Risk Never Sleeps Podcast – Episode #200

Title: AI Isn’t the Hard Part. Security Is
Host: Ed Gaudet
Guest: Steven Ramirez, Chief Information Security & Technology Officer, Renown Health
Date: March 26, 2026
Location: Live at ViVE 2026, Los Angeles

Episode Overview

In this milestone 200th episode, host Ed Gaudet sits down with Steven Ramirez, CISO and CTO at Renown Health, to discuss the healthcare sector's latest challenges and innovations, with a particular focus on AI adoption, security, and patient safety. Steven and Ed explore real-world use cases, identity verification, cloud migration, and the human side of leadership in digital healthcare. The dynamic, candid conversation blends insightful best practices with personal anecdotes for professionals navigating healthcare cyber risk.

Key Discussion Points and Insights

1. Steven Ramirez’s Background and Role at Renown Health

• [00:57] Steven introduces himself as CISO and CTO, noting a recent shift to focus more on security and IT governance, including service desk management and Microsoft oversight.
• Recent rollouts: ServiceNow for ITSM, and strengthened security ties in operations.

Quote:

"We have a great leader that we've hired, so I'm over all security functions, but I'm strictly over service desk and Microsoft right now, as well as IT governance." — Steven [00:57]

2. AI’s Pervasiveness and Practical Adoption

• [02:49] AI dominates ViVE 2026—hundreds of booths and panels, conversations getting past the AI buzz to practical governance and adoption.
• Emphasis on fitting AI to organizational needs over chasing shiny tools.

Quote:

"AI, just by a landslide." — Steven [03:23]

• Renown’s early adoption of Microsoft Copilot for practical, incremental AI use cases (e.g., improving email communication, enhancing PowerPoints).
• Data and analytics leader driving AI strategy with strong governance from the outset.

3. Security: The Real Challenge with AI Rollout

• [04:16] Security guardrails were established early in Renown’s AI roadmap.
• Careful AI implementation with platform-centric logic: preference for trusted partners (Microsoft, Epic) and real-world, manageable use cases like ambient listening (DAX expansion).

Quote:

"We really hit that [security] on early...not chasing shiny bright objects. So we're looking more at platform AI." — Steven [04:16]

• Added security for mobile endpoints: Rolling out CrowdStrike on all phones, particularly those supporting clinical workflows.

4. Strategic Initiatives: Identity & Data Protection

• [05:22] Top initiatives: Identity verification (with CLEAR), Data Loss Prevention (DLP), and zero trust strategies.
• Real-world examples of social engineering—prevented breaches through process (deep fakes, phishing attempts targeting service desks and individual staff).

Quote:

"It's 80% of everything that happens." (on identity) — Steven [06:22]

• Expansion of data analytics via partnership with Databricks in Azure; recognizing cloud complexity (“cloud’s not always cheaper or more reliable”).

5. Cloud Migration and Security Architecture

• [07:25] Moved cautiously to cloud; building next-gen EDW in Azure with new security and cloud architects, leveraging partnerships and tooling (Netskope, CrowdStrike).
• Maintaining balance between cloud innovation and risk management.

6. Advanced Identity & Access Management in Agentic Era

• [08:14] Investing in identity proofing and non-human account management as agentic/AI systems proliferate.
• Leveraging early investments and basic best practices to handle more advanced scenarios (e.g., service account controls).
• Renown’s collaborative/partner approach extends to health plan work with Kaiser.

7. Human Element & Leadership Philosophy

• [09:31, 12:04, 22:16] Steven’s background is deeply rooted in healthcare: both parents were clinical providers, and he brings that mission-driven ethos.
• “People first” as a guiding principle; emphasizing work-life balance, team engagement, and fun at work for stress resilience.

Quote:

"We can't do what we want to do without our people. So making sure that everybody understands our mission and what we're doing, while that's important. But to take care of yourself and to have fun. And I try to do that every day with my team." — Steven [12:09]

• Value of mentorship (“Chuck has easily been the best boss…we call it wisdom;” [22:16]), surgical communication, and team-based leadership.

Notable Quotes & Memorable Moments

AI in Healthcare

• Steven: "People are getting more into the schematics of what AI really means...the past three years we've been talking about AI is coming, AI is coming. Now people are starting to get into the nuts and bolts." [02:49]

Identity and Social Engineering Threats

• Steven: "We already have processes in place with that and we've already had a lot of close calls which is great to be able to really share on that deep fake...they're getting creative." [05:44]

Cloud Migration

• Steven: "The cloud's not always cheaper, it's not always more reliable. But we're going all in on Azure for databricks." [07:25]

Leadership & Wellbeing

• Steven: "Making sure that everybody understands our mission and what we're doing, while that's important. But to take care of yourself and to have fun." [12:09]

On Team Success

• Steven: "Anytime I get a pat on the back, I make sure to peel some of those fingers off. They're for my team as well." [24:03]

Engaging Personal Insights & Lightning Round

These segments provide a lively, human side to Steven and Ed’s partnership.

• Golf as personal therapy: Steven talks about his love for golf (“just you and the ball…it’s all on you, it’s not on anyone else;” [13:37]), short game struggles, and humor about expensive gear.
• Music selection for desert island: Eclectic mix—Morgan Wallen, The Eagles, Taylor Swift, Nelly, Biggie/Tupac ([17:41-18:39]).
• Riskiest moment: Encounter with a moray eel while snorkeling; identified as a formative “risky” lesson ([16:14]).
• Parenthood: New father to a four-month-old daughter; balancing work, family, and cybersecurity on the home front ([13:03], [21:21], [21:48]).

Timestamps for Key Segments

| Segment | Timestamp | |--------------------------------------------------------------- |-------------- | | Steven’s Role & Background | 00:57 | | AI Adoption & Trends at ViVE | 02:49 | | Renown’s AI Use Cases & Strategy | 03:38 | | Security as the Priority & Technology Focus | 04:16 | | Identity Verification & Deep Fakes | 05:22 | | Cloud Migration & Data Security | 07:25 | | Agentic/AI Systems & Access Management | 08:14 | | Personal Journey in Healthcare | 09:31 | | People-First, Fun at Work, Leadership Philosophy | 12:04; 22:16 | | Golf, Passions, and Risky Moments | 13:03–16:43 | | Lightning Round (Music, Movies, Books, Podcasts) | 17:41–20:50 | | Reflections on Fatherhood | 21:21 | | Greatest Leadership Lesson | 22:11–24:35 |

Tone and Language

The episode is marked by candid, humorous exchanges and practical insight. Steven blends technical expertise with relatable anecdotes, highlighting the persistent tension between new tech (AI, cloud) and the security/fundamentals holding everything together.

Summary

This milestone episode elegantly combines the strategic (AI, identity, security) with the personal and philosophical. Steven Ramirez offers a grounded, experience-driven roadmap for healthcare CISOs: embrace new technologies but never at the expense of security basics and team wellbeing. His advice is pragmatic, people-centric, and livened by wit—making this a must-listen (or must-read!) for those safeguarding patient safety in digital health.