For members of the Eskenazi Health Information Systems (IS) Security team, watching for threats is second nature — and not just for those online. Eric Schmidt, information security officer, jokes that he prefers “sitting in the corner where I can see the doors.”
Robert Anderson, cyber security analyst, observes that “there’s a certain mentality with security people . . . . You’re just suspicious of everything.”
Maybe their caution is due to their profession, or maybe it’s due to their training. Schmidt is a retired major in the U.S. Air Force. Brian Carmien, information security supervisor, was a hospital corpsman in the U.S. Navy and in the U.S. Navy Reserve. Andrew “AJ” Moir, cyber security engineer, and Jose “Armando” Guerrero, cyber security intern, are members of the Indiana Army National Guard. Anderson was previously a contractor for the FBI but feels at home with his military-dominated team because of their familiarity with hierarchy and law enforcement.
Moir describes Eskenazi Health as civilian life with “some sprinkles of military dust.” He kept hearing about peers’ bad experiences with other employers, such as being penalized in job reviews for military deployments. “It made me realize how just fortunate it is when you have a really good employer and supervisor and team that understands and supports you,” he says. He nominated Schmidt and Schmidt’s supervisor, Scott Morris, corporate chief information officer and executive vice president of hospital administration, for the Employer Support of the Guard and Reserve (ESGR) Service Member Patriot Award, which they won this winter.
Schmidt also praises his supervisor. Even though Morris doesn’t have experience in the armed forces, he is “very heavily supportive of the military and the methodology and the concepts,” says Schmidt. Carmien notices support for the military throughout Eskenazi Health, calling it the “thick layer of icing on the cake” on an already “great organization.”
Working for a civilian employer, which doesn’t run by hierarchy, “makes you have to think more about how you’re going to motivate people and how you’re going to communicate your objectives,” says Carmien. Moir, who used to work for the U.S. Department of Defense, believes the focus on rank there, while aiding efficiency, could mean “opportunities for creativity were squandered.” “A place like this,” he adds, “the culture is infinitely better.”
The current state of organizations being at risk for a cyber event has resulted in Eskenazi Health leadership adding resources to the IS security team: its staff has expanded from three to eight members. In addition to its five Eskenazi Health employees, the team includes three Health & Hospital Corporation of Marion County (HHC) employees who have also worked in or with the military or law enforcement: Jeff Martz, chief information security officer; Kevin Wright, cyber security engineer; and Josh Tooley, cyber security analyst.
While much of the culture of the IS security team is still developing, the military training is leveraged every day. Carmien and Schmidt talk about taking tasks objective by objective, as they were trained, and staying driven in high-stress situations. Schmidt adds that it’s the “military mindset; you just do it.” Moir points out that the mentality engrained in the cyber security team members from their military experience “will never go away” and that whenever it’s needed, as in a potential cyber event, it “can be utilized in an instant.”
“We have a wide range of skills and certifications across the team,” adds Moir, including in penetration testing, malware analysis, phishing analysis, computer and network forensics and cyber threat intelligence.
Guerrero, a full-time intern, says he’s earning cyber security certifications in his spare time. Moir is a major and Guerrero his cadet in the cyber protection battalion of the Indiana Army National Guard, one of five such battalions in the country, says Moir. He says that in the Guard, his fellow team member is “treated like he’s already a lieutenant” due to the amount of his experience, which has “helped him grow and surpass expectations.”
Schmidt appreciates the support of the larger IS department and hopes all employees will gain a greater understanding of the range of threats and the vigilance, staff and training required to fight them. Moir hopes Eskenazi Health will also continue to hire military members. “An organization should embrace that opportunity,” he says, noting the advantage of National Guard-paid tuition assistance. Just a little flexibility with active military members’ schedules, he points out, can make an employer “gain so much back.”
The trend continues with the team’s new hire this May, Violeta Morena, vulnerability and risk management supervisor. She may be a civilian, but her last employer was the Indiana National Guard.