Hashtag Realtalk with Aaron Bregg
Welcome to my little corner of the Internet!
In this channel I give 'real talk' about information security and technologies that impact both your business and personal lives. I try and focus on issues and items that can help you become more 'security curious'. The ultimate goal of help protect your personal and professional well being.
Employer Disclaimer - The opinions and views expressed in the podcast are not necessarily the views of my current employer, Corewell Health.
Legal Disclaimer - All of the security advice that I give is 'as is' and does not constitute real paid professional advice. As with everything security related, please seek second opinions from paid professionals. Photo by
Hashtag Realtalk with Aaron Bregg
Episode 106 - CISO Insights - Lessons Learned in My Healthcare Security Journey
In this special episode, I finally get a chance to do a virtual fireside chat with my talented and funny CISO Scott Dresen. I actually started working with Scott while he was the Chief Technology Officer for Spectrum Health. It was in this role that Scott down the path to becoming the Chief Information Security Officer for Corewell Health. So you can say he has been here for the entire Information Security program revamp that started back in 2016.
Talking Points:
- Back in 2016 you were the CTO when the Information Security program was 'rebooted'. What were some of your biggest challenges and frustrations back then?
- In 2018 you assumed the dual role of CTO and CISO, what was the hardest thing you had to change/overcome with having that dual role?
- Let's talk to WannaCry incident, what did the high level leadership view look like and what decisions needed to happen?
- In 2019 you had to re-evaluate the state of the security program at the halfway part of the timeline. During that you had to make some hard choice about the direction we needed to go in order to compete things. How did you come up with those decisions?
- You have had the distinct 'pleasure' of being a part of both a small healthcare and large scale acquisitions, what are some valuable lessons learned from each?
- In 2020 you had to pivot from an almost entirely in-person workforce to almost 100% remote, how did you manage to accomplish this in a timely and successful manner?
- In 2023 you had a chance to speak in front of congress around healthcare security, walk me through how that came about, how you felt in the moment and what things would you do differently (in hindsight)
- What has been the hardest part of planning and implementing Artificial Intelligence security?
- Heading into 2025, what advice do you have for other healthcare security leaders as they face the challenges of tighter budgets, smarter threat actors and changing business strategies?
Episode Charities:
- Toys for Tots of Grand Rapids - Presents for less fortunate children
- North Kent Connect - A great foundation that helps families with items that may not be covered by other programs
- YMCA of Greater Grand Rapids - Great organization promoting healthy lifestyles
Episode Sponsor:
Cloud Con - Michigan's premier security and infrastructure conference!