Episode #144. Code Blue Meets Code Red: Cybersecurity in Scrubs, with Ashini Surati, CISO at CloudWave - Risk Never Sleeps Podcast

Summary6 min read

Risk Never Sleeps Podcast: Episode #144

Title: Code Blue Meets Code Red: Cybersecurity in Scrubs
Host: Ed Gaudet
Guest: Ashini Sarati, CISO at CloudWave
Release Date: October 2, 2025

Episode Overview

In this candid and insightful episode, Ed Gaudet interviews Ashini Sarati, Chief Information Security Officer at CloudWave. With a focus on the unique cybersecurity challenges facing rural and community hospitals, Ashini discusses her journey from chemical engineering to cyber risk leadership, the importance of empathy in healthcare IT, and her vision for advancing solutions in a rapidly-evolving threat landscape. The episode blends practical advice with personal anecdotes, covering resilience, risk-taking, and a shared commitment to patient safety.

Key Discussion Points & Insights

1. CloudWave’s Mission & Rural Healthcare Challenges

CloudWave’s Focus:
- Specializes in providing disaster recovery, backup-as-a-service, and a range of security services, especially for rural and mid-sized hospitals.
- Rural hospitals often lack technical and financial resources to address evolving cyber threats.
- CloudWave’s role is to “take the burden off them from an IT perspective,” offering both technology and advisory services.
- Quote:
  
  “Our job or our goal here is to make sure that they continue to provide the services that they need for their population. But we take the burden off them from an IT perspective...”
  — Ashini Sarati [01:30]
Virtual Advisory Solutions:
- Offers policy assistance, virtual CISO (vCISO) services, tabletop testing, and 24/7 security operations.
- Quote:
  
  “We help them with policies. We help them with just what we call VCSO services as well... we also help them with just being eyes on glass. We have a security operations center that's 24/7.”
  — Ashini Sarati [02:24]

2. Ashini’s Career Journey

From Chemical Engineering to Cybersecurity:
- Entered IT during the dot-com boom, assisting with early HIPAA implementations.
- Cites mentors and the progression from compliance initiatives to broader security leadership.
- Quote:
  
  “I got into security before the word 'cyber' was added to the front of it.”
  — Ashini Sarati [03:00]
Provider vs. Vendor Perspective:
- Spent 12 years at a large, multi-state healthcare organization before moving to the vendor side.
- Empathy for clinicians and understanding workflow realities (e.g., why nurses might struggle with MFA on the floor) guide her solutions approach.
- Quote:
  
  “You understand that hey, a nurse may not be allowed to carry a cell phone to do MFA on the floor... it brings a different perspective... you don't want to be the roadblock.”
  — Ashini Sarati [05:02]

3. The Healthcare Security Team Mentality

Shared Mission, Stronger Together:
- Advocates for eliminating vendor-provider divides, working as a unified security team.
- Emphasizes standardizing expectations across all partners.
- Quote:
  
  “It takes an entire team on the same side to protect data. It's as simple as that... it's all one team.”
  — Ashini Sarati [06:18]

4. Strategic Initiatives for 2025

Endpoint and Managed Detection & Response:
- Pushing advanced endpoint protection (EDR/MDR) for healthcare, moving beyond traditional signature-based tools.
Security Operations & Automation:
- Rolling out new Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) capabilities for faster, automated incident responses.
AI Adoption with Guardrails:
- Exploring AI-driven reporting and dashboards; cautious approach with clear security guardrails.
- Quote:
  
  “We have all the data but using tool sets that have things built in that provide reporting dashboards... I think that would be the few initiatives that we are trying to incorporate.”
  — Ashini Sarati [07:42]
- On AI:
  
  “If you don't get on that bandwagon, then you're going to be left behind... But obviously you were trying to make sure that you have guard rails in place because that is a can of worms too.”
  — Ashini Sarati [09:11], [09:20]

5. Personal Passions & Life Balance

Family and Hobbies:
- Juggling multi-generational family life, children’s activities, and learning Bollywood and classical Hindustani singing.
Women in Cybersecurity:
- Active mentor through Women in Cybersecurity, values ongoing learning.
- Quote:
  
  “I try to keep up abreast learning, a lot of learning. So a variety of activities. I don't have one passion. I have so many I can barely have time to keep up.”
  — Ashini Sarati [10:33]

6. Wisdom and Reflections

Advice to Her Younger Self:
- “Take risks when you're younger, find your passion when you're younger... Take care of your health because you can have wealth, but if you have wealth without health, it's nothing.”
  — Ashini Sarati [10:57]
Fun Fact:
- Loves to cook all kinds of cuisine (remarkably including meat, despite being vegetarian herself).
- Quote:
  
  “I do not eat meat, but I can cook any kind of meat you give me. I'll figure it out.”
  — Ashini Sarati [12:36]
Riskiest Move:
- Changing careers and repeatedly choosing growth over stability.
- Quote:
  
  “I have taken quite a few career risks to actually be where I am.”
  — Ashini Sarati [12:57]
Desert Island Music:
- Unapologetically Bollywood.
- Quote:
  
  “Hands down, Bollywood... all new, classic, and then that's about it. I don't need anything else.”
  — Ashini Sarati [13:36]
Advice for New Grads:
- Stay current on technology, understand healthcare’s specific challenges (old mixes with new tech), connect the dots, and embrace passion.
- Quote:
  
  “If you want to be in the healthcare space, keep up with what is going on with the technology in healthcare. There are challenges. Understand the challenges... and then just enjoy what you do, have a passion for it.”
  — Ashini Sarati [13:59]

Notable Quotes & Memorable Moments

On Collaboration:

“When it comes to security, it’s all one team. You cannot manage security by... having those blinders on. You got to have to have the big picture.”
— Ashini Sarati [06:18]
On Taking Risks:

“Maybe you'll fall once, you'll fall twice, but if you find the right passion, then whatever you do in life... you’ll never feel like it's work.”
— Ashini Sarati [10:57]
On AI in Healthcare:

“Obviously you were trying to make sure that you have guardrails in place because that is a can of worms too.”
— Ashini Sarati [09:20]

Timestamps of Key Segments

[01:11] CloudWave’s mission and support for rural hospitals
[02:24] Security services & virtual advisory offerings
[03:00] Ashini’s unique path to cybersecurity
[05:02] Empathy and innovation driven by provider-side experiences
[06:18] Team mentality in healthcare security
[07:42] Upcoming initiatives: EDR/MDR, SOAR, AI
[09:40] Family life & personal interests; Bollywood music passion
[10:33] Mentoring through Women in Cybersecurity
[10:57] Advice to her younger self about risk and health
[12:36] Culinary talent and approach to cooking
[12:57] Riskiest career moves
[13:59] Advice for new grads entering healthcare cyber

Tone & Takeaways

The tone is practical, warm, and conversational, with an undercurrent of resilience and genuine care for both patients and IT colleagues. Ashini’s advice is both actionable and inspiring—with a persistent message: take risks, foster teamwork, and always keep learning.

Ed Gaudet’s questions guide the conversation with empathy and curiosity, ensuring the discussion stays accessible and directly relevant to those working at the intersection of healthcare and cybersecurity.

Summary by Risk Never Sleeps AI

Loading summary

Transcript66 lines

[00:00]
Ed Gaudette
Foreign.
[00:06]
Welcome to Risk Never Sleeps where we meet and get to know the people delivering patient care and protecting patient safety. I'm your host, Ed Gaudette.
[00:18]
Welcome to the Risk Never Sleeps podcast in which we learn about the people that are on the front lines delivering patient care and protecting patient safety. I'm Ed Gaudet, the host of the program and today I am pleased to be joined by Ashini Sarati. Ashini, how are you? Welcome.
[00:35]
Ashini Sarati
How are you?
[00:36]
Ed Gaudette
Excellent, excellent. Let's start off with sharing a little bit about your background, your current role, your organization with our listeners.
[00:43]
Ashini Sarati
Absolutely. My organization's Cloud Wave. I've been with them for quite a while now. I'm their CISO and we focus on primarily on healthcare. Our base is rural community sized hospitals and we do have a few medium sized hospitals as well. Our business is in hosting disaster recovery backup as a service and we also have a whole gamut of security services that we provide to our customers.
[01:12]
Ed Gaudette
Oh, that's terrific. And that's obviously a big issue and area of focus these days for CISOs. I often hear the phrase not a matter of if, it's a matter of when. So we better be able to recover quickly. Talk about a little bit about the rural focus. How is, what are some of the challenges? How do they differ maybe from the medium or the larger health systems?
[01:31]
Ashini Sarati
And I think it is resources, right? And financial resources to be able to do they. They have all hospitals. Every industry has a challenge, challenges. But I think the rural healthcare population and the smaller community says hospitals have a challenge where they may not have either the technical resources or for the financial resources to be able to keep up with current threat landscapes, keep up with just the technology, the way the direction technology is taking. And so our job or our goal here is to make sure that they continue to provide the services that they need for their population. But we take the burden off them from an IT perspective, either it's hosting disaster recovery backup or if they need help with any of their security needs, we can help that.
[02:20]
Ed Gaudette
Okay, anything. Like did you help them create policies?
[02:23]
Ashini Sarati
Absolutely.
[02:24]
Ed Gaudette
You do?
[02:24]
Ashini Sarati
Okay, so you have like a virtual advisory services. We help them with policies. We help them with just what we call VCSO services as well. We provide those. We also do tabletop testing for them. There's a lot of areas that cloudwave actually engages with the customer on. We also help them with just being eyes on glass. We have a security operations center that's 24 7. So if they just need security services, we have the ability to provide those as well, excellent.
[02:56]
Ed Gaudette
And how did you get into healthcare and security? Tell us a little bit about your journey.
[03:00]
Ashini Sarati
I got into security before the word cyber was added to the front of it. It's been a while, tells my age, but that's okay. So I, I've told this to people before, but I have a degree in chemical engineering and nothing to do with cybersecurity circumstances. Said I. Hey, it was the open field. I lived in a small town and I got into the IT space that way and it was right around the dot net boom. Okay, again, I'm dating myself. And so at that time, hospitals were actually implementing HIPAA transactions and code sets, if you remember the. And then came HIPAA security, next step in implementation. So I got into it at that time and I had some great mentors, I'll be honest, in my lifetime. And it's just that my career progression went from just implementing and helping implement HIPAA transactions and code sets to implementing HIPAA security as a project manager. And then I just got into the security realm, worked on policies, procedures, started doing projects for security teams for the organization that I was working with at that time. And then it just went from there and it just transitioned and over time came the whole bitcoin stuff that just started. Cyber currency and the whole. And it just cascaded from there and then cyber.
[04:27]
Ed Gaudette
And we've seen a lot over the years, haven't we?
[04:30]
Ashini Sarati
Yeah, and yes. And exactly. And so all the cryptocurrency, the different kinds, it just keep coming out, it's never ending.
[04:37]
Ed Gaudette
So yeah. Have you been on the other side? Have you worked at the provider side? Have you been directly working for hospitals at all or in your background?
[04:45]
Ashini Sarati
Yes, I, we have. My initial 12 years of my life have directly worked for a large healthcare organization, a multi state, multi country organization actually.
[04:56]
Ed Gaudette
Excellent, excellent. How does that differ from being on the other side of the, of the world, on the vendor side providing solutions?
[05:03]
Ashini Sarati
Is that it is different. What it gives you is a different perspective because if you've already been in healthcare and you've seen communicated with the physicians, communicated with people on the floor that are having issues, the nurses, you understand the challenges of healthcare. You understand that hey, a nurse may not be allowed to carry a cell phone to do MFA on the floor, she has to work with the kiosk. And it's a simple thing. Right. But it brings a different perspective. So when you as a managed service provider or a managed security service provider, look in, understand the challenges of health care, you're providing them a better service because you are working around those challenges. So you, when you come in and you say, well, they can't do that so well, why can't we do this? So you are giving them options to try to let them do what they are supposed to be doing, which is patient care. And you don't want to be the roadblock. You want to make sure that you give them a path but try to keep it as secure as possible.
[06:05]
Ed Gaudette
Yeah, yeah. That empathy really helps. I'll bet.
[06:08]
Ashini Sarati
Absolutely.
[06:09]
Ed Gaudette
Yeah. What I love about healthcare is that shared mission. Right. In some ways we sit on the same side of the table regardless of whether we're a vendor or provider. What does that mean to you?
[06:19]
Ashini Sarati
So it's a, that's a good question. So for us, I think we don't look at it like you were on one side of the table and we are on the other side of the table. You're actually a team. You know how it says it takes a village to raise a child? Well, it takes an entire team on the same side to protect data. It's as simple as that. It's not about them and us. When it comes to security, it's all one team. You cannot manage security by looking at, I want to say, have those blinders on. You got to have to have the big picture. You have to work with both sides of the team. So it's whether it's vendors, third party, your own organization, it is one team. And with third parties, obviously there's challenges, but you have to hold everybody to the same standard that if you are following these standards and you feel like these are reasonable, your expectations should be every vendor that you work with and in some sense a customer. Right. You have to tell the customer, hey, these are our expectations because our job is to keep you secure. And that's why it takes the entire team. It's not a, it's not a, a one person or a one company job.
[07:31]
Ed Gaudette
I love that. Stronger together.
[07:33]
Ashini Sarati
Yes.
[07:34]
Ed Gaudette
Yeah, absolutely. So as you look at over the next 12 months, what are the, some of your top initiatives that you're thinking through or working on over the next 12, 24 months?
[07:43]
Ashini Sarati
So I think one of our most recent initiatives is we are, we're getting into the EDR MDR space, trying to get healthcare organizations to make sure that they have adopted endpoint protection, which is more sophisticated than just those signature based. So that's one of our products that are, that we are trying to get out in the healthcare space. We also have a lot of the managed service, security services side where we are Using a SIM and SOAR technology. So we want to get that out in front of our customers to give them some options and to when it comes to data protection. So from that we have. We've adopted a good tool set and so our SOAR functionality is actually being very well liked with some of our customers because it gives us the ability to automatically respond to incidents. So we're going to develop that. Those are some of the main initiatives. We have some work that we are trying to do in the AI space as well. Obviously trying to better reporting using AI from. For our customers so that it they understand, I guess, the value that the organization's trying to provide them and so helping we have all the data but using tool sets that have things built in that provide reporting dashboards, things like that, that our custom feels as valuable for them. I think that would be the few initiatives that we are trying to incorporate into our organization from Makes sense.
[09:11]
Ed Gaudette
That's nice.
[09:11]
Ashini Sarati
Everybody's on that bandwagon. So if you don't, if you don't get on that bandwagon, then you're going to be left behind.
[09:17]
Ed Gaudette
It'll be a race to the bottom. The race to the bottom. If you're not on that.
[09:21]
Ashini Sarati
Right. But obviously you were trying to make sure that you have guard rails in place because that is a can of worms too.
[09:28]
Ed Gaudette
Yes, absolutely. It's got to be secure by design, by default.
[09:30]
Ashini Sarati
Absolutely.
[09:32]
Ed Gaudette
Outside of your current job, healthcare, it, what are you most passionate about? Do you have any hobbies or things you do outside of your day job?
[09:40]
Ashini Sarati
Oh, a lot. So I have a huge family.
[09:43]
Ed Gaudette
Okay.
[09:44]
Ashini Sarati
It's obviously by choice. I have parents that live with us, both sets. Kids in college, kids in high school. So we do a lot of activities with them. And then I'm learning to sing.
[09:55]
Ed Gaudette
Ah, there we go.
[09:57]
Ashini Sarati
I'm getting ready in the next 10, 15 years. Hey, what am I going to do during retirement? I think of hobbies. I'm thinking hobbies.
[10:04]
Ed Gaudette
What do you like to sing?
[10:05]
Ashini Sarati
Well, I love. I do Bollywood, so I'm trying to learn Bollywood songs. Right. I love. So trying to learn Korea. Okay. Do Bollywood and. But I'm actually trying to learn the classical. The. The Hindustani classical music. Okay. Starting from basic. I am not a singer. I. Yeah, when people. I sing, people walk out. So I'm learning.
[10:27]
Ed Gaudette
No, that's great. Well, if I see you on the road, we'll have to grab a. And go to a karaoke lounge.
[10:33]
Ashini Sarati
I love that. And apart from that, I actually participate in Women in cybersecurity it's an organ where I'm doing some mentoring with a few mentees. I try to keep up abreast learning, a lot of learning. So a variety of activities. I don't have one passion. I have so many I can barely have time to keep up.
[10:53]
Ed Gaudette
I love that. If you could go back in time, what would you tell your 20 year old self?
[10:58]
Ashini Sarati
That's a tough one. But I'd tell them two things. One, I would say that word risk is right there. I would say take risks when you're younger, find your passion when you're younger. It is so late in life when you realize that you have certain passions and you cannot take afford to take the risk, financially or otherwise to pursue them. So I say try to find a passion, take the risk. Maybe you'll fall once, you'll fall twice, but if you find the right passion, then whatever you do in life, whether it's work, you'll never feel like it's work. It's never. You find that passion and you pursue it. And my second thing I would tell people is get into good habits like workouts and taking care of yourself early on. Take care of your health because you can have wealth, but if you have wealth without health, it's nothing. The two things I would say, take the risks when you're younger and take care of yourself.
[11:52]
Ed Gaudette
Perfect. That's great advice. Share a fun fact about you that many people may not know that I don't see.
[11:59]
Ashini Sarati
Oh, some people don't know a fun fact. Okay, so I love to cook. I don't know if it's fun, but for me a fun fact. I just love to cook and I just don't. I have a passion for it. I just have not pursued it. And I wish I had the courage to now take care of pursuing something while my husband has been holding me back. That's not. This is not the right time. You don't want to spend time cooking. You don't want to do this. So I would say a fun fact about me is I love to cook. I love to cook all different kinds of cuisines. I do not eat meat, but I can cook any kind of meat you give me. I'll figure it out.
[12:37]
Ed Gaudette
Wow, that's great.
[12:38]
Ashini Sarati
I do not eat meat. I'm a vegetarian. But I. Yeah, I love that you.
[12:42]
Ed Gaudette
Have a signature dish or something you make.
[12:45]
Ashini Sarati
Oh no, I can cook anything. Yeah, just give me anything. I'll just cook it. I'll make it where everybody will enjoy.
[12:52]
Ed Gaudette
Part two of that question is because this is a Risk Never Sleeps podcast. What's the riskiest thing you've ever done?
[12:57]
Ashini Sarati
I think career change was the riskiest thing that I've ever gotten. I took on a field that I had no clue about. Throughout my career, I've taken risks. I have left organizations where I had stability to do a little bit different things. So I used to work for a large organization I worked at Stability to I guess pursue and work with colleagues that I actually enjoyed doing. So I have taken quite a few career risks to actually be where I am.
[13:28]
Ed Gaudette
I love that. So, two more questions. You mentioned music earlier. If you are on a desert island, what type of music would you bring with you?
[13:36]
Ashini Sarati
Hands down, Bollywood.
[13:38]
Ed Gaudette
Oh, okay. So five albums around Bollywood.
[13:41]
Ashini Sarati
Oh, yeah. All kinds of Bollywood music, all new, classic, and then that's about it. I don't need anything else.
[13:48]
Ed Gaudette
We'd be dancing on your island.
[13:50]
Ashini Sarati
Dancing.
[13:51]
Ed Gaudette
Love it. I love it. What advice would you give to new grads coming out of school that want to break into cyber and or healthcare?
[14:00]
Ashini Sarati
It's a good question. Again, I would say two things. You have to keep abreast with technology. What's changing? Healthcare is going into a lot of the they're adopting AI very quickly. All spaces like patient care, gen AI and it's getting to agentic AI as well. Always had robotic surgery and things like that. So they already had all of that. And the technology there is evolving very fast. So if you want to be in the healthcare space, keep up with what is going on with the technology in healthcare. There are challenges. Understand the challenges. There's challenges where you have old technology sitting with new technology. So you have to understand how to protect both have the ability to connect the dots across as you get into this new space and then just enjoy what you do, have a passion for.
[14:53]
Ed Gaudette
It and take risk, like you said earlier, which is take risk.
[14:56]
Ashini Sarati
Absolutely, yeah.
[14:58]
Ed Gaudette
Excellent. Appreciate your time joining us today. This is Zed Gaudette from the Risk Never Sleeps podcast. And if you're on the front lines protecting patient safety and delivering patient care, remember to stay vigilant because Risk never sleeps.
[15:16]
Thanks for listening to Risk Never Sleeps for the show. Notes, resources and more information and how to transform the protection of patient safety, Visit us@SenseInet.com that's C-E N S I N-E-T.com I'm your host, Ed Gaudet. And until next time, stay vigilant because Risk never Sleeps.