Ross Leo

Foreign.

Ed Gaudette

Welcome to Risk Never Sleeps, where we meet and get to know the people delivering patient care and protecting patient safety. I'm your host, Ed Gaudette. Welcome to the Risk Never Sleeps podcast in which we learn about the people that are on the front lines protecting patient safety and delivering patient care. I'm Ed Gaudet, the host of the program, and today I am pleased to be joined by Ross, Leo. And Ross, you're with Alert Solutions, is that correct?

Ross Leo

That is right. Invisible. Yeah.

Ed Gaudette

Say that five times without coffee.

Ross Leo

It is a bit of a mouthful. You're right.

Ed Gaudette

I want to say Invisalign.

Ross Leo

Like, no, I don't get that confusion very often, but I understand why.

Ed Gaudette

All right, well, tell us a little bit about your current role and your organization.

Ross Leo

Invisalert Solutions is a technology company that provides patient safety compliance monitoring software for healthcare institutions that have inpatients or emergency departments that have these kinds of issues. My role there is the Chief Information and compliance and Privacy officer. I have to admit, I wear quite a few different hats. And my role there is to basically oversee the security program, the privacy program, HIPAA compliance, and that sort of thing. It's a very active company. We're in a growth spurt. Well, for about two years now, and it's been very busy. Very definitely keeps me on my toes.

Ed Gaudette

Excellent. So tell listeners a little bit about your top priorities over the next 12 months.

Ross Leo

For us, we deal with the kind of information known as Phi, protected health information. And. And for those who follow the news or for those who are in healthcare, they know very well and painfully sometimes that this kind of information is one of the hacking community and ransomware community. It's one of their main targets because the entities, as compared to things like banks, are not that well defended. The information is extremely valuable on dark web and other markets where they steal the information and they go and sell it. And it brings a very high return to those people. So the top priority for me is to continue to make our system very difficult to get at, very difficult to find ways of corrupting it or invading it so they can steal this kind of information from our customers. The technology that we offer handles the information itself, processes it in many ways, and when they attack us, they find ways into the entities that use us. So at the very worst, we could be a conduit to allow for those kinds of invasions of our customers. So my concerns are making sure our system works properly. And I've got a great group of people that I work with who are very diligent. So we Design and build it. We test the absolute life out of it to make sure it's as solid as we can. Because our priorities are making sure that as part of our customers supply chain we are, to use a trite phrase, we are the strongest link in it to defend them so that we're not the way that people get in through us to them.

Ed Gaudette

I like that strongest link in comparison because often people will say people are the weakest link.

Ross Leo

That's true, but that's one of those phrases that's like saying, oh well, it's just a hallucination when you say things like that. It basically explains whatever you want it to explain. It is true that many of the faults that we have to protect against are human in origin. That is a sad fact. But in healthcare, unlike many other industries, these people are under constant pressure to deal with patient issues, health issues, crises that don't exist of that same type in other industries. And it's not because they don't care. Because all the people that I've contacted, they care very deeply about this because it is a problem and they know that the patients ultimately are the ones who suffer. And they do, they do see the point of it all. But it just is such a busy, chaotic kind of a way that sometimes accidents happen, things happen that they never intended. So we make sure that we're not the ones where the accidents can by designing our system carefully enough so that you'd almost have to make a mistake by intention rather than simple pushing the wrong button or something of that kind, which could happen to anybody. So we make it a system that is easy to work with. Very much retards the idea of making a mistake without the intention of doing so, as I said. So we feel that's the way that we can contribute most to the safety and security of our customers and by extension the patients that they serve.

Ed Gaudette

So phishing attributes is attributed to most of the attack vectors. People coming in, how do you manage that? How do you manage for that?

Ross Leo

First off, the way that our system works, it really is not a system that is subject to phishing because as you probably know well, the main delivery vehicle for a phish is going to be email. So the system that we have, that we do for our customers is cloud based and there is no email component built into it. There is a very specific type of messaging, but that too is not available to anybody from the outside. So we have a very strong geofence around our particular platform. And you would have to be an insider at our company or at one of our customers to be able to even attempt this sort of thing again. We built a very strong wall between the Internet as a whole and our system, and we limit it that way. Again, it's trying to make sure that we're a very tough nut to crack, which is not to say it's impossible, but because of how we've designed it, it really does require an insider doing something intentionally wrong to cause that kind of problem.

Ed Gaudette

So you've spent a number of years in this space, obviously in the cybersecurity space, throughout your career. Where do you see this going in the next 10 years?

Ross Leo

10 years? At the risk of sounding like so many other people, I have a feeling, and I have to say that I've already seen a fair bit of this over the past several months. I have a feeling that what we're going to see is a continued evolution of this community, the hackers, the ransomware gangs and so on, making increased usage of AI in a variety of ways, as phishing tempts people to do something we know they shouldn't. Click on a link, open an attachment or something of that kind, which of themselves are very old attack vectors. But the way that the FISH works, the more tempting and the more human and more genuine it sounds, the more tempting it can be. For example, if I got something from you and it sounded a lot like, like you say, you and I've known each other 10 years, for example, the more it sounds like you, the more I'm going to think it's actually you. But with visuals like Deepfake, where I can make anything look like anybody, and then with AI, I can make it sound like or read like anybody simply by having it study whatever they've written or whatever they said. For a number of examples, I make it more and more sound like that actual person. And I've seen a lot of those things are coming through that just by what I've experienced. I know that they're AI based, I know that they've been generated by AIs. After reading many things, like reading things that you would have written, perhaps, and it sounds like the way that you would write that I think is going to continue to progress for a while. And what I think that's going to lead to. Now, that's not to vilify, make it sound like AI is evil. It's frankly just another tool that the hackers are going to use because this is a business for them. And like any business, they're going to use whatever's going to help them profit the most. I can't say I blame them for wanting to use it for that purpose, because other businesses do the same thing with their technologies in their fields. But the one thing that we face is what's known as the Turing Test. And the Turing Test is basically one, and it's very well known. It's when you can't tell the difference between that you're talking to a computer or you're talking to an actual person. And if you can't tell the difference, then whatever that AI or that bot is has passed the test. And I think that's the direction we're going. And we're going to see more and more improvements in those kinds of things that the hackers throw our way. Our challenge is going to be how do we detect that? How do we actually develop some technology of our own or some method of our own where we're able to screen those things? Because if those things get to be as effective as they probably can be, it's going to be extremely difficult and their success rate is going to increase even more so. And that worries me and a lot of professionals, because if we haven't got a tool that will detect things like that, we're going to be very much at a disadvantage, much more so than we are now. So that's one of the things that I see happening. I also see a continued increase in people in other countries. This has been known to happen in India, where young people who are far more technologically savvy, it's what they're introduced to from the time they're in their single digit years, they're getting into this because it's a fast way to make money, it's a fast way to become recognized, become an influencer. All those things that young people want to do so that they can have a life, have a career. And many times they don't see the harm in it. They learn that there's harm in it, but they don't see it to begin with because this will make it easier for people. With that idea in mind, I see this population expanding as well, and the attack vectors coming at us from even more places than they do now. But this is all just because people are using AI, not because AI. I just want to be sure I'm making the point that AI is not inherently evil. Not talking about Terminator and Skynet and all that stuff for real.

Ed Gaudette

But you think we ever get to a day where that happens? You ever think we get to a. You have a background and you spent many years at NASA, you've probably seen a lot of different things that others haven't seen. Do we get to a day where our overlords are Terminator like?

Ross Leo

It's funny. I see the possibility that could happen, but I don't really see it happening. I think it's probable, but I don't know that humanity is ever going to allow the machine to get that far ahead of us. We've already seen that AIs can be told how to program other AIs, but because these things are not truly sentient, they would have to break out of their programming and begin to truly think like the human brain does. And as long as they're a machine that in some way a human is built, I don't ever see them getting to be sentient. Not to that point. Not really. I think it's fanciful. I think that a lot of people entertain the idea that oh my goodness, this could happen. But given the limitations of the machine itself, I don't really see it. Not really.

Ed Gaudette

Okay, well, we will see, hopefully. Right?

Ross Leo

Well, I hope I'm right too. I've been wrong before, but I just.

Ed Gaudette

Have this vision of. And that's not a good vision, by the way, and I'm typically an optimist, so I'll just, I'll disclaim right off the bat. But with technology, and I've been spent my entire like you career in technology, I think if you can imagine it, most likely it could happen. And I imagine to your point, some agents getting smart enough and evil enough. Right, because there are evil people that are probably programming agents to be evil right now as we speak, where and can think autonomously and act autonomously. Imagine an evil set of agents that goes off and says, oh, we've got these manufacturing plants that can put together these robots. Let's start creating these robots and let's give them capabilities to do harm. And that could happen.

Ross Leo

I can't argue against that because you could certainly program a robot to cause harm in some way because all they'll do is do exactly what the program says, but without trying to get, shall we say, mystical or Zen. Like one of the things that you have to bear in mind is evil. Good and evil are perceptions, because we know that what one person sees as good, another person will see is not so good or even outright evil. A machine can't distinguish between that unless we program them with a set of rules as to how it can go through its binary decision tree to get to a point where it says, ah, so that's what evil is. Okay, but there's no way to program morals into it. Not really. Not the way that our brains work anyway. So while it is certainly possible to program machines, thinking machines, to do evil things, they'll never have the perception of what truly constitutes something evil unless we program that into them, in which case they'll be able to commit the act, but never fathom the more ethereal part of good versus evil. I think that it'll still be a human driver behind it at some level.

Ed Gaudette

Yeah, maybe you're more of an optimist than I am. All right, let's move on because I could spend hours talking about this and the parallels between programming humans through militaries and other means. Cults, et cetera, do nefarious acts. Right? So there's plenty of examples of that.

Ross Leo

Certainly true, Zan.

Ed Gaudette

So I believe we could do it from a human perspective. Eventually we'll be able to replicate it in a machine context. All right, so talk to me about you. Let's go into your life a little bit. You could go back in time and you could talk to your 20 year old self. What would you tell him?

Ross Leo

Oh gosh, what would I tell him? It really requires a bit of thought. I think what I would probably tell my 20 year old self is you need to understand what it is that really drives you. You need to understand what risk means and all the different flavors of risk that there is. Because there's physical risks of harm, there's technological risks like the one we were just talking about. In fact, there's financial risk, there's all different kinds of risks. But to understand what risk means, you have to understand how you go about analyzing what that means in terms of its impact. How likely is it to happen? And don't overlook the fact that risks also represent the possibility. Well, you called me an optimist a moment ago. They also represent the opportunity to do something good, because risk works both ways. And I would say having a good solid understanding of what risk is and how to go about taking it apart so that you understand which pieces of that whole risk equation you can act upon for. Well, let's say that I'm a 28, that my 20 year old self is an evil one. What sort of risk comes with you committing an act like burglary or hacking, which of course, when I was 20, it wasn't a thing yet hacking was. Programming on a computer keyboard is what people like us used to do, and it somehow morphed into something evil. So again, there's an evil good to evil transition for you. But I would say you need to understand that because that can help you make better decisions about things that you're going to choose to do, things that you're going to choose to say, what directions you're going to go, and so on. I would say to him and my, to be honest, my 20 year old self is already into technology. Not quite the way that we came, of course, but that is always a safe place to be as long as what you do adds value to whoever you do it for. Programming, system administration, whatever it is I happen to fall into. Honestly, I fell into cybersecurity when I started at NASA when I wasn't too much more than 20. They had found that I had been doing information systems and access control before. So they said, okay, that's what you're going to do. And I said okay. And at that particular moment in my life, I had it in mind to become a hospital administrator. That's what I did for my degree program. I was working on a master's in IT at that time and NASA came along and said, well, here's what we're going to do with that instead. And the funny thing is, it actually turned out to be something that I really enjoyed because it allowed me to do all the things with risk that I was mentioning and make better choices in terms of how that benefits the organization I work for. So I would have to say to him, that's one of the examples of how it can benefit you, because you can apply it anywhere in any kind of a profession that you're going to be in. Except for maybe woodworking. The risk of cutting yourself or chipping away a piece of wood, it's not quite the same thing. It can't have quite the same effect. But I think that's probably one of the things that I would tell him. I'd probably tell him a million others. Don't do this because I was dumb and I did that and it turned out bad. Obviously I wasn't considering the risk, but that's definitely something I would pass along to myself if I were at that age.

Ed Gaudette

Unless, of course, you're Jerry Garcia and you lose a finger during a woodworking accident. Well, wood related, as they say.

Ross Leo

Stuff happens. That's right. If you're. Well, it just shows that caution always plays a role, whether it's there or it's not there.

Ed Gaudette

Since we're talking about risk, this is the Risk Never Sleeps podcast. What's the riskiest thing you've ever done? Ross?

Ross Leo

I'm sorry, what's the riskiest thing I've ever done. Huh?

Ed Gaudette

Yeah.

Ross Leo

Oh, gosh. If you had asked me that question before we started this, you'd have given me a chance to think about it. I think the riskiest thing that I ever did was joining the military. Now let me define that a bit because it was risky from the standpoint. That was not a direction I was going three months before I had planned well, three months before I actually did because I was thinking about doing something else with my life entirely that did not involve any of them. And a conversation with my brother made me think about what I was considering doing. And he said, there's a lot of advantages. And I stopped and thought about it. And the reason it's risky is because I was not given to, say, the organized, regimented way that military people are, well, are supposed to be thinking in all the time. And it was very different because my life was. I was 20 years old at the time, in fact, and very much having fun like everybody does, and very much at loose ends in certain ways and not really given to having a solid direction, despite the fact that I was thinking about various things of that type then. So the. That was probably the riskiest thing because I didn't know if it was going to be any good for me. I didn't know if it was going to work out and I didn't know what the future joining, I didn't know what the future was going to bring. Vietnam had just ended, literally just ended, and our country has had a history of war, so I had to consider, well, what happens if that happened? Which it did not long after that, actually, with the whole thing with Iran, it was a very risky thing because I really didn't know what that would mean for my future. And so I thought about it carefully and I made the decision that doing what I'm doing right now, being 20 year old, not really having a solid direction that I was pursuing, like a lot of my peers were doing in their lives. I spun the wheel and took a chance and joined the U.S. navy. And that turned out to be one of the best decisions I ever made, despite the fact that when I was looking at it from the outside, it was probably the riskiest thing I had ever done in my life at that point.

Ed Gaudette

We share a lot of parallels in life modulo the Nassau experience. I was in the military as well, and similarly three months prior, didn't think I was going to go there. So thank you for your service.

Ross Leo

I think it turned out to be one of the, one of the best, one of the smartest Things I've ever done is the way it's worked out. But before it was like, this is a very big deal because once you get in, it's like, turn the dial back and say, no, I was just kidding. I really don't want to do this. Because once you do it, you're pretty well done for a while.

Ed Gaudette

But like I say, did you join NASA after that? Was that the sort of the bridge to join?

Ross Leo

The way that worked out was this. I was in from 75 to 81. I had finished up my undergraduate degree, which the Navy generously paid for, and I had fulfilled my duty to repay that through my service. And the Navy was putting me through a master's degree program in public health because that was where I had decided, based on my naval career, say as a hospital corpsman and radiology tech, that was where I had decided to go. I applied to universities and was accepted at the University of Houston on a scholarship. And I had my GI Bill. And that is what moved me from San Francisco to Houston, Texas, the other universities I couldn't afford to go. The scholarships weren't big enough. The GI Bill wasn't big enough to cover all that stuff. So this is where I came. And having a wife and a new baby at that point, it turned out I was going to need a job because all of that stuff was great for school, but it wasn't really great for living on. And the job at NASA came along because I applied. My military status gave me the benefit of having the preference that they were offering. And I got hired by IBM as a NASA contractor. And that was right turn. And in my life, because that wasn't working for NASA, was not what I had planned to do. As I said, I was going to be working in healthcare. That kind of threw a curve into all that, but it put me on the road that I'd been on ever since. And I can't complain about what I was doing. I've actually worked in healthcare as a result of all that. Because of that time. I will say that working at NASA was the coolest job ever. I got to do a lot of things, but it really taught me a lot about how the real world worked and how risk functions in the real world. I want to keep trying to bring it back to risk because I'm not trying to artificially make risk important, but I'm trying to point out how you have to consider the risks, returns, the rewards, the opportunities and all that kind of thing in pretty much all the different areas in a company they do the same thing at NASA, we always do the same thing because, well, where I worked at the Johnson Space center, the risk was always, well, how could this possibly go wrong? How could this possibly damage the astronauts? And sadly, I was there for a couple of accidents that did just that because someone somewhere didn't do a very good risk assessment about certain parts of the vehicle. And that's what came in. That's one of the things that came out in the investigation after the Challenger disaster of 1986. I'd been working at the Space center for, well, since 1980, and I had actually gotten to know several of the astronauts that were involved in that. And that was a terrible tragedy, any way you want to look at it. But for me, it had a very strong personal aspect. Once I learned how the risk had not been properly considered, it made me even that more adamant about considering risk for everything you were going to do to make sure that we were dealing with it effectively, that we were dealing with it in ways that added value, not just, oh, you can't do that because it's too risky, because that can easily be overridden. You have to have a solid case for why you can't do that. So that whole episode taught me a lot about, well, how am I going to make this actually work? NASA was always very conscientious. Still is, when it comes to things like that.

Ed Gaudette

No, I was going to say risk is a very uniquely human thing that, that we do across. You get out of bed every day, you're making a risk decision.

Ross Leo

Get in the shower, you make a.

Ed Gaudette

Risk decision, whether you know it or not.

Ross Leo

Right.

Ed Gaudette

Consciously or subconsciously. And I remember, I don't know if you've read the book against the Gods by Peter Bernstein, but as a matter.

Ross Leo

Of fact, that's been one of my favorite books for a number of years. I have it on the bookshelf that's directly behind me, in fact.

Ed Gaudette

Oh, mine too. Mine too. Excellent. All right, well, we could talk all day about Risk. This is obvious, obviously, the Risk Never Sleeps podcast, but I have a couple last questions. This is, again, more personal. Interesting. I didn't know about your San Francisco background, so I'll love your answers to this question, but you're on a. An island and you can bring five albums with you. What would you bring? So you're. You've got a turntable and you have a. You have a beautiful audio system, but you're the only person there. And these are your albums, and this is what you're going to listen to from now on what would they be?

Ross Leo

Okay, five albums. Some of them probably won't surprise anybody that hears this, given what I've said about my background. I think there are at least three of them that would have to be by Pink Floyd. Oh, geez. Great.

Ed Gaudette

Right out of the gate, boom.

Ross Leo

Well, which.

Ed Gaudette

Which three? Because I'm a huge fan, so I would love to understand your top three.

Ross Leo

Well, I'll tell you, it's debatable whether one of them would be Dark side of the Moon or not. That was, of course, the one that everybody knows. Sure. But I like some of their other works just as much. I think one of them would be. Would have to be Wish youh Were Here. Oh, great album. I also think I'm trying to remember the right one. I think Animals, my favorite album. I think I have to bring that one.

Ed Gaudette

That's my favorite album.

Ross Leo

And I think the third one's tough because I'm tempted to want to bring one of the early ones. But I'm also tempted to bring the division bell. I think. I think I'll just settle on the division bell. Any choice is good.

Ed Gaudette

I love it.

Ross Leo

I love it.

Ed Gaudette

Oh, yeah, you got two more picks.

Ross Leo

I think I would have to bring Cream, Wheels of Fire. Nice.

Ed Gaudette

Over Disraeli Gears. Okay, interesting.

Ross Leo

Disraeli Gears. Wheels of Fire has more variation in it. It displays them thoroughly, but it's more variation because all the things on Disraeli Gears mostly came from people like Philip Johnson and Peter Brown and a number of early artists that Cream basically redid in their own way. But I think, to be fair, it's a bit of a cheat because Wheels of Fire is a two album set. That's right. I love it. So having that much more music. Better. Yeah. And I think I would have to make the last one. Okay, this is going to come to you out of left field. I think the last one would be a boxed set.

Ed Gaudette

Oh, okay.

Ross Leo

Of. Now that's. No, that's too much of a cheat.

Ed Gaudette

Oh, I love that pause there.

Ross Leo

That was great. Well. Well, it's. I See, the thing is, I have a boxed set of all the Beethoven symphonies. If you listen to any kind of a composer like that, if you listen to enough of their stuff, it all begins to sound the same after a while. I like the idea of variation. I don't know. Ask me that last one again before you. Before we end the session and I'll have an answer for you.

Ed Gaudette

Yeah, okay. All right, Fair enough. So what advice would you give to someone coming out of School wants to break into cybersecurity and or health.

Ross Leo

I would first want to tell them if they want to get into healthcare, they better have some way of connecting themselves to healthcare delivery. Healthcare is funny as a, as an industry to be in because everybody in it basically has to be a certified professional in something, whether it's a certified nurse assistant or a physician's assistant, or a doctor or a nurse or something of that sort. Or a technologist. Like I was an X ray tech. You have to have something like that because many other industries you can go to and learn and be trained from a novice level to, well, a journeyman level. The people that you work with, if you're going to be. But the thing about working in healthcare is they need to know that you know something about health. So having something in your background academically, maybe even working as a volunteer or something like that, those kinds of things help to get you through the door in the first place. Cybersecurity is a little easier to get into because, well, we all have to get into it. Having a strong background in computer science would be good because some of the things that you have to know really still are down at a deep level within the architecture of the technology. But knowing how computers work, knowing how to men and machine act together, and knowing about the behavior of all of that is important. But that's something that we all have to learn. So it's easier to break into cyber security than it is this way. And most people break into it by starting out at networking or maybe programming or you start working in access control, which is where I actually got my start in cybersecurity. I'm almost embarrassed to say that was back in 1970, the latter half of the 70s. That's as close as I'm going to get because in my case, just as a slight anecdote, I was an X ray technician and I had gotten, I had cut my teeth on the Bachelor of Science I was doing. I have six classes. Programming system admin as part of my degree program in healthcare administration, oddly enough. And I was working at a naval hospital in the Bay Area. But that put me in a position to be the programmer and operator of the first axial tomography machine. What you would know as a CT or a cat, CAT scanner that the Navy installed on the west coast. Wow. And it was run by what was then a very popular computer brand called Data General. I remember Data General, so I learned how to program in Fortran because that's what it ran on. It had a Unix style operating system. So I got to learn all of that. And I was the only person at the command who actually understood anything at all about computers. The only computer our hospital had this is in the days long before the electronic medical record software that's now ubiquitous had ever come into existence. But when the CT experience and all that was done, and I was the operator for that, the transcription pool was operated by civilian ladies in a room wearing headsets, working on a Videc computer terminal. Its whole job was to take voice recordings that the doctors did. They would dictate it into a drum memory system, and then they would listen to the verbal recording. And this is going to sound extremely primitive, but they would verbally dictate. It would be recorded on magnetic drum storage. Just. And that'll tell you how old this is. They would hear it, they would type it out in the VIDEC computer system and then print out the transcription that they had dictated in. Then they would print it. It'd be proofs and all that. Then they would put it in internal mail and send it back to the doctor through internal mail so that they could do a check on it and make sure that it said exactly what they wanted it to say. And then they would send it back and say, nope, this is fine. Then they would finalize the copy, send it back, and it would be put into a paper chart for that particular patient. Think about what we do today.

Ed Gaudette

We just speak.

Ross Leo

Exactly. We wouldn't do any of that today, but this is how we were doing it then. And my job. One day the command master chief stopped by my CT clinic and said, I wanted to ask you something. And I thought, oh, boy, what's coming? And he said, what do you know about computers? And I said, well, this and this. And he said, I'm glad to hear that, because I've got a job for you. I went, as you can see, I've got a job already. And he said, yeah, I know, but this won't take too much time. And I've learned since that when anybody tells you that it's exactly the opposite.

Ed Gaudette

It'S a life changer.

Ross Leo

Well, as it turns out, for me, in absolutely was. Because what he wanted me to do was he wanted me to go up to the transcription pool and handle access control for them because they were having trouble. I had to go in, learn the Videx system. This was a system that was made by Exxon of all company, of all things at the time. And I had to learn how it all worked. And I had to do the access control for Them. And of course that meant automatically I was going to be a help desk for them as well. Fortunately, there was very little to do after that because I went in and I got it all straightened out over a weekend when I had duty. And there really wasn't that much to do. But that one thing that happened is what the folks at IBM, the federal systems division at the time, saw on my resume and said, oh, you've done access control? I said, yes. He said, what did you work on? And I told them, oh, I also did this and this with the computer system that ran the CT machine. They said, great, that's exactly what we want, is somebody with that kind of background because we'll teach you the rest. That's not a big deal. So that was the basis of me getting hired. My first job there was to write a program to do network analysis and management for the local network. And I did. And the moral of the story came out when my boss reviewed the program and saw that it worked. I had actually finished it up sooner than he'd expected, but I had an awful lot of trouble because I spent most of my time debugging it. And he said, okay, well, that's a great job. He signed off on a promotion and a substantial raise, but I had to promise never to program again, which I was actually very relieved to do. That's good. But that's what got me into that.

Ed Gaudette

Yeah, I love that. That lesson is for those folks coming out of school looking for jobs. Don't be afraid to go down a path that you may not have actually planned for.

Ross Leo

That's. That is a very good piece of advice. Because a person coming out of school wanting to get into either healthcare or cybersecurity, they can't be afraid to go there and learn it. They need to go there with an open mind that is hungry to alarm whichever way they go. They need to do a little bit of homework before that so that they really understand what they're getting into or what they're likely to get into. The one going into cybersecurity, I would say you really ought to have some programming, even scripting kind of experience because you'll be called upon to do that from time to time and you'll find it a very useful skill. I resisted programming the whole time because I really didn't like it. I didn't like doing it because I don't think that way. But I've also found that if I was to get a computer programmer to try to think the way that I do about risk they wouldn't do it either because they don't think that way. I've seen that a lot. So it was better that I didn't because I don't think I was. I don't really think I was ever very good at it. But a person coming out of school, they can't be afraid to explore these.

Ed Gaudette

Things, to take risk.

Ross Leo

Well, yes, exactly. That is. Well, that is what it is.

Ed Gaudette

That's a good place to end, Ross. Before we do, though, I'm going to give you that last shot on that fifth album.

Ross Leo

I have to be honest. The answer that comes to mind is. And you're gonna. You're gonna crack up when I tell you this. The answer is in a godda devita. Oh, Iron Butterfly.

Ed Gaudette

Iron Butterfly. And just hoping. I was just making sure you knew who it was. Oh, actually, I wanted to say Iron Maiden, actually, but it's Iron Butterfly. How many minutes? Like 18 and a half minute long song or something.

Ross Leo

Consider that I've listened to it probably about a thousand times. Literally at 17, if you get the studio recording, it's 1705.

Ed Gaudette

Oh, awesome.

Ross Leo

You know the times they did a live recording on a later album where it was 18 and a half minutes. Yeah. But it's just stuff that I can listen to. I love it. That I can listen to multiple times. Even though it becomes almost like white noise. Yeah.

Ed Gaudette

It's like background music. I agree. See, I thought we were going to say something like surrealistic pillow. Little Jefferson Airplane or maybe Big Brother in the Holding Company. Two of my favorites.

Ross Leo

Oh. Oh, no.

Ed Gaudette

San Francisco roots. Maybe. Maybe a little Grateful Dead. Do you ever go to a Dead show?

Ross Leo

Yeah, I did. I do. Well, which I'll. Here's the last anecdote I'm going to give you. I went to an auto show at the Anaheim Convention center, and I want to say it was 66 or 67. And as I have a very clear memory of walking through the main entrance into the exhibit hall, and this is back in the early days of these kinds of shows, and they had live music. And right inside the entryway, probably 20, 30 yards in, because it was a very big hall, was a rock group. And as I was walking in, I walked by them and I stopped and listened for a few minutes, and it didn't even click with me until much later. That was Janis Joplin and Big Brother in the Holding Company. It was Big Brother in the Holding Company featuring Janis Joplin. Wow. And I thought, how wild is that? They were dressed like normal people instead of the way that they look later on. Yeah. And wasn't doing her crazy things like she did later. She back in the 70s, closer to the point of Woodstock type dress she was dressed in. Like, I don't remember exactly, but it was all pretty sedate stuff, but dated.

Ed Gaudette

One of the founders of the Grateful Dead pig pen. Many people don't know that.

Ross Leo

That's right. I remember. I barely remember that, but I remember that.

Ed Gaudette

Yeah, he was so he was a frontman. He was a singer in the early 60s or mid to late 60s.

Ross Leo

That was one of the wildest memories that I have. And I'm not surprised I still remember it because it was really a very memorable thing. Anyway.

Ed Gaudette

Very good. All right, sir. Well, I appreciate your time. Thank you for joining the Risk Never Sleeps podcast. And remember, folks, if you're on the front lines protecting patient safety and delivering patient care, to stay vigilant because Risk never sleeps. Thanks for listening to Risk Never Sleeps. For the show, notes, resources and more information and how to transform the protection of patient safety, Visit us@cincinnat.com that's C-E N S I N E T.com I'm your host, Ed Gaudet. And until next time, stay vigilant because Risk never sleeps.