AAMI News February 2018
One on One with Robert Sayle
Robert Sayle is a technical solutions architect for Cisco Systems, Inc. He also is a member of AAMI's Wireless Strategy Task Force and a regular contributor to the AAMIBlog.
Q: What made you want to work in the healthcare sector?
Honestly, it was dumb luck. Previously, I had been working with state and local governments, and before that, with high-tech companies leading up to and during the dot-com era. I had no experience in healthcare when I made a job change at Cisco and suddenly started covering various health systems throughout Southern California. This move exposed me to the industry in general, as well as to the healthcare community within Cisco. At the time, I started noticing that healthcare networks needed a ton of work in basic design, especially in adopting wireless and equipping clinicians with better collaboration tools, namely mobile phones that could run on a hospital’s internal network. It was a challenge I had to seize.
Q: What do you do in your current position?
I work with customers to figure out what technologies can be applied to solve business problems. It involves a lot of discovery around how they currently operate and whether it can be improved with what’s emerging in high tech. If something seems like a good fit—in other words, we can make a solid business case for it—then I help them develop a roadmap for how to reach their desired end state.
Q: What is the best part of your job?
Finding gaps and filling them. A lot of what I do in networking is prescriptive; there are well-established guidelines to follow that allowfor system stability, scale, interoperability, and security. In other words, it’s been done before. Don’t get me wrong, it’s good to have best practices and standards, but it’s way more fun to push the limits and try to apply technology in unexpected ways. This allows for creativity in what I do. However, these sorts of activities don’t naturally present themselves unless you’re actively searching for them. I’ve found the easiest way to identify opportunities for growth and exploration resides in the gaps. It can be as simple as having a customer want to use a piece of network gear in a way that will obviously work but needs to be tested and documented, or it could be something more complex, such as figuring out a way to universally classify medical devices with a high degree of accuracy.
Q: What is the biggest cybersecurity challenge facing health systems?
Securing medical devices. That’s why I’m participating in AAMI. It’s a huge attack surface that needs to be remedied for both patient safety and privacy.
Q: What one piece of advice would you give to your healthcare technology management colleagues about securing medical devices?
Work with your network and security architects, who usually aren’t the same people, to devise a list of requirements for how your organization wants to securely connect its assets. Be sure to clarify between mandatory capabilities and optional ones. Then hand it to your medical equipment vendors and ask them if they meet these requirements. Also use it as test criteria for onboarding machines. In other words, as part of your normal provisioning process, be sure to invite your IT colleagues along for the ride. Let them participate in your lab and have them run through the appropriate verification tests against the requirements they created. (This is also a good way for you to give them feedback about what is or isn’t working with how they’re supporting your efforts, as well as how to improve it. You’d be surprised how much they want to hear your feedback.)
Q: What one change could manufacturers make to create more secure products?
There’s a concept in security called “defense in depth.” The idea is that there is no silver bullet to security; any single measure can be defeated. However, you stand a better chance of stopping an incursion with multiple security layers. Physical security practitioners have effectively employed this technique, well, forever really. Suppose you’re a medieval king, how might you protect your treasure? Put it in a big stone castle. Sure, but what if your adversary brings ladders to raze you? Then, you’d dig a moat around the castle to make it harder to reach the walls. All right, and what do you do when he rolls up catapults and starts lobbing boulders your way? You’d employ archers with longbows to shoot his henchmen. Hopefully, you get the idea. Using multiple defenses increases your chances of protecting your treasure. The same strategy needs to be applied to securing medical equipment. It means examining all potential attack vectors that could compromise a piece of machinery, analyzing the associated risks, and developing a mitigation plan.
Q: What was the best career advice you were ever given?
“You are a corporation of one.” When I first heard this early in my career, it sounded somewhat selfish to me. I understand now that it means that you’re responsible for your own career. No one will make career choices for you. No one else is looking out for your best interests, and no one else is going to ensure your success. It’s all up to you.
Q: What do you like to do outside of work?
Mountain biking. It makes me feel as if I was 7 years old again riding around on dirt trails with my friends. It doesn’t hurt that it’s good exercise too.