and sector?
Some of the disruptive and emerging technologies that I expect to have a significant impact on my organisation and sector are:
a. AI: Artificial intelligence is the technology that enables machines to perform tasks that normally require human intelligence, such as reasoning, learning, decision making, and natural language processing. AI can help us to improve our efficiency, quality, innovation, and customer satisfaction. For example, we can use AI to automate our business processes, analyse our data, personalise our services, and enhance our learning outcomes.
b. UCSI SuperApps: UCSI SuperApps is a platform that integrates various applications and services that cater to the needs and preferences of our students, staff, and partners. UCSI SuperApps allows us to offer a seamless and convenient user experience, as well as to leverage the power of data and analytics to optimise our operations and offerings. For example, we can use UCSI SuperApps to provide eWallet, eLearning, eTranscript, eScroll, eHealth, LPR Parking, eProcurement, eApproval and eLeave services.
c. Digital Transformation: Digital transformation is the process of using digital technologies to create new or modify existing business models, processes, products, and services. Digital transformation can help us to increase our agility, competitiveness, and value proposition. For example, we can use digital transformation
to create new revenue streams, improve our customer engagement, and foster a culture of innovation and collaboration.
How much have you seen the CIO role change, and to what extent do you expect it to continue to evolve?
The CIO role has changed significantly over the years, and I expect it to continue to evolve in the future. Some of the key changes and trends that I have observed are:
a. From a managing to collaborating: The CIO role has changed a lot with the emergence of the CISO role, as the two roles have different but complementary responsibilities and objectives.
The CIO role is more focused on the strategic and business aspects of IT, while the CISO role is more focused on the operational and security aspects of IT. The CIO role has become more collaborative and communicative, as the CIO needs to work closely with the CISO and other senior executives to align the IT strategy with the business goals and
the security requirements. The CIO also needs to communicate effectively with the board of directors, the customers, and the employees about the IT vision and value proposition.
b. From a technical expert to a strategic leader: The CIO role has shifted from being a technical expert who manages the IT infrastructure and operations, to being a strategic leader who drives the digital transformation and innovation of the organisation. The CIO role now requires more business acumen, communication skills, and stakeholder management skills, as well as the ability to align the IT strategy with the organisational vision and goals.
c. From a cost centre to a value centre: The CIO role has moved from being a cost centre that focuses on reducing IT expenses and risks, to being a value centre that focuses on creating and delivering IT value and benefits to the organisation. The CIO role now requires more financial management skills, performance measurement skills, and value delivery skills, as
THE CIO ROLE HAS CHANGED SIGNIFICANTLY OVER THE YEARS, AND I EXPECT IT TO CONTINUE TO EVOLVE IN THE FUTURE
well as the ability to demonstrate the return on investment and impact of IT initiatives.
d. From a service provider to a business partner: The CIO role has transitioned from being a service provider who supports the business functions and processes, to being a business partner who collaborates with the business units and customers. The CIO role now requires more customer-centric skills, relationship-building skills, and co-creation skills, as well as the ability to understand the business needs and expectations, and to provide innovative and tailored IT solutions. Also CIO role has become more innovative and adaptive, as the CIO needs to leverage the latest technologies and trends to create new business opportunities and competitive advantages. The CIO also needs to be flexible and agile to respond to the changing business needs and demands, as well as the evolving security threats and risks.
These changes and trends indicate that the CIO role is becoming more complex, challenging, and influential in the organisation and the sector. I anticipate that the CIO role will continue to evolve as the digital era progresses, and that the CIO role will need to adapt to the changing demands and opportunities of the digital environment.
What do you think are the new technologies and cultures/ methodologies which will define the future workplace, and what do you think is the role of the CIO in helping design and deliver these?
In my personal view, some of the new technologies and cultures/methodologies that I think will define the future workplace are:
a. Hybrid work arrangements: As the pandemic has shown, remote work can be effective and beneficial for many workers and organizations. In physical office, many big organisation convert the permanent seating arrangement turn into hot seat. However, some workers may prefer or need to work in a physical office, or a combination of both. Hybrid work arrangements allow workers to choose where and when they work, based on their preferences, needs, and tasks. This can increase worker satisfaction, productivity, and flexibility, as well as reduce costs and environmental impact. However, hybrid work arrangements also pose challenges, such as ensuring a consistent and inclusive experience for all workers, maintaining communication and collaboration, and managing performance and security.
b. Zero-trust strategies: As more workers and sensitive classified organisation data move to the cloud, the traditional perimeter-based security model becomes obsolete and inadequate. Zerotrust strategies are based on the principle of verifying the identity and access of every user, device, and request, regardless of where they are located or what network they are using. By implementing Zero-trust strategies can help organizations enhance their security posture, reduce cyber risks, and comply with new cyber law regulations, by using technologies such as multi-factor authentication, encryption, microsegmentation, and continuous monitoring.
c. Digital onboarding and training: As the workforce become more diverse, distributed, and dynamic, the need for effective and engaging onboarding and training becomes more critical. Digital onboarding and training can help organizations deliver personalized, interactive, and scalable learning experiences to their workers,
using technologies such as artificial intelligence, virtual and augmented reality, gamification, and adaptive learning. Digital onboarding and training can help organizations improve their talent attraction, retention, and development, as well as their performance and innovation.
The CIO in helping design and deliver these new technologies and cultures/methodologies is crucial and multifaceted. The CIO needs to:
a. Align the IT strategy with the organizational vision and goals and communicate the IT value proposition to the board of directors, the customers, and the employees.
b. Collaborate with the business units and customers to understand their needs and expectations and provide innovative and tailored IT solutions that create value and competitive advantage.
c. Lead the digital transformation and innovation of the organization and leverage the latest technologies and trends to create new business opportunities and enhance customer satisfaction.
d. Manage the IT function and ensure its efficiency and effectiveness and deliver highquality and reliable services to the business units and customers.
e. Measure and demonstrate the return on investment and impact of the IT initiatives and projects, and ensure they are aligned with the security, ethical, and regulatory requirements.
In your academic or work career, were there any mentors who have helped you grow along the way? What’s the best piece of advice you have ever received? Throughout my academic and work career, I have been fortunate to have mentors who have
helped me grow and learn along the way. Some of them are Dato' Peter Ng, Prof Dr. Jimmy Mok, Daniel Quah & Datuk Dr Siti Hamisah from UCSI Group of Companies, Azfal Abdul Rahim, Julian Ding & Johnson Lam from Time doCom, Dieter Haban from DaimlerChrysler TSS GmbH, and personal friends such as Johnson Lam, Jezs Lee, Fion Chang, Tan Sze
Mien, William Song and Looi Kien Leong. They have all inspired me with their wisdom, guidance, and support.
The best piece of advice I have ever received is to always be curious, humble, and passionate about what I do, and to never stop learning and improving myself. This advice has motivated me to pursue my goals, overcome challenges, and embrace opportunities. I am grateful to all my mentors for their invaluable contributions to my personal and professional development.
Which technology are you investing in now to prepare for the future?
To prepare for the future, I am investing in three cutting-edge technologies that have the potential to transform the world: Generating AI Technology, Blockchain, and Cybersecurity
What are your passions outside of work?
Outside of his professional pursuits, I am deeply passionate about Arowana fish. I actively participate in Arowana competitions in Malaysia and Indonesia, demonstrating my commitment to this hobby. Furthermore, my expertise in the field is evident as I serve as a Professional Judge in Arowana competitions for AquaFair Malaysia, showcasing my enthusiasm and knowledge that extend beyond the workplace.
BY IMPLEMENTING ZERO-TRUST STRATEGIES CAN HELP ORGANIZATIONS ENHANCE THEIR SECURITY POSTURE, REDUCE CYBER RISKS, AND COMPLY WITH NEW CYBER LAW REGULATIONS, BY USING TECHNOLOGIES SUCH AS MULTI-FACTOR
AUTHENTICATION, ENCRYPTION, MICRO-SEGMENTATION, AND CONTINUOUS MONITORING.
What do you consider your greatest achievement?
My greatest achievement is successfully architecting, designing, and delivering the UCSIPAY eWallet and LPR parking system for UCSI Group of Companies. This project was a significant challenge for me because it required me to use my technical, strategic, and leadership skills, as well as to overcome the constraints of time, budget, and resources. The challenge was to create a digital wallet and an integrated parking system for our students, staff, and
customers, to provide a seamless and convenient user experience, as well as to leverage the power of data and analytics to optimize our operations and offerings. The action was to lead the project team, collaborate with the stakeholders and customers, and manage the project scope, schedule, and resources. The result was that we successfully delivered the project within the given timeframe and budget and achieved high customer satisfaction and adoption rates. This project also won us several prestigious awards, such as the IDG Foundry ASEAN CIO100
2023, GEC World CIO200 2023, and ETCIO
Transformative CIO 2022, which recognized our innovation and excellence in IT.
Where do you see yourself in the next 5 years?
In the next five years, I see myself as a successful entrepreneur in digitalization, cybersecurity and innovation software product development. This is my long-term goal, as I am passionate about creating and delivering solutions that can enhance the process flow, security, efficiency, and value of various industries and sectors.
To achieve this goal, I have set some specific, measurable, achievable, relevant, and timebound objectives, such as:
a. Completing a PhD degree in Industrial Engineering by 2026, to expand my knowledge and skills in this field, and to network with other experts and potential partners.
b. Establishing and leading a team of talented and motivated professionals by 2025, to execute the product development and delivery, and to foster a culture of innovation and collaboration.
c. Scaling and growing the UCSI SuperApps and the business digital transformation by 2026, to reach a wider and more diverse customer base, and to generate revenue and profit.
d. Achieving a leading position in the cybersecurity and innovation software market by 2028, to establish a strong brand reputation and recognition, and to create a positive social and environmental impact.
These objectives are aligned with my current role as Group CIO, as they allow me to apply and enhance my technical, strategic, and leadership skills, as well as to leverage the opportunities and resources that UCSI Group of Companies provides. I believe that by pursuing this goal,
I can contribute to the vision and mission of UCSI Group of Companies, as well as to my own personal and professional growth.
What is the one piece of advice that you can share with other professionals in your industry?
In a world that is constantly evolving, I believe that the most valuable skill for any professional is the ability to adapt, explore, and learn. That is why my advice to fellow professionals in my industry is to embrace change, stay curious, and foster a culture of continuous learning.
Change is inevitable, and sometimes it can be disruptive and challenging. But it can also be an opportunity to grow, innovate, and create value. Instead of resisting or fearing change, we should welcome it and see it as a chance to improve ourselves and our work.
Curiosity is the fuel that drives us to discover new things, ask questions, and seek answers. It is what motivates us to learn from others, experiment with new ideas, and challenge ourselves. Curiosity keeps us engaged, excited, and open-minded. It also helps us to avoid complacency and stagnation.
Learning is the process that transforms our curiosity into knowledge, skills, and insights. It is what enables us to adapt to change, solve problems, and create solutions. Learning is not something that we do once and then stop. It is something that we do continuously, throughout our careers and lives.
By embracing change, staying curious, and fostering a culture of continuous learning, we can not only survive, but thrive in our dynamic industry. It is this mindset that has propelled my journey, and I hope it will inspire yours too.
Helping Companies Reach the Next Level of Cybersecurity
Carolin Desirée Toepfer
Founder & Chief Information Security Officer as a Service, Cyttraction.com
Carolin Desirée Töpfer is the founder of Cyttraction & WhiteHatBuddyAI. She bootstraps towards a global learning infrastructure platform that makes risk training and knowledge management measurable and fun. As Chief Information Security Officer as a Service, with her new B2B courses and the AI tool, she has set herself the goal of "nudging" as many companies as possible towards strategic IT security, secure data processing and new revenue potential - without any fear of complexity.
Recently, in an exclusive interview with Digital First Magazine, Carolin shared her professional trajectory, insights on how the cybersecurity landscape has changed over the last few years, the mission and vision of Cyttraction.com, her cybersecurity leadership style and approach, future plans, words of wisdom, and much more. The following excerpts are taken from the interview.
Carolin, please tell us about your professional background. How did you get interested in cybersecurity?
I started with websites and digital community building during my teenage days 20 years ago and kept everything digital and technology a hobby. In student jobs and later in professional life I learned that it was still super hard for companies to implement digital structures and clear data processes. At this point I first got responsible for such projects and then in 2016 decided to start a digital transformation consultancy to help companies as an external consultant.
Running my own tech projects on the side, for one I needed more insights in data protection and cybersecurity, what lead me to IT forensics where I could connect well due to my experience with old school internet, network, and server infrastructures. I recognized that I bring a lot of needed knowledge due to my remaining skills and ongoing admin work and so got into cybersecurity training, helped many companies with achieving a higher security level and preparing certifications, started working on Cyttraction in 2020, before I ended up in the Chief Information Security Officer role.
According to you, how has cybersecurity changed over the last few years?
I see quite an interesting evolution of the cybersecurity industry since I joined the bubble. Being still far away from diverse, different perspectives and soft skills did not count that much, years ago. Then there have been many wake-up calls putting user training and cybersecurity awareness in the spotlight, while many tech suite providers shifted to the idea of one overall solution for everything cyber. Parallel, the discussion around resilience started
THE CLEAR FOCUS OF
THE CISO
ROLE SHOULD
BE
ON IMPROVING THE COMPANY'S SECURITY
LEVEL,
AVOIDING
DATA LEAKS AND HACKER ATTACKS AS WELL AS IMPLEMENTING SOLID RESPONSE AND REPORTING PROCESSES THAT PREVENT A WORSTCASE SCENARIO AND ALLOW OPERATIONS TO CONTINUE FOR THE COMPANY AND BUSINESS PARTNERS
– yet most companies using the internet still lack basic understanding and minimum cybersecurity processes. Especially startups and small businesses are often overwhelmed by the number of warnings on one side and offered solutions on the other.
Looking at the current vulnerability situation, that I also cover in my daily/ weekly newsletter, back to basic cybersecurity homework and being more open-minded when identifying potential risk scenarios is important in 2024. Next to typical money-driven hacking, there are a lot more state-sponsored activities, but misinformation, disinformation and digital organized financial fraud are also risky for companies and institutions. At least every business falling under stricter EU/ US regulations or planning to work with regulated corporations should at least have a basic version of an information security management system to manage and mitigate those risks on a daily basis.
What are some of the key components to succeeding as a CISO in today’s business environment?
Same as a CEO, a CISO is not selling ice cream. If you want to do this job properly, you first must communicate the “Why Cybersecurity?” repeatedly and to different peer groups. Keeping your own knowledge up to date and understanding the CFO and the sales rep's perspective helps a lot. Being able to deal with challenges and conflicts is also necessary. From a technical perspective, everything is possible. Budget and people’s fears and behaviors make the job complicated sometimes. I also get more requests for personal guidance from tech professionals, as they face the same challenges. The clear focus of the CISO role should be on improving the company's security level,
avoiding data leaks and hacker attacks as well as implementing solid response and reporting processes that prevent a worst-case scenario and allow operations to continue for the company and business partners. Therefore, it’s important to know your own standards and have an overview of your specific skill set. Everybody is an expert from A to B, maybe C. But never from A to Z. This is why cybersecurity is a team job and external support is a real need for all companies without a dedicated security team.
And then it’s all about remaining persistent, while staying agile enough to manage the daily
threat situation. In best case with the support of the companies’ management board that understands the importance of risk management. Against them is not possible.
What is the mission and vision of Cyttraction.com? What sets it apart from other market competitors?
Cyttraction stands for “Cyber + Attraction”, the main idea is a globally available learning infrastructure platform that makes risk training and knowledge management measurable and fun. First of all but not only for cybersecurity.
Nobody should be forced to do their further education or share their own knowledge. Putting client service, user experience and measurable learning outcomes front and center, it’s more complicated to build – and in this case bootstrap – the business. But this is the way intercultural ongoing training works in the future.
No investment also means no compromises in research and development. There are a lot of learnings from the first 4 Cyttraction online course generations on cybersecurity and course creation yet. It turned out that the approach is needed in many different business areas. And there are even parents who would love to see the final platform in schools. The newest courses including cybersecurity training and project guidance for setting up an information security management system as well as regular cybersecurity routines at a reasonable budget, will again lead to a lot of interaction insights and client feedback and be an important next step on the way to achieving my main vision for Cyttraction.
Security and Resilience are two interlinked concepts. From your perspective, why is it important to equally focus on building resilience? First, we have to be careful with the term “resilience”. If we are looking at a well-trained sport superstar who suffers from an injury and heals in no time, this is understandable resilience. But most companies are no superstars when it comes to cybersecurity. Therefore, the option for resilience is far less given. You first need a certain cybersecurity level that helps lower reputational damage and financial losses in the case of a successful attack.
For companies it is most important to be honest about the status quo and then find a strategy that fits their business model, regulatory and client requirements – as well as manageable investment volume. When this puzzle fits together perfectly well and there are the right motivated people at the right place, then cybersecurity resilience becomes possible.
FOR COMPANIES IT IS MOST IMPORTANT TO BE HONEST ABOUT THE STATUS QUO AND THEN FIND A STRATEGY THAT FITS THEIR BUSINESS MODEL, REGULATORY AND CLIENT REQUIREMENTS – AS WELL AS MANAGEABLE INVESTMENT VOLUME
WOMEN, MIGRANTS, REFUGEES, AND PEOPLE FROM OTHER STRESSED SOCIAL BACKGROUNDS OFTEN DO NOT HAVE ACCESS TO THE NEEDED CAPITAL, KNOWLEDGE AND SUPPORT NETWORK. IT’S TIME TO CHANGE THAT
What is your cybersecurity leadership style and approach?
Transparency and communication are key factors for me. I don’t hide information and I explain complex topics in so many different ways, until the person I am talking to understands. This goes for cybersecurity and business topics. Transparency for me also means talking openly about unpleasant things, budget shortages or mistakes, like when a user clicked a malicious link. If there is a culture of transparency and open communication, everything else can be dealt with.
What does working in cybersecurity mean on a practical level, and what kinds of skills/personality traits are an asset in the field?
Discipline and commitment are needed. Routines make the job easier. One should be a curious IT admin with regulatory and business processes in mind and the will to solve problems until things work again – even when it gets frustrating and takes longer. It also helps to understand that there is no common sense and the whole cyber world looks different from different people’s perspectives.
What are some of the roadblocks you face to doing your job well? What do you do to overcome those challenges?
In the end of 2023, bootstrapping Cyttraction while working as CISO as a Service with clients from different industries got a bit challenging. I solved this by taking a step back, question my priorities and discuss client needs again. This led to process cuts for the Cyttraction content marketing. We also restructured the online courses and provide next to in-depth cybersecurity learning experiences for professionals and individuals more of my personal CISO-experiences and career guidance. So even attendees who don't get a 1:1 spot can profit.
In your career, were there any mentors who have helped you grow along the way? What’s the best piece of advice you have ever received?
I learn something new every day, from different sources such as books, videos, personal meetings, online courses and podcasts and
from so many people. I don't have a traditional mentor, but I have lots of smart friends and advisors, experts from different fields who provide support with specific questions. There is a lot of good advice in there. The most important takeaway is probably that exchanging ideas always helps you move forward and that you are never alone with your challenges.
Where would you like to be in the next 5 years?
I have a clear global playbook for Cyttraction with annual goals. They are mostly about community building, service content and supporting various startups and businesses with my courses. Until 2030 I want to work with clients in all 10 identified target markets and open local offices in the most. I estimate that we will also have first global corporates using the Cyttraction platform then.
At the point where I reach my financial goals, I want to invest in other underrepresented tech founders. Women, migrants, refugees, and people from other stressed social backgrounds often do not have access to the needed capital, knowledge and support network. It’s time to change that.
What advice would you give other CISOs or hope-to-be CISOs?
Don’t focus too much on personal certificates, focus on interesting cybersecurity projects. It will also help a lot to build stuff and administrate IT infrastructure yourself. Seek personal online and real-life exchange with other CISOs. Have a clear set of work ethics for the job profile and make sure you work with companies and managers who align with your own goals.
Sharon Ng
Senior Director- Regional Solutions Area Lead, Avanade
Committed to Shaping the Future of Technology & Inspiring the Next Generation of Tech Leaders
Sharon Ng, a strategic and driven global executive with over two decades of experience in leading across technology, business strategy and operation organisations, exemplifies the epitome of tech leadership. Her career is marked by her inspiring leadership and innovative approach to delivering clear business outcomes and impact, earning her the prestigious CIO75 and CIO100 ASEAN Award three times.
At the helm of significant digital and business transformation initiatives, she successfully navigated global business and IT landscapes, guiding cross-border teams towards industryleading solutions. A well-respected trusted adviser and a champion of transformative leadership, Sharon is defined not just by her achievements, but also by her commitment to shaping the future of technology and aspiring tech leaders.
Recently, in an exclusive interview with CIO Magazine, Sharon shared her professional trajectory, how the role of CIO has evolved over the last decade, the best piece of advice received by her, the secret sauce behind her success, future plans, words of wisdom, and much more. The following excerpts are taken from the interview.
Sharon, please tell us about your background and areas of interest.
Born in Singapore and having spent a significant part of my life in Australia, I consider both Melbourne and Singapore home. With over 25 years of experience, my career evolved from software engineering to leading global technology teams, before switching gears to
leading business transformation, strategy and operations at companies such as Microsoft and Dell Technologies. Outside of work, I am an avid reader on financial markets and investments. I am also a lover of the nature, particularly mountains and oceans. Additionally, I have a keen interest in culinary experiences, embracing my foodie side.
Brief us about your roles and responsibilities as Senior DirectorRegional Solutions Area Lead at Avanade
In my current role within Avanade's Southeast Asia Regional Exec Leadership team, I spearhead efforts to drive strategic growth and innovation across our Applications & Infrastructure solution areas across the region. My responsibilities include providing business and technology leadership that supports and empowers our customers in their digital transformation journeys, helping them address complex business challenges. This involves orchestrating the strategy and delivery of innovative, cutting-edge solutions that unlock the full potential of Microsoft technologies, resulting in exceptional customer experiences.
A key focus of my role is fostering an innovative, high-performing, and agile organizational culture within our practices and teams. This commitment is essential to building robust digital capabilities and solution offerings that consistently deliver transformative results and business value to our customers together with partner ecosystem.
How have you seen the role of the CIO change in the last 5-10 years, and what changes do you see on the horizon in the years ahead?
In the last 5-10 years, the CIO's role has definitely evolved significantly. It has transitioned from managing IT systems to becoming strategic business leaders and influential change agents. CIOs now play a more prominent role in board meetings and leading digital innovation and transformation initiatives. This role now demands a
deeper understanding of both organizational capabilities and market dynamics, as well as the development of internal capabilities for broader organizational impact.
Looking forward on the horizon ahead, I think the CIO's role is set to become even more strategic focused, connecting technology with business strategy to achieve desired outcomes. They will be leading the charge to new technological frontiers and leveraging emerging technologies to foster innovation, organizational agility and resilience, equipping businesses to respond swiftly and effectively navigate unexpected market shifts and challenges.
What do you think are the new technologies and cultures/ methodologies which will define the future workplace, and what do you think is the role of the CIO in helping design and deliver these?
In the future workplace, marked by technological advancement and flexibility, we'll see a shift from traditional settings to boundaryless, hybrid environments. Smart technology, like smart boards, facial recognition, and smartphonecontrolled systems, will enhance office spaces. For example, employees can reserve resources such as transportation, parking, and meals seamlessly. Hot desking will become more personalized with automated preferences, and AI will optimize meeting room bookings. Digital collaboration will be elevated through cloud-based tools and virtual reality, making remote participation more immersive. Leveraging IoT and integrating smart building technology will also help boost efficiency and move towards achieving sustainability goals. As these technologies evolve, the role of CIOs will be
crucial in ensuring that workplaces not only keep pace with technological advancements but also provide a consistently excellent experience for employees.
In your academic or work career, were there any mentors who have helped you grow along the way? What’s the best piece of advice you have ever received?
Yes, I am very appreciative of all my mentors throughout my life and career journey to date. One of the best advices received: “You are tougher than you think, don’t give up, keep working at it and see it through.”
Which technology are you investing in now to prepare for the future?
In addressing current needs and preparing for the future, our focus is investing in technologies that align with and support our business goals. This includes cloud platforms for agility and rapid deployment, data fabric, and intelligent automation for deeper insights. We are also prioritizing robust cybersecurity measures through zero-trust implementations. Furthermore, there are also exploration for combined emerging technologies such as AI, IoT, and robotics to enhance customer experience and operational efficiency. These technology investments are paramount to staying at the forefront of digital innovation to support our strategic priorities and business outcomes.
What are your passions outside of work?
Traveling is a passion of mine, particularly in exploring new destinations. I cherish spending
quality time with loved ones, immersing myself in different cultures, and experiencing how the locals live. A highlight for me is delving into the culinary scene, especially fresh food markets, which offers a taste of the country’s unique flavors and traditions.
You have successfully navigated global business and IT landscapes and guided cross-border teams towards industry-leading solutions over the course of more than two decades of your career. Our readers would love to know the secret sauce behind your success.
I suspect my secret sauce hinges deeply on being authentic, having a clear vision, and decisive leadership. I believe in building trust as the cornerstone of effective team and stakeholder engagement. A critical element of my leadership style is driving execution well while being an inspirational and supportive leader. I like to focus on removing obstacles, guiding teams through challenges, and fostering an environment where pushing boundaries is encouraged.
Where do you see yourself in the next 5 years?
In the next 5 years, I see myself potentially back in a global executive capacity, where I will have a broader scope of influence and strategic responsibility, particularly in driving significant impact and innovation in both business and digital domains. Additionally, I am open to the possibility of embarking on an entrepreneurial journey, exploring new avenues and challenges in the dynamic business landscape.
LOOKING FORWARD ON THE HORIZON AHEAD, I THINK THE CIO'S ROLE IS SET TO BECOME EVEN MORE STRATEGIC
FOCUSED, CONNECTING TECHNOLOGY WITH BUSINESS STRATEGY TO ACHIEVE DESIRED OUTCOMES
Given your experiences and achievements, what advice would you give to aspiring technology leaders who aim to make a positive impact in their organizations and the industry as a whole?
For aspiring technology leaders, my key advice is to be bold in challenging the status quo and
be the change agent. It is vital to have a clear understanding of the business issues at hand and the factors that can influence them. Foster an innovative and agile tech culture within your team. Leadership should be purposeful and empathetic, embracing adaptability and resilience. Be ready to navigate through changes and challenges with a proactive mindset.
PATIENT SAFETY AND TRUST: EMBRACING
THE PARADIGM SHIFT
IN HEALTHCARE DEVICE SECURITY
Jian Gong
Senior Director, Information Security and Technology
Jian Gong is a technology, cybersecurity, and data privacy leader with experience in various industries, ranging from Defense, Pharmaceuticals, Media, and Healthcare. He has architected and implemented cybersecurity and privacy programs for small businesses and global enterprises to help them sustainably and securely scale their technology infrastructure and processes. Jian is currently the Senior Director of Information Security and Technology for CareRev, a healthcare technology company that develops modern, workforce management platforms to address persistent staffing shortages across hospitals and health systems. He previously worked for Better Therapeutics, a prescription digital therapeutics company focused on helping patients treat the underlying causes of cardiometabolic diseases like Type II Diabetes. Jian also volunteers as a mentor for several non-profit organizations, such as Cyversity, serves on the Board of Directors of the International Human Rights Art Movement (IHRAM), and is an active member of various professional organizations.
Cybersecurity threats against the healthcare industry continue to grow at alarming rates. From theft of sensitive health information to system outages that prolong patient stays, the impacts of these threats are felt by patients and healthcare providers alike. For manufacturers of medical devices and healthcare technologies, these threats represent both a growing challenge and a business opportunity to invest in security and drive meaningful change.
According to a 2022 report from the Ponemon Institute [1], ransomware attacks against hospital networks directly impact patient care and safety. 56% of survey respondents said internet-enabled device attacks resulted in longer patient lengthof-stays, leading to higher costs, while 48% of respondents said these attacks resulted in theft of patient data, which may result in targeted scams and social engineering toward affected individuals. In some cases, impacted hospitals had been forced to divert patients to other nearby facilities. The bottom line? Increased costs in an already expensive market and erosion of patient trust and safety.
In a recent survey of patients conducted by the American Medical Association (AMA), over 92% of patients believe that privacy is a right and that their health data should be protected and kept private. [2] Patients are also least comfortable with big technology companies having access to and using their data, which could have long-term implications for the adoption of digital technologies in healthcare. At the same time, healthcare providers are demanding more secure medical devices before they procure them; a trend that will only increase with the use of connected medical devices across all stages of patient care.
TO EFFECTIVELY EVALUATE THE IMPACT OF SECURITY RISKS ON PATIENTS, COMPANIES MUST TRANSLATE THE SECURITY RISKS INTO PATIENT RISKS TO DRIVE PRODUCT AND BUSINESS DECISIONS IN A MEANINGFUL WAY
With this in mind, healthcare organizations, medical device manufacturers and suppliers face both a challenge and an opportunity. How do we continue to embrace the use of technology in healthcare without compromising privacy, security, and patient safety?
The good news? The paradigm shift is underway.
The Food and Drug Administration (FDA) is among many organizations leading a paradigm shift in how we view and address cybersecurity in healthcare. The FDA recently released its final guidance on “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions”, which outlines a key set of cybersecurity controls that medical devices must have to be considered for approval. [3]
The contents of the final guidance align with the draft guidance issued in 2022. Robust risk management, lifecycle vulnerability testing, and clear security requirements are among the many themes of the guidance.
Coupled with the Refusal to Accept (RTA) policy issued by the Agency in March 2023, these standards help pave the way for more robust digital security and safety controls in the next generation of medical devices that range from blood glucose monitors to embedded devices and prescription digital therapeutics. Beyond these standards, there are many other actions that medical device manufacturers and suppliers can take.
Device hazard and safety analysis models must incorporate security risks
Patients and providers use medical devices across a range of environments often for years if not
MEDICAL DEVICE MANUFACTURERS AND SUPPLIERS NOW HAVE A BREADTH OF RESOURCES THAT THEY CAN DRAW ON TO IMPROVE THEIR AWARENESS AND IMPLEMENTATION OF MORE ROBUST SECURITY CONTROLS
decades. Therefore, companies must invest in the digital security and safety of the device across its entire lifecycle. Robust risk assessments that evaluate the exploitability of certain weaknesses in the device against the impacts of data theft, outages, and patient harm form the foundation of this investment.
Medical devices must undergo these hazard analyses to account for all potential device hazards associated with the device’s intended use, and in some cases, its unintended uses as well. How does a blood infusion pump with network connectivity continue to function if the network is down? How does a healthcare app on a patient’s smartphone safeguard data if the phone is stolen? The key factors in the analyses are the impacts on patient safety. To effectively evaluate the impact of security risks on patients, companies must translate these security risks into patient risks to drive product and business decisions in a meaningful way.
Device security must consider the impact of interconnected systems in a complex ecosystem
The growing trend toward interconnected devices in a “smart” healthcare delivery system is real according to research published in the National Library of Medicine and other sources. [4] Think of “Internet of Things” (IoT) adapted to medical uses - also known as “Internet of Medical Things” (IoMT). There are many benefits of the IoMT evolution ranging from earlier diagnosis of diseases to more robust information sharing across previously siloed networks. However, from a digital security and safety standpoint, the move toward an interconnected network of
healthcare devices presents a range of security and privacy challenges.
Medical device manufacturers and suppliers must consider how their device operates within this interconnected ecosystem, whether that ecosystem involves the complexities of a patient’s smartphone or a segmented hospital network with hundreds of other devices. How can ransomware propagating across a hospital network affect the ability of a device to provide life-saving functionality? How can a mobile app protect against unintended data theft when running on a patient’s smartphone? In reality, digital threats can arise from any source, so this more holistic view of device security is an important second step.
Public-private partnerships help raise the bar when it comes to security awareness and implementation
Finally, medical device manufacturers and suppliers now have a breadth of resources that they can draw on to improve their awareness and implementation of more robust security controls. These resources range from publicprivate partnerships led by organizations such as the “Medical Device Innovation Consortium” (MDIC) and the “Archimedes Center of Health Care and Medical Device Cybersecurity” to more mature third-party assessment models published by HITRUST.
These organizations help foster dialogue and information sharing between manufacturers, providers, and payers in a more open forum. They frequently publish resources that companies can use to re-evaluate their investments in device security in response to new digital threats, regulatory changes, and patient needs. The goal
THE PARADIGM SHIFT WE SEE IN HEALTHCARE WILL LEAD TO MORE ROBUST SECURITY CONTROLS IN THE DEVICES AND TECHNOLOGIES THAT PATIENTS AND PROVIDERS USE DAILY
is to build a longer-term commitment to digital security and safety in the healthcare industry.
Embrace the paradigm shift in healthcare device security
The paradigm shift we see in healthcare will lead to more robust security controls in the devices and technologies that patients and providers use daily. It sets the foundation for increased awareness and growth in an industry where digital security can translate directly to patient safety.
The momentum is here. Medical device manufacturers and suppliers can seize it and put forward meaningful investments in the digital security of their devices and technologies. In doing so, they have the opportunity to improve patient trust in the use of life-saving technologies and aid the adoption of these technologies by providers and patients alike while differentiating their products in a crowded market by championing digital security as a business enabler.
