You might be excused for thinking that instructor Richard Staynings never sleeps, so constant is his writing on the topic of cybersecurity. Staynings is continually sounding the alarm bells about the vulnerabilities in our digital infrastructure.
“We in the U.S. are more reliant on technology than any other society, and yet we don’t have the people that are capable of securing that technology,” he says.
Staynings has been in the cybersecurity industry for 30 years, in C-suite positions at major companies and as a sought-after consultant to governments, executives, and working groups. He has worked for Amgen, Cisco, Intermountain Healthcare, PeaceHealth, PricewaterhouseCoopers, Intel, Microsoft, and Zurich Financial. Now he also teaches for University College’s Cybersecurity Management and Health Informatics programs.
Learning to protect and defend
Staynings focuses on cybersecurity in healthcare, where systems are much more complex – and involve graver consequences – than sectors like retail. He’s seen healthcare organizations become a top target for cyber-attacks over the past 10 years. Ransomware attacks, denial-of-service attacks, and breaches exposing personal, financial, and health information have been in the news.
“Health information is extremely valuable – to identity thieves, to prescription thieves, to medical insurance fraudsters, and to extortionists,” he says.
In Staynings’ health informatics cybersecurity courses at DU’s University College, students learn how to anticipate and protect against cyberattacks, how to adhere to security regulations, and how to respond to any security breaches.
“The [cybersecurity program] at DU is very up-to-date, not just abstract ideas for the sake of it,” he says. “It’s about real-world scenarios, real-world cyber-attacks, and real-world risks that these students are going to face in their role when they graduate.”
Healthcare industry risks
Staynings is currently Chief Security Strategist for Cylera, a cybersecurity company specializing in securing the Internet of Things (IoT) in medicine. He gets animated when pointing out the risks present in devices that are increasingly internet-connected – items like glucose monitors, surgical robots, MRI machines and lab temperature monitors.
“They now account for about 75% of connected endpoints at hospitals, and they are generally not managed by hospital IT, meaning they’re not patched or updated regularly, and don’t have antivirus software on them,” he says. “They are the open back door to cybersecurity in healthcare right now.”
Staynings imagines a scenario in which it may even be possible to alter an individual’s medical records. “Say I go in for surgery next week and just before my operation my medical record is hacked and my blood type is altered and my list of medication allergies is removed. Before you know it, I’m coding on the table,” Staynings posits. Luckily, there’s little incentive to alter a single person’s medical record, but the security vulnerabilities are alarming.
The demand for workers
The need for cybersecurity professionals to address such vulnerabilities is acute. A Congressional hearing this year found a critical lack of cybersecurity workers. There are about 660,000 cybersecurity job openings, and only enough workers for about two-thirds of them. Demand is outpacing supply, one Congressional witness said, and many companies are seeking applicants that have college degrees.
“Anyone who’s considering their career options right now would be well advised to consider cybersecurity,” Staynings says. “It’s no longer a pure technology discipline as it was 15-20 years ago. You don’t need to be a programmer.”
Staynings says those with backgrounds in communications, policy, logistics, and education all can leverage their talents in the cybersecurity field with a bit of upskilling.
“If you develop a career in cybersecurity, you’ll have a job for life,” he says. Perhaps then, Staynings, and the rest of us, can get some rest.
DU is recognized as an NSA Center for Academic Excellence in Cyber Defense (CAE). To see all of DU’s cybersecurity offerings, visit DU.edu/cybersecurity.