Episode #99 Quantum Computing and Healthcare Cybersecurity, with David Woska PhD, Chief Information Security Officer at Censinet

Podcast Summary: Risk Never Sleeps Podcast

Episode #99: Quantum Computing and Healthcare Cybersecurity with David Woska, PhD, CISO at Censinet
Host: Ed Gaudet
Date: September 26, 2024

Episode Overview

This episode delves into the intersection of quantum computing, healthcare cybersecurity, and risk management. Host Ed Gaudet welcomes David Woska, PhD, Chief Information Security Officer at Censinet, for an in-depth conversation about how quantum advancements could disrupt healthcare security, best practices for CISOs, and the evolving priorities for health tech risk leaders. The discussion mixes technical explanations, strategic insights, and personal reflections on leadership and risk in the digital healthcare landscape.

Key Discussion Points and Insights

David Woska’s Background & Role at Censinet

Woska describes his dual responsibilities: securing Censinet internally and leading the development of risk assessment tools for healthcare systems.
- [00:47] "I wear a couple of hats. I'm responsible for keeping Censinet secure, obviously. I also lead a great team which develops risk assessments in the Censinet risk ops platform to help health systems with third party and enterprise risk management." (Woska)
Transition from healthcare provider roles (e.g., CIO, Assistant VP of Information Security at Northwell Health) to leading security at a healthcare tech company.

Quantum Mechanics & Computing Explained for All

Woska simplifies quantum mechanics for the layperson, drawing clear analogies between classical and quantum computing:
- [05:11] "Classical computing is all about those ones and zeros, bits. Well, quantum computing is instead of bits, they use something called quantum bits or qubits ... They have very unique properties based on quantum mechanics. Properties such as superposition and entanglement." (Woska)
Superposition Analogy:
- [05:59] "In quantum computing, qubits...are kind of like a dimmer switch. So they could be on, they're off, they're somewhere in the middle. Essentially, you can represent on and off or 0 and 1 at the same time simultaneously." (Woska)
Entanglement Analogy:
- [07:41] "Imagine you have two qubits...these dice are linked in such a way that if you roll one, the other one always shows related value. So no matter how far apart they are, they are aware of each other's state." (Woska)

Why Quantum Computing Matters for Healthcare Security

Cryptography Risks:
- [08:41] "One of the most talked about applications in quantum computing today...the possibility or potential of breaking widely used encryption techniques or methods like RSA or ECC, which rely on factoring very large numbers." (Woska)
- Quantum computers could crack passwords and existing encryption exponentially faster, threatening the confidentiality and integrity of health data.
Other Healthcare Impacts:
- [09:36] "It really has potential to revolutionize these industries that depend on chemical reactions and molecular modeling."—on drug discovery and material science.

Readiness & Roadmap for CISOs

Quantum threats are not yet immediate, but security leaders must prepare:
- [10:07] "Thankfully we're still a little ways off ... CISOs are probably looking to go, they need to think about what that next level is, you know, passwordless authentication, risk based authentication..." (Woska)
Emerging Protective Approaches:
- [10:58] "Post quantum cryptographic systems like multivariant cryptography and other approaches." (Gaudet)
- Emphasis on developing and adopting new mathematical algorithms ("post-quantum cryptography").
Timeline Predictions:
- [11:45] "I still think that understanding how you expand the number of qubits being used is...a challenge...I'm not a betting man...I'll use a quantum computer to give you some probabilities though." (Woska)
- [12:18] Discussion on physical barriers like qubit stability and hardware requirements, with estimates ranging from five years and beyond before mainstream quantum impact.

Evolving Healthcare Risk Management Priorities

Censinet Platform Innovations:
- Introduction of NIST AI RMF and CISA Cybersecurity Performance Goal (CPG) assessments, enabling customers to benchmark and improve their programs.
- [01:24] "We've turned that into a risk assessment that will really help as a template for healthcare systems to benchmark. Where are they today and where are their opportunities to improve..." (Woska)
Expanding to Business Continuity & Resilience:
- [14:02] "Not just do risk assessments...but also being able to look at it from a disaster recovery perspective, from a business continuity perspective. Even doing business impact analysis as part of the onboarding of a new technology solution..." (Woska)
- Focus on integrating incident response and recovery planning with asset management.
Integration of Cybersecurity, GRC, and Business Continuity functions— previously siloed, now converging for more effective risk posture.

Life of a CISO: Large vs. Small Organization Perspective

Resource constraints and regulatory differences in a cybersecurity leadership role in a smaller tech company vs. a major health system:
- [16:32] "A smaller company definitely has different and unique challenges...also isn’t as regulated obviously as well. That offers some advantages." (Woska)
Balancing the security of products and patient safety enablement at scale.

Personal Insights and Career Reflections

Woska’s passion for family, golf, music, and woodworking, echoing the importance of work-life balance and outside interests.
Transitioning from academia and chemistry to healthcare IT described as his “riskiest move.”
- [20:54] "Changing careers into healthcare information technology...that's pretty riskiest thing I ever did." (Woska)
Hardest career lesson emphasized the need for backup plans and resilience in the face of unpredictability.

Advice for Aspiring Professionals

Wide scope in cybersecurity: technical tracks (engineering, SecOps) vs. risk management, governance, awareness, and training.
- [25:47] "Most people tend to think of the sexier part of cybersecurity...but I've always gravitated more towards the risk management and governance side of it. I've always found it more interesting to me and it's just as important." (Woska)
Critical thinking and problem solving matter even more than technical prowess alone; risk roles offer a strong entry point to cyber careers, regardless of technical depth.
The human element is crucial in cyber defense—security is an organization-wide responsibility:
- [28:31] "The human being is just as important as the technology. You can have the best and greatest security technologies in place, but at the end of the day, it's a human being that makes the most difference." (Woska)
People, process, and technology must function together for security effectiveness.
- [30:52] "The hardest part is the application of those three things in a way that literally is driving better outcomes." (Gaudet)

Notable Quotes & Memorable Moments

[05:59] Woska: "In quantum computing, qubits...are kind of like a dimmer switch...you can represent on and off or 0 and 1 at the same time simultaneously."
[08:41] Woska: "With quantum algorithms, it's just exponential—it can crack those codes incredibly fast."
[14:02] Woska: "Not just do risk assessments...but also being able to look at it from a disaster recovery perspective, from a business continuity perspective."
[28:31] Woska: "The human being is just as important as the technology ... it's a human being that makes the most difference."
[30:52] Gaudet: "The hardest part is the application of those three things in a way that literally is driving better outcomes."

Timestamps for Key Segments

[00:47] – Woska's role at Censinet & risk platform development
[04:23] – Woska’s background in quantum mechanics and its relevance
[05:11]–[06:38] – Quantum computing, superposition, and entanglement explained
[09:35]–[10:48] – Quantum risks for cryptography, impact on healthcare
[11:32]–[12:57] – Quantum timeline, physical constraints, future scenarios
[14:02]–[15:24] – Evolving enterprise risk management and resilience strategies
[16:32]–[17:39] – Challenges of cybersecurity in small tech vs. large healthcare orgs
[25:47]–[29:45] – Career advice for aspiring cybersecurity professionals
[28:31]–[31:06] – The primacy of people, process, and technology in security

Tone and Takeaways

The conversation is both technical and conversational, balancing deep-dive explanations with humor ("It reminds me of my college days being in multiple states at the same time" – [06:38] Gaudet), personal anecdotes, and practical guidance. The episode is hopeful about advances in risk management and honest about the challenges of the coming quantum era. Above all, both Ed and David stress the importance of adaptability, critical thinking, teamwork, and the human factor in ensuring patient safety and robust healthcare cybersecurity.

Summary prepared for listeners who want a comprehensive understanding of the episode’s content without hearing the full audio.

Podcast Summary: Risk Never Sleeps Podcast

Episode #99: Quantum Computing and Healthcare Cybersecurity with David Woska, PhD, CISO at Censinet
Host: Ed Gaudet
Date: September 26, 2024

Episode Overview

Key Discussion Points and Insights

David Woska’s Background & Role at Censinet

Woska describes his dual responsibilities: securing Censinet internally and leading the development of risk assessment tools for healthcare systems.
- [00:47] "I wear a couple of hats. I'm responsible for keeping Censinet secure, obviously. I also lead a great team which develops risk assessments in the Censinet risk ops platform to help health systems with third party and enterprise risk management." (Woska)
Transition from healthcare provider roles (e.g., CIO, Assistant VP of Information Security at Northwell Health) to leading security at a healthcare tech company.

Quantum Mechanics & Computing Explained for All

Woska simplifies quantum mechanics for the layperson, drawing clear analogies between classical and quantum computing:
- [05:11] "Classical computing is all about those ones and zeros, bits. Well, quantum computing is instead of bits, they use something called quantum bits or qubits ... They have very unique properties based on quantum mechanics. Properties such as superposition and entanglement." (Woska)
Superposition Analogy:
- [05:59] "In quantum computing, qubits...are kind of like a dimmer switch. So they could be on, they're off, they're somewhere in the middle. Essentially, you can represent on and off or 0 and 1 at the same time simultaneously." (Woska)
Entanglement Analogy:
- [07:41] "Imagine you have two qubits...these dice are linked in such a way that if you roll one, the other one always shows related value. So no matter how far apart they are, they are aware of each other's state." (Woska)

Why Quantum Computing Matters for Healthcare Security

Cryptography Risks:
- [08:41] "One of the most talked about applications in quantum computing today...the possibility or potential of breaking widely used encryption techniques or methods like RSA or ECC, which rely on factoring very large numbers." (Woska)
- Quantum computers could crack passwords and existing encryption exponentially faster, threatening the confidentiality and integrity of health data.
Other Healthcare Impacts:
- [09:36] "It really has potential to revolutionize these industries that depend on chemical reactions and molecular modeling."—on drug discovery and material science.

Readiness & Roadmap for CISOs

Quantum threats are not yet immediate, but security leaders must prepare:
- [10:07] "Thankfully we're still a little ways off ... CISOs are probably looking to go, they need to think about what that next level is, you know, passwordless authentication, risk based authentication..." (Woska)
Emerging Protective Approaches:
- [10:58] "Post quantum cryptographic systems like multivariant cryptography and other approaches." (Gaudet)
- Emphasis on developing and adopting new mathematical algorithms ("post-quantum cryptography").
Timeline Predictions:
- [11:45] "I still think that understanding how you expand the number of qubits being used is...a challenge...I'm not a betting man...I'll use a quantum computer to give you some probabilities though." (Woska)
- [12:18] Discussion on physical barriers like qubit stability and hardware requirements, with estimates ranging from five years and beyond before mainstream quantum impact.

Evolving Healthcare Risk Management Priorities

Censinet Platform Innovations:
- Introduction of NIST AI RMF and CISA Cybersecurity Performance Goal (CPG) assessments, enabling customers to benchmark and improve their programs.
- [01:24] "We've turned that into a risk assessment that will really help as a template for healthcare systems to benchmark. Where are they today and where are their opportunities to improve..." (Woska)
Expanding to Business Continuity & Resilience:
- [14:02] "Not just do risk assessments...but also being able to look at it from a disaster recovery perspective, from a business continuity perspective. Even doing business impact analysis as part of the onboarding of a new technology solution..." (Woska)
- Focus on integrating incident response and recovery planning with asset management.
Integration of Cybersecurity, GRC, and Business Continuity functions— previously siloed, now converging for more effective risk posture.

Life of a CISO: Large vs. Small Organization Perspective

Resource constraints and regulatory differences in a cybersecurity leadership role in a smaller tech company vs. a major health system:
- [16:32] "A smaller company definitely has different and unique challenges...also isn’t as regulated obviously as well. That offers some advantages." (Woska)
Balancing the security of products and patient safety enablement at scale.

Personal Insights and Career Reflections

Woska’s passion for family, golf, music, and woodworking, echoing the importance of work-life balance and outside interests.
Transitioning from academia and chemistry to healthcare IT described as his “riskiest move.”
- [20:54] "Changing careers into healthcare information technology...that's pretty riskiest thing I ever did." (Woska)
Hardest career lesson emphasized the need for backup plans and resilience in the face of unpredictability.

Advice for Aspiring Professionals

Wide scope in cybersecurity: technical tracks (engineering, SecOps) vs. risk management, governance, awareness, and training.
- [25:47] "Most people tend to think of the sexier part of cybersecurity...but I've always gravitated more towards the risk management and governance side of it. I've always found it more interesting to me and it's just as important." (Woska)
Critical thinking and problem solving matter even more than technical prowess alone; risk roles offer a strong entry point to cyber careers, regardless of technical depth.
The human element is crucial in cyber defense—security is an organization-wide responsibility:
- [28:31] "The human being is just as important as the technology. You can have the best and greatest security technologies in place, but at the end of the day, it's a human being that makes the most difference." (Woska)
People, process, and technology must function together for security effectiveness.
- [30:52] "The hardest part is the application of those three things in a way that literally is driving better outcomes." (Gaudet)

Notable Quotes & Memorable Moments

[05:59] Woska: "In quantum computing, qubits...are kind of like a dimmer switch...you can represent on and off or 0 and 1 at the same time simultaneously."
[08:41] Woska: "With quantum algorithms, it's just exponential—it can crack those codes incredibly fast."
[14:02] Woska: "Not just do risk assessments...but also being able to look at it from a disaster recovery perspective, from a business continuity perspective."
[28:31] Woska: "The human being is just as important as the technology ... it's a human being that makes the most difference."
[30:52] Gaudet: "The hardest part is the application of those three things in a way that literally is driving better outcomes."

Timestamps for Key Segments

[00:47] – Woska's role at Censinet & risk platform development
[04:23] – Woska’s background in quantum mechanics and its relevance
[05:11]–[06:38] – Quantum computing, superposition, and entanglement explained
[09:35]–[10:48] – Quantum risks for cryptography, impact on healthcare
[11:32]–[12:57] – Quantum timeline, physical constraints, future scenarios
[14:02]–[15:24] – Evolving enterprise risk management and resilience strategies
[16:32]–[17:39] – Challenges of cybersecurity in small tech vs. large healthcare orgs
[25:47]–[29:45] – Career advice for aspiring cybersecurity professionals
[28:31]–[31:06] – The primacy of people, process, and technology in security

Tone and Takeaways

Summary prepared for listeners who want a comprehensive understanding of the episode’s content without hearing the full audio.

wavePod

Powered by Wave AI

Summary

Podcast Summary: Risk Never Sleeps Podcast

Episode Overview

Key Discussion Points and Insights

David Woska’s Background & Role at Censinet

Quantum Mechanics & Computing Explained for All

Why Quantum Computing Matters for Healthcare Security

Readiness & Roadmap for CISOs

Evolving Healthcare Risk Management Priorities

Life of a CISO: Large vs. Small Organization Perspective

Personal Insights and Career Reflections

Advice for Aspiring Professionals

Notable Quotes & Memorable Moments

Timestamps for Key Segments

Tone and Takeaways

Summary

Podcast Summary: Risk Never Sleeps Podcast

Episode Overview

Key Discussion Points and Insights

David Woska’s Background & Role at Censinet

Quantum Mechanics & Computing Explained for All

Why Quantum Computing Matters for Healthcare Security

Readiness & Roadmap for CISOs

Evolving Healthcare Risk Management Priorities

Life of a CISO: Large vs. Small Organization Perspective

Personal Insights and Career Reflections

Advice for Aspiring Professionals

Notable Quotes & Memorable Moments

Timestamps for Key Segments

Tone and Takeaways