Healthcare AI Security Risks and Cybersecurity Leadership Challenges

Anitha Mareedu: So um we see from the last few years it's very, very much booming the the world of AI or even the uh work that's going um around AI because uh it's very fast, it's moving really fast-paced.

Chris Hutchins: But we have to balance the risks that that come with it because not everyone's trying to design for good. Well, today I am excited to be joined by Anitha Mareedu, and we are here at Hollywood, Las Vegas, Nevada, for the Put Data First Conference. Uh I you're smiling big, you you you had a big smile when you walked over here, so I know that you you're you're with your people too. Uh I I've been really excited, looking forward to to coming here and meeting people like yourself because what the there's so much buzz around AI, the how we're using it, the cybersecurity aspects of it. Interestingly enough, I've had a couple of uh opportunities to to respond to some questions for the um journalists who are who are asking uh because of some recent activities in cyber, like it's given me an even deeper appreciation. I've always really been uh appreciative of people who are working in the cyberspace because as a chief data officer in my previous uh roles, if I didn't have people worrying about that stuff, I don't think I would have slept it off. Because it's just a really, really important uh area. So as we get started uh in our conversation, I mean the whole week that we're here is all about AI. Um, what was it about the this particular event that got your interested in in coming out here? And and what are some things that you're a wanting to really learn and what you know get from the time here, but also you know, what are some areas that maybe you're concerned about that you could have an opportunity to help influence and shape while we're all here?

Anitha Mareedu: Yeah. Um firstly, thank you so much for having me here. Um I really appreciate it. And this event is going great, and I'm here uh because of like to learn more about AI, or to learn more about how my space of or my industry that I'm working in, um, can AI, like how AI can help, or like to network with the people and to get to know, like to learn more and grasp things as this event is mainly um data related, like AI-related data and stuff like that. So in my area of cybersecurity or network security space, and this is even more uh challenging with all this um AI that's going on around in the world. So yeah, I I'm here to learn and meet great people like yourself.

Chris Hutchins: Well, I I'm I'm the I'm I'm excited about the the promise that we have here with with AI. But I think you know, some of the things that I've heard about over the last couple of years, I didn't even know this until someone you know forwarded me an article. Um, but it was this spring just coming out of the the the worst part of the pandemic that one of the biggest cyber attacks in the US happened during that period of time. And there's like there's just one example of of how pervasive um the nefarious activity can be in cyber. And I'm not sure if you're familiar with this particular incident I'm referring to, but um there were literally millions of uh access points that people were firing messages at the NIH and apparently didn't do anything to take anything offline, but it clearly was designed to bombard the thing and look for vulnerabilities. Um tell me a little bit about what got you interested in cybersecurity and and what are some of your observations and as you've gotten into it, and maybe talk a little bit about that, and if it's something you're familiar with, and and how how should we be thinking about it? And how do we advise our friends and colleagues who are working in the AI space? I mean, it's exciting, but we have to balance the risks that that come with it because not everyone's trying to design for good.

Anitha Mareedu: Yeah, yeah, absolutely. Um, that's a great question. So uh to answer your first question, like what interests me to this uh field is uh so pre-initially I w started my work, my career in networking as a network engineer, uh, because I did my master's in um by taking some courses in network field. Though I'm uh an electrical engineering and I did my thesis in VLSI, I did my research in VLSI and stuff, but also I took my courses in networking and security while doing that, taking some certifications in the field. Uh, that interested me. And once I started working off as a network engineer, and I see that we can create so much about it, like it we can talk from anywhere in the world using this network, uh, creating the routes and like, you know, all the way from layer uh one to four. And then um uh about the layer seven or about the security stuff is what uh intrigued me because nowadays, as uh time is going on, we see a lot of applications around the world, right? So um, and then application security has become very much uh prominent um in the recent times, like app security or API uh security when we talk about it. So um that intrigued me, like uh security, the breaches or the attacks that keep on happening. So, how we can defend this, right? So uh that kind of interests me. And I started taking courses, I started training myself um uh in the certification through the certifications, it can be, or the courses that we have online. So um, and while I am working on it, that really interests me to get into this field of security. And um, I have worked on um a few areas of security. Like I have worked on the endpoint side of security, I have worked on network security, basically on the defense side, um, working up on different um firewalls, like it can be uh different uh different vendors that we have out right there outside, like uh it can be Cisco, Palo Alto, Checkpoint, Juniper, and so on, to name a few. So um I have worked on different areas of that, and I also worked on um different layers of security. So it can be uh to prevent the attacks or breaches through IDPS tools, or um, it can be all the way from user identification, user ID, all the way to the um network security and like you know, endpoint side. So um when I worked on, so basically I have had the experience to work on a holistic view, right? Um the whole ecosystem of security, all the way from um layer one to all the way to layer seven, as well as covering from user ID to all the way to the perimeter side of the uh security. So um when we talk about um AI or even we talk about agentic AI or AI LLMs models and stuff, so um we see from the last few years it's very, very much booming the word of AI or even the uh work that's going um around AI because uh it's very fast, it's moving really fast-paced, and um um we can also see that um a lot of the uh work that we can do probably in hours, probably can be done in minutes now uh by deploying. But at the same time, we need to um we need to uh be vigilant about um where we are deploying them and how we are deploying them and um is it really needed? And if it is needed, how we can also secure it, right? Because um at the end of the day, uh again, security matters a lot because if we are deploying some kind of agentic AI or any kind of AI, if we are deploying it and we're just giving it the power to do it, then we also need to um secure it, uh how we how much access we can give to what.

Chris Hutchins: So you're you're touching on a really important thing, and it's how much data or what data can we give it. And I I think, you know, when I've thought about uh bias, for example, the thing that's always been more of a concern to me, and and don't don't misunderstand, I know there's people who are actively trying to, you know, breach systems and do things that are just beyond my imagination why they would want to. Um clearly somebody is either making them very wealthy or they just have a very, very different mindset than I do. I don't know, which maybe is both. Uh-huh. But the the pieces that are concerning is from a national security perspective, for example, there's information that you don't necessarily want everybody to have. Um I think back um when the first Gulf War was about to unfold, uh, we first heard about stealth technology at that point in time. It was cl it was over 20 years old, closer to 30 years old at that point, where the American public even became aware of it. Um it's a good example of something that you don't necessarily want exposed and you don't want to put it in just every model. Um But as we think about AI just from a general perspective, are there industries that you think that we should be concerned about um that have a tendency to be a lot less um stringent about securing than than others? So that and I'm not talking about that, you know, the big data aggregate is because we I mean they know that they've got a bullseye on them. So and I would hesitate to even guess uh the the uh number of hours of sleep that get lost on a regular basis by people responsible for those focus and their companies. Um But what you what are some things what are some of the industries that you think are are of concern at this point? I I mean I think about a lot of different things like in the finance, healthcare space and whatever. But from your experience, you you know, what are your what are you seeing and and where should we we be looking and paying attention and learning from, whether they're making good decisions or making some mistakes?

Anitha Mareedu: Yeah, yeah. Um so that's a great question. I have worked with different industries. I have worked in the advertising product-based companies, I have worked in the social media company, I have worked with uh security company itself, and now I'm working with the chip designing comp designing company. So um in my experience that I see, um, so if we talk about the CIA trade, right, and security, which is confidentiality, integrity, and availability. So um each is concerned with each different area of sector, right? Like if you're talking about a government sector, it's um confidentiality matters a lot. And uh integrity, of course, it's very much important when we talk about any kind of principles in security because the data have to be intact. And uh when we talk about availability, it's mostly about like the private organizations or B2B businesses, it can be or B2C it can be, right? So you need the availability of the data all the time. Uh, make sure that there is no downtime. So um, depending on each company or depending on each organization or the sector that you are in, it matters like what type of data that you need to protect. So um when we are talking about, like, let me say, like a health organization's like um principles like HIPAA comes into picture, right? So um we need to make sure that the data, the privacy, is not being compromised, like PI, PIA data, personal identifiable information is not being uh compromised. So um the same goes with the finance sectors, like banking sectors, where you have uh a lot of information which needs to be very much um like of users' data. Uh there's a lot of users' data in uh about the health sector as well as the finance sector. So you need to make sure that what exceptions that you're giving or what um data or PI data, how much protection you are uh putting there, the policies, uh the best practices that needs to be followed, or the uh principles that you need to um follow. It can be NIST, HIPAA or SOC, getting all of these in place. So uh that matters a lot, uh depending on the industry that you are in, or depending on the industry that you are trying to partner with or having those customers are like, you know, integrating with. So um in in that way, we need to also comply with that uh principles and sector, depending on the sectors that you're with.

Chris Hutchins: Yeah, the the adaptability and uh the the nuance to different industries, I can imagine is is a big challenge for you as you're you know trying to find the right solutions. Uh you you you talked about and you're educating yourself. And I I I'm glad you said that because I I I really want to make sure that people are hearing um the the things that they should be really thinking about doing for themselves because there's a massive fear factor out there. People are terrified they're gonna lose their jobs to AI. Um and there's young people out there that they don't know whether to be excited or scared because they're they get excited, but their parents are probably trying to put guardrails around them, trying to get them to be careful and all that. But what would you tell people they should be doing if if they they're realizing that this is here to stay? What should they do? What can they do? Um, and especially if you you seem passionate about what you do, uh maybe that uh you you can inspire some folks that may listen to our podcast. What are some things that you would tell them uh from your own experience and and what can they be doing to really take advantage of the moment that we're in? This is probably at least 10x as transformative as the internet coming on the scene in the 90s. Yeah, yeah. So massive disruption.

Anitha Mareedu: Yeah, yeah, yeah. I totally agree with you. And people like new grads who are just graduating, or the people who are trying to, the students who are trying to get into the education, like, you know, who are coming for master's to US, or it can be uh for bachelors, right? Or even the people around the world. But we know that United States of America is the place um to start uh anything uh at the foremost, right? And we know that Silicon Valley is the place where everything just starts. And we can see already big tech companies like Fanga companies or um who already started from the last uh two years, they have been trying to do a lot of hiring in the AI uh sector um rather than a traditional work or even uh in the areas of where uh you can just replace um people with um, like, you know, it can be networking, it can be uh software developers or everywhere, right? So the seeing to uh have like one person do 10 things using AI kind of a technology. So um I would say to anyone who is interested in pursuing um and who are really interested in learning more about um, like, you know, uh it can be like, you know, AI uh area or it can be on developing uh something related to like learning new models or languages, um, or even who wants to be in the area of security or maybe in finance or any other sector, right? So I would first um ask them to question themselves what their interest lies in. And I would also uh tell the students to have um keep up with what's because the technology changes every two years or every year. And it used to be like every five years or ten years before, now it's every two years or every year, the technology, something new comes, and you need to um learn something new all the time. So we need to um, I mean, there are several platforms out there, right? Uh for example, even me when I was uh at the beginning, even though I was an electrical engineer engineering, my master's degree was in, but I learned myself to get into this field of cybersecurity. So um the same way, I would say whatever intrigues them, uh, I would highly recommend to learn themselves because uh anything that is coming out there right now is new to everyone. Not everyone knows everything. Yes, not everyone knows everything. So um the more that we learn, the more we know better than the other person. So um that's what my recommendation would be.

Chris Hutchins: So I d I love that. I think we need to inspire people to to go into this field primarily because the risk seems to be compounding at a rate that's a little little concerning. Um, but there's so much enthusiasm. And, you know, I'm particularly excited that you came to this event because I think we have to have people like yourself that are trying to figure out how we can say yes to this capability, make sure that we're using it well. Um, there's plenty of folks who are gonna be the ones that'll want us to pump the brakes, so I understand that. Um, but the r the reality is somebody is gonna continue to push the ball forward. Or forgive the sports better for, but it's gonna continue to advance. And we can either be part of making sure it goes in a direction that we can live with, or we can live with regret because we fell asleep at the wheel and saw everything go sideways. And that that's not a not a great area to be uh setting up, Kim, I don't think. Yeah. Well, uh Anitha, just wrap up. Um if people wanted to get in touch with you, especially people wanting to know where do I start to learn about cybersecurity, because uh she seems excited, she's having fun. Uh how will they reach you?

Anitha Mareedu: Um I mean, you guys can reach me on LinkedIn or um or through email. Uh, that is fine. But uh yeah, I'm always available on LinkedIn.

Chris Hutchins: That's fantastic. I I really appreciate you you know coming by and and having a conversation with me. Um I I I don't know what the final insight package looks like walking away from this event this week, but it's it's been off to a great start, and I cannot wait to to hear from from all the folks here and meet people like yourself. This is the the best place to be, I think. Anywhere if you're interested in AI and technology and cyber compliance, you just if if you're an AI person, this is a little sights of heaven for a little bit.

Anitha Mareedu: Oh yeah, definitely, definitely. And it's my pleasure meeting you, and thank you so much for this opportunity.

Chris Hutchins: Anitha, thank you so much for getting on the Signal Room.

Anitha Mareedu: Thank you, thank you so much.

Chris Hutchins: That's it for this episode of the Signal Room. If today's conversation sparks something in you, an idea, a challenge, or a perspective worth amplifying, I'd love to hear from you. Message me on LinkedIn or visit SignalRoomPodcast.com to explore being a guest on an upcoming episode. Until next time, stay tuned, stay curious, and stay human.