Hugo Lai

Foreign.

Ed Gaudet

Welcome to Risk Never Sleeps, where we meet and get to know the people delivering patient care and protecting patient safety. I'm your host, Ed Gaudet.

Ed Gaudette

Welcome to the Risk Never Sleeps podcast in which we learn about the people that are on the front lines delivering and protecting patient care. I'm Ed Gaudette, the host of our program and today I am pleased to be joined by Hugo Lai, the CISO at Temple Health, part of Temple University, correct?

Hugo Lai

That is correct.

Ed Gaudette

Excellent, excellent. Welcome. Excited to learn about your journey. I've done a little research on your background, so I have a couple of questions about your background, but let's start off with your current role in your current health system. A little bit about the organization.

Hugo Lai

Yeah. Thank you for having me, Ed. I'm Hugo Lai. I'm the CISO at Temple Health and I've been with the organization for about three years now and my cybersecurity journey has been very interesting. I actually started as the security consultant from providing services to some government clients and I got married. Obviously don't want to be traveling as often as I wanted to, so I decided to jump into healthcare and it's been a wonderful 20 years.

Ed Gaudette

Excellent, excellent. Yeah, I know. I noticed that about your background. I noticed the time you spent at Booz Allen and Deloitte and Bearing Point brings back memories.

Hugo Lai

That's right, that's right. Good consulting days.

Ed Gaudette

Good consulting days for sure. Yeah. That's when the Internet was really starting to build out the infrastructure. Back in the late 90s or early 2008. Thousands.

Hugo Lai

That's right.

Ed Gaudette

Pretty exciting time. So how does that experience translate into healthcare? Were you able to take some of that experience and apply it?

Hugo Lai

Yeah, I was actually supporting some of the health related government agencies in the public health space. There's been a lot of demanding work ranging from penetration testings to GRC risk assessments. I've actually done cybersecurity work in many different disciplines, if you will. And I honestly enjoyed my consulting base because those are typically short engagements and I get to work with many different clients in different environment and I certainly learned a lot from each of these engagements.

Ed Gaudette

Excellent. And as you look out over the next 12 months or so, what are your top three priorities?

Hugo Lai

Yes, good question. Certainly helping the organization to prevent ransomware attack. That's definitely very high up on my radar. As well as assisting the organization to build business resilience. That's. These are no brainers. For the past few years, I think the entire healthcare organization has been struggling in many of these areas. We are also trying to make sure that our third party business assessment program is robust as well.

Ed Gaudette

Excellent, excellent. And I imagine you're also dealing with innovation, new technology that you have to run through your overall risk assessment program. Talk to us about and share with listeners your experience so far with AI. How are you embracing it? Or maybe you're not. Have you set up a governance structure internally? I hear varying degrees of adoption at this point?

Hugo Lai

Yes. Internally within the organization we do have. We set up an AI committee and I am a member of that committee. As the organization, we are approaching AI very cautiously at this point. I think we all understand that it will certainly bring efficiencies within the organizations, but we are carefully evaluating as of which areas that we want to start utilizing AI. So we are performing quite a bit of assessments as well because we are want to understand the potential security impact when we're bringing AI into environment. There's been a lot of discussions around at a very minimal enabling, for example, like Copilot or some of these large language models. I can see that everyone's going to be embracing this technology very soon. But at the very beginning, I want to make sure that we're setting up the right infrastructure with the right configurations and we understand the security risk that comes with the technology.

Ed Gaudette

I imagine with AI, unlike some of the other technologies that you bring in house, you have much more interaction with the clinical side of the house because they're probably pushing to adopt AI quicker than other parts of the business. Is that what you're seeing or.

Hugo Lai

There's certainly been a lot of discussions from the clinical side as well. And we are primarily relying on vendors to introduce some of these technologies to us where we feel it's appropriate. I think we will put it on our list of evaluations. And again, on the clinical side, we're definitely a little bit more cautious. And we also want to make sure that when we are leveraging, there is a centralized user experience that we can offer our clinicians without having them to go to this application to launch this AI and then launch another application for different flow. So we try to pay attention to that and we haven't really come to a conclusion as to how we want to approach it.

Ed Gaudette

Interesting. Yeah. Integrating into the. The clinical desktop experience.

Hugo Lai

Correct? Correct. Yeah.

Ed Gaudette

Excellent. And you think about your next 12 months, 1224 months. What are some of your top challenges that you're facing, whether they're on the process side, technology adoption or the people side?

Hugo Lai

Yeah, I believe it's finding the right talent to fit into the team. It's one of the challenges that I've seen and it's becoming more challenging for us. Part of the reason is because of the technology innovation that's been going on within the organization. There's a lot of demands. We're trying to go through many different technical projects at the same time. So it certainly gives a lot of pressure to some of our staff members and finding the right talent to help us resolve some of the, help us tackle some of these projects. I, I can certainly see that it's challenging.

Ed Gaudette

Yep. And is the university a good source of talent or have you found.

Hugo Lai

We're certainly partnering with the university to help us in some of those areas.

Ed Gaudette

Got it. Excellent. And so if you look outside of your current day job, what are you most passionate about? What would you be doing if you weren't doing this?

Hugo Lai

I'm actually a martial artist. I practice, I practice Japanese fencing and I do it together with my daughter as well. It's been fun and fascinating.

Ed Gaudette

Tell me about that. I don't know much about that. That's really cool.

Hugo Lai

Yeah. This is as close as Star wars as it can be. And that's a lot of self reflection, actually. It's not about speeding your component, but really looking towards yourself and every single move is about how to perfect that, that movement. So there's a lot of self reflection in each of the practice. We normally start the practice with a little bit of meditation, so it also helps with the stress of the CESO life. And then during the practice it gets very intense. You also get to smack a few folks, if you will. So I certainly enjoy that a lot.

Ed Gaudette

Nice. That's terrific. I think that's the first time I've heard anyone with that passion. So that's really unique and interesting. What if you could go back in time? What would you tell your 20 year old self?

Hugo Lai

Party last, study more?

Ed Gaudette

I don't think I've ever heard that.

Hugo Lai

You know, I think when I think about it, knowledge strongly helps and but honestly I think it's actually spending a little bit more time to understand myself a bit more. To some people I think it comes very naturally. But to others it takes time to look deep underneath yourself to know, for example, what are some of the things that motivates you in life? Right. What are some of the things the people that you enjoy hanging out with, for example. And I feel that for me, it takes a long time for me to find out and it certainly helped me in my career as well because you get to know yourself a bit more and for everything that you do in life, I think sometimes you just need to understand. Right. Like why you're pursuing something, why you want to do certain things.

Ed Gaudette

Yeah, yeah. The why is so important. I'm so glad you said that. And I love that, I love that your comment there. Because the journey is so interesting to me. Not so much the destination, obviously, but that journey of self discovery at any age. Right. Can never be too old to learn something new or to change something about yourself. And so I love that response. That's a really good way to think about it. And I should have told myself less partying too, and more studying.

Hugo Lai

So I had a good time in college.

Ed Gaudette

Yeah. I didn't do anything related to what I'm doing today, so.

Hugo Lai

That's right.

Ed Gaudette

The universe is. It's an interesting teacher for sure, if you let it, if you're open to that, which I certainly am. So I often ask people, and I love to really get to know people about their cultural tastes. We talked a little bit about Japanese fencing, but what about music and movies? If you were stuck on the desert, proverbial desert island, is there a certain set of music that you'd bring or movies that you'd bring with you that you could watch all the time or listen to all the time?

Hugo Lai

Oh, that's going to be very difficult. I think I'm a very typical German. I actually, I embrace diversity. So there's not a one type of music or one genre of movies that I enjoy. And that's why I find it very difficult at my early days in my life trying to understand myself because I do enjoy a lot of things. Yes. I have to look very deep inside myself to truly understand. Okay, is it something that I would like to pursue? Is this something that I enjoy doing? But in the end, what I discover is that I actually, I'm the type of person that will enjoy doing many different things. And that's why I enjoy my consulting days. Right. Because I get to meet different people, I get to do different things, I get to work on different projects, to work in different environments.

Ed Gaudette

I love that. So any particular. Any records or music that you'd bring to your desert island off the top of your head, even if it could.

Hugo Lai

Century, it may be classical music. Yeah, yeah.

Ed Gaudette

Oh, classical music.

Hugo Lai

Yeah. I enjoy a jazz bar. Yeah.

Ed Gaudette

Oh, very nice. Very nice. Excellent. As you think back over your career, what's the hardest lesson you had?

Hugo Lai

Wow. The hardest lesson, I think that would have to be how to apply cybersecurity in an enterprise environment. I think we, at least for myself, I learned Cybersecurity by understanding what are some of the concerns controls. I, I read a lot of the NIST documents and I'm very boring person. No one would actually flip open a NIST document and start reading guilty as charged. But I think we you, at a certain point, you have to understand whether it is actually bringing value to the organization and how to apply these security principles. And it took me a while to. To figure how. How to connect the dots together. And I just hope that when I started my career, maybe I shouldn't be learning about cybersecurity in the first place, but really trying to understand the business a little bit more first and then learn about the technical security principles and then try to apply them to the organization.

Ed Gaudette

Which is probably why you're an excellent CSO and a great business partner.

Hugo Lai

I certainly hope so.

Ed Gaudette

I talk to a lot of CISOs and it's rare that people make that connection. I think the great ones do. They recognize that cybersecurity and risk is a business decision. And so you have to figure out how to connect with the business, understand the business, and communicate and collaborate with the business appropriately. Last question. And again, I'm sure. Is the health system close to the university, like physically or.

Hugo Lai

Yeah, absolutely. Yeah, we are very close to the university.

Ed Gaudette

Okay. So you see probably a lot of students. What would you tell a student that wants to get into cyber and or healthcare? What advice would you have for that person?

Hugo Lai

Be prepared to work a lot of long hours. I think honestly, one of the differences in working in healthcare is that you get to feel the impact that you are bringing to the organization. You know, that you are protecting the patient's privacy or making sure that their information is being protected. I think the difference is that you can actually put a face right to some of the patients as well. So I think that gratification is something that I enjoy the most. I would also ask a lot of our engineers to remember that the very reason why you want to work in the healthcare space is, at least for me, that's one of the reason why I'm working at Tempo Health today is because of that.

Ed Gaudette

Yeah. That shared mission that we have is unlike any other industry.

Hugo Lai

Absolutely.

Ed Gaudette

It's so important, so unique and. Yeah, I know. I'm glad you mentioned that because it's so important. Otherwise it would be just a job. That's right.

Hugo Lai

That's right.

Ed Gaudette

Like everything else. Well, thank you, Hugo. It's a pleasure spending time with you today. This is Ed Gaudette from the Risk Never Sleeps podcast. And if you're on the front lines protecting patient safety and delivering patient care. Remember to stay vigilant because risk never sleeps.

Ed Gaudet

Thanks for listening to Risk Never Sleeps. For the show notes, resources and more information and how to transform the protection of patient safety, Visit us@SenseInet.com that's C-E N S I N E T.com I'm your host, Ed Gaudet. And until next time, stay vigilant because Risk never sleeps.