After spending 24 years at American Tower helping build and scale a global security program, Rob Sherman was not looking for just another CISO role, he was looking for an opportunity to build something meaningful.
“When I talked to recruiters, I told them if you’ve got a role where the CISO had just left and they’re looking for someone to backfill and they’re pretty happy with their program, don’t call me,” he recalls. “I’m looking to build or re-build a security program and really get my hands dirty.”
That search ultimately led him to Lantheus, the leading radiopharmaceutical-focused company committed to enabling clinicians to Find, Fight and Follow disease to deliver better patient outcomes. The opportunity checked every box. The company was growing rapidly, expanding internationally, and looking to establish its first dedicated security leadership role.
“They wanted someone to come in and build a program,” Rob shares. “To me that really sounded like fun.”
What began as an opportunity to build a security program soon became something more personal. Just weeks into the role, Rob experienced a weekend data center outage that changed his perspective on the business. While coordinating updates during the incident, he learned that if systems were not restored quickly, health care facilities could be forced to cancel patient appointments.
Rob’s recognition of the organization’s impact was immediate, he quickly realized that every system, process, and security control ultimately supported patients waiting for critical diagnostic scans. “The company’s purpose really hit me,” he reflects. “What we’re doing is directly impacting patient care.”
Building a Program with Purpose
Having built programs before, Rob resisted the temptation to arrive with a predetermined playbook. He explains, “I didn’t want to be that guy who comes in with all my smart ideas from my other company and steamroll everything.”
Instead, he spent his first months listening. He met with stakeholders across the organization, studied existing processes, and worked to understand why decisions had been made.
As a public company, Lantheus already had many security controls and technologies in place. What was needed was an overarching strategy to tie them together. The early stages of the program focused on rationalizing tools, identifying gaps, simplifying overlapping technologies, and creating a roadmap aligned to business priorities. Rather than replacing everything, Rob focused on building a cohesive program that could support the company’s continued growth.
Communicating with Leadership
Building the program required more than technology decisions, it also required earning trust with executives and the Board. Fortunately, Rob gained valuable insight into the organization’s leadership style during the interview process, particularly through conversations with the CFO and General Counsel.
When presenting to the Board, Rob combines updates on Lantheus’ security program with discussions about broader industry developments. He wants executives to understand not only what is happening inside the company, but also how emerging threats and trends could impact the business.
“I find Board members are typically on multiple Boards,” he notes. “They hear a lot of things, and they read a lot of things, so I need to be prepared to answer a broad range of questions.” This approach has helped create productive conversations rooted in business context rather than technical details.
Growth and AI
Today, one of the company’s largest priorities is integrating acquisitions. Lantheus has completed multiple acquisitions since Rob joined, making integration a central focus for both the business and the security team. Alongside those efforts, the organization continues progressing toward a zero-trust architecture built around a select group of strategic platforms. For Rob, simplification matters.
He comments, “We’ve picked our platform vendors, and we’re just making sure that we’ve got as many tools as possible in that platform turned on, tuned, and running optimally.”
AI is another area receiving significant attention, though Rob believes the conversation is still evolving. Like many organizations, Lantheus uses AI tools to improve productivity. The bigger question, however, is how AI can create measurable value within security operations.
“I really want to figure out where we can effectively use AI to make a material difference in how we’re running our cyber organization,” he explains.
While many companies are racing to establish AI governance frameworks, Rob sees substantial overlap between AI governance and the security governance programs organizations have been building for years. “There are a lot of elements of AI governance that overlap very heavily in my mind with what we’ve done for years and years with cyber governance,” he says.
For now, his approach is practical. Lantheus has updated policies, provided employee training, and strengthened oversight through existing third-party risk management processes while continuing to evaluate future AI use cases.
Leading with Impact
Moving from a large global organization to a smaller, fast-growing company has changed the nature of Rob’s role. On any given day, he may move from technical architecture discussions to executive presentations within the span of an hour.
“The CISO role in a small organization spans a much broader range,” he comments. That breadth is one of the reasons he enjoys the environment.
Early in his career, Rob realized he was motivated by opportunities to solve problems and contribute across the business. Smaller organizations provide more opportunities to do exactly that. He notes, “I like environments where I have an impact and in a smaller environment you usually have more opportunities to make more of an impact.”
As Lantheus continues to grow, Rob remains focused on building a security program that enables the business while supporting a purpose that extends far beyond technology. For him, security is not just about protecting systems, it is about ensuring that patients, physicians, and healthcare providers can depend on the critical services that Lantheus delivers every day.
Subscribe
Stay up to date with cyber security trends and more