chat
expand_more

Cyber Savvy: Protecting Vital Signs with Nicholas Schopperth, CISO at Dayton Children’s Hospital

Discover key insights from seasoned cybersecurity professional Nicholas Schopperth, CISO at Dayton Children’s Hospital.
July 24, 2024

Welcome to the fifth edition of Cyber Savvy, a blog series offering expert insights from top cybersecurity professionals. In each installment, we engage with a diverse group of security leaders to gain new perspectives on the ever-evolving threat landscape. Through these interviews, we delve into their unique career journeys, highlighting the challenges they've faced and their notable achievements.

In this article, we chatted with Nicholas Schopperth, CISO at Dayton Children’s Hospital. An Air Force veteran with over a decade in cybersecurity, Schopperth is dedicated to protecting every aspect of the hospital from cyberattacks. He leads a proactive team that handles threats ranging from phishing attempts to state-sponsored attacks. He values continuous learning, having transitioned from systems administration to cybersecurity during his military career before joining Dayton Children’s in 2022. Here’s what Nick had to share about his journey.

What are your biggest security concerns/challenges as a CISO?

A: As a healthcare CISO, my two biggest concerns are ransomware and loss of patient data. The biggest challenge to address these has really been making sure my team is seen as a partner instead of the boogeyman. The leadership here does understand the importance of what we do, but there is always a balancing act that happens. Our mission is the relentless pursuit of optimal health for every child within our reach, my teams’ function is just a small part of that mission. We enable the mission to happen by providing the most secure network we can with the resources available to us.

What new challenges do you anticipate in the coming year?

A: My biggest focus for the next year is working to make sure our current tool set is optimized for defense of our network. We had several events before last year that helped me get a fairly substantial increase in budget. This is a double-edged sword…those investments have really helped our security posture, but that increased posture meant it was harder to ask for new tools. However, this gives my team a great opportunity to make sure we’re using what we have to its fullest ability. That is the focus this year; to look at our existing stack and make sure we're taking advantage of everything we can instead of buying another product that does the same thing.

How is your team adapting to the evolving threat landscape?

A: We do our best to keep current through different sources. We attend webinars or local conferences and summits, we receive threat intel from multiple sources, and read daily news to see what happened while we slept. My team is small, but we have some really great partners that help keep us secured. We rely on and learn from their expertise to make us better.

What do you consider your most important success metric?

A: From a cybersecurity perspective, I like to look at response and remediation times. Data points like time-to-detection and time-to-remediation are a great way to show how successful the security side of my team is. I also lead identity and access management, this is where I muddy my response a little bit. The most important metric with IAM is a combination of accurately closing tickets on time and closing backlogged tickets.

What are your three biggest goals for the coming year?

A:

  1. We are migrating to a more robust endpoint detection and response software. We have several thousand endpoints, but we have a partner assisting us and we’re hoping for a very smooth transition.

  2. We started an identity governance project a couple years ago which has been fraught with delays. I think (or hope) we are finally nearing the end of the project and are able to completely flip the go-live switch.

  3. We measure our program maturity using a combination of CIS Controls, HICP, and will be implementing the Cybersecurity Performance Goals from HHS. My BHAG is to cross reference each item, align them with each other, and provide supporting documentation/evidence for all areas…we’ll see how well that goes.

What new trends in cybersecurity excite you right now?

A: Although it’s not new, I've been looking deeper into attack surface management lately. When we know what assets are exposed, it is much easier to manage the associated risks. The unknown is most concerning for me. As an example, we were working with an ASM vendor and they found some concerns they wanted to address with us before our scheduled call. One device name led them to believe it was a domain controller exposed on the Internet. Fortunately for us, it was not our asset. Unfortunately, it was indeed a domain controller. We were able to coordinate with the owning organization that didn’t know that device was exposed. The unknowns worry me the most, leveraging an expert in ASM is our next logical move.

Are there any security leaders, besides yourself, that you look to for guidance?

A: There aren’t any specific individuals, but I am in a couple different groups of healthcare leaders. Groups like the Healthcare-ISAC and the Children’s Hospital Association have some amazing sub-groups where we share advice and ask questions. Another group is a more local/regional group of healthcare security professionals. We usually meet monthly and talk about anything hot for everyone or something that is pressing for one or two people. All of these groups are great for bouncing ideas around, asking about products/vendors, or even quickly sharing information on current security issues.

What advice do you have for other CISOs or aspiring CISOs?

A: Sleep now, you won’t be able to later 😉. Seriously, my path to CISO was atypical. When I was transitioning out of the military, I did not want to lead, I didn’t want to be the chief of anything, I just wanted to bang on a keyboard. I quickly found out that my technical skills were not as high as I wanted them to be, so I leaned on my leadership abilities. As a CISO, know that your time on keyboard will most likely be limited. You will be a leader, a mentor, and an ambassador for cybersecurity. Get comfortable politicking, you will need to translate the beeps and squeaks into business when talking to anyone outside of IT.

Want to learn more from Nick? You can connect with him here.

Coming Up Next

In our upcoming Cyber Savvy segment, we'll be conversing with yet another security expert to explore their perspectives on the constantly shifting threat environment. Whether you're a seasoned CISO, aspiring security analyst, or simply curious about industry insights, this is an opportunity you won't want to overlook.

Want to be featured yourself? Contact us here and we’ll be in touch!

Cyber Savvy: Protecting Vital Signs with Nicholas Schopperth, CISO at Dayton Children’s Hospital

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B Proofpoint Customer Story F500 Insurance Provider
A Fortune 500 insurance provider blocked 6,454 missed attacks and saved 341 SOC hours per month by adding Abnormal to address gaps left by Proofpoint.
Read More
B Malicious AI Platforms Blog
What happened to WormGPT? Discover how AI tools like WormGPT changed cybercrime, why they vanished, and what cybercriminals are using now.
Read More
B MKT748 Open Graph Images for Cyber Savvy 7
Explore insights from Brian Markham, CISO at EAB, as he discusses cybersecurity challenges, building trust in education, adapting to AI threats, and his goals for the future. Learn how he and his team are working to make education smarter while prioritizing data security.
Read More
B Manufacturing Industry Attack Trends Blog
New data shows a surge in advanced email attacks on manufacturing organizations. Explore our research on this alarming trend.
Read More
B Dropbox Open Enrollment Attack Blog
Discover how Dropbox was exploited in a sophisticated phishing attack that leveraged AiTM tactics to steal credentials during the open enrollment period.
Read More
B AISOC
Discover how AI is transforming security operation centers by reducing noise, enhancing clarity, and empowering analysts with enriched data for faster threat detection and response.
Read More