InfoSec Career Advice from HIMSS' Lee KimImportant to Learn from 'Domains Outside Your Niche'
Today's information security and privacy professionals need to understand the big picture and go way beyond their area of specialization, says Lee Kim, director of privacy and security at the Healthcare Information and Management Systems Society.
"We're past the stage where privacy and security are totally disconnected spheres. We're past the sphere were you have to be a super expert in one small narrow area. We're in an environment where the threats are rapidly changing and we need to be flexible to address those threats and stay ahead of them," Kim says in an interview with Information Security Media Group.
Kim, who joined HIMSS last fall, will moderate a session on insider threats at the organization's privacy and security forum in Boston on Sept. 8 (see Healthcare's Biggest Security Threats).She advises professionals working in healthcare privacy and security to "be like a sponge and learn from various domains that are outside your niche. Embrace the idea of holistic community-oriented privacy and security so that you appreciate all the threats and vulnerabilities that are there and how to address them."
She also urges healthcare information privacy and security pros to "understand that the threats and vulnerabilities are not just cyber ... there are certainly physical threats as well." She points out that it's vital to pay attention to physical safeguarding of information because so many large health data breaches have involved the theft of mobile and other unencrypted computing devices.
In the interview, Kim also discusses:
- How her professional and personal journey took her from a chemistry degree, to a legal career in privacy, security and intellectual property, and now to the top privacy and security leadership spot at HIMSS;
- The advantages of healthcare infosec and privacy professionals also having a legal degree;
- Evolving cybersecurity threats facing the healthcare sector;
- Effective security strategies for smaller healthcare organizations.
Before joining HIMSS, Kim practiced law in the areas of IT, healthcare technology, intellectual property, and privacy and security. She also previously worked in the healthcare technology field. She is a licensed attorney in the District of Columbia and Pennsylvania and is admitted to practice before the Federal Circuit and the United States Patent and Trademark Office as a registered patent attorney.