Resilient Cyber Podcast - Episode 17 - Rob Wood - CISO for CMS

In this episode of the Resilient Cyber podcast, hosts Chris Hughes and Dr. Nikki Robinson sit down with Rob Wood, the Chief Information Security Officer (CISO) at the Centers for Medicare and Medicaid Services (CMS). The discussion delves into Rob’s journey from the private sector to becoming a CISO in a federal agency, highlighting the unique challenges and opportunities that come with such a role. They explore the intricacies of managing security in one of the largest healthcare payers in the world, the critical importance of protecting personal information for millions of Americans, and the strategies employed to balance security with innovation in a highly regulated environment.

Highlights:

1. Rob Wood's Career Path: Rob shares his transition from the private sector, where he focused on application security and building security programs, to his current role as CISO at CMS. He discusses how his diverse experiences have shaped his approach to security in the federal space.

2. Scale and Scope of CMS: Rob explains the massive responsibility CMS holds, covering around 140 million Americans. He emphasizes the challenges of securing such a vast amount of sensitive data, particularly in the context of healthcare, and the impact this responsibility has on his security strategies.

3. Healthcare-Specific Security Concerns: The conversation touches on unique threats within the healthcare sector, including the risks of data exposure and fraud, and the importance of understanding the specific motivations of threat actors targeting healthcare systems.

4. Balancing Security and Innovation: Rob discusses the challenges of adhering to regulatory frameworks like NIST and FedRAMP while fostering innovation. He highlights the need for a streamlined approach to security that enables rapid development and deployment without compromising compliance.

5. Attracting Tech Talent to Government Roles: Rob addresses the difficulties in attracting and retaining technical talent within the federal government. He advocates for programs like USDS and Presidential Innovation Fellows as pathways for private-sector professionals to contribute to public service.

6. Cyber Resilience: Rob defines cyber resilience as the ability to "bend but not break" under pressure. He draws an analogy from football, emphasizing the importance of maintaining operational integrity even in the face of significant challenges, ensuring that security measures can withstand and recover from attacks.