Tina Mitchell is the current CISO at Covered California, the state’s health insurance marketplace that provides free services to connect Californians with brand-name health insurance, and financial assistance to help pay for it under the Patient Protection and Affordable Care Act. The organization’s goal is to ensure residents can get access to quality, affordable health insurance.
Tina was excited to join the organization and help support this valuable mission. Now one year into her role, she has learned a lot about how the organization operates, and how she can best mature and grow the security program.
Prior to joining Covered California, Tina spent twenty-nine years working at American Specialty Health, an organization offering technology-enabled services for benefits management. Tina started with the organization as a systems administrator, worked her way up to Vice President of IT Operations, and spent the last few years of her tenure as SVP of Enterprise Security/Information Security Officer.
Today, Tina leads the security team at Covered California with a core focus on maintaining strong security controls. She organizes her team into two areas – an information security engineering team focused on technical security, and an information security compliance team focused on internal audit, identity, and compliance.
FOCUSING ON AI AND BEING PREPARED FOR THREATS
As a healthcare technology organization, Tina says AI is an important topic for Covered California. She explains, “AI is a hot topic, and the technology behind it is consistently evolving. Like many healthcare organizations we are actively looking at ways to leverage AI to improve our processes and how we serve our consumers, and our security team must stay ahead of the conversation.”
Another area of focus is around emerging threats and staying ahead of bad actors. Tina states that threat actors are always using new tactics and techniques, and that a strong security program should both respond to known threats and defend against the unknown. To her, always being a step ahead and prepared is of the utmost importance.
To maintain a state of preparedness, Tina says it is important for her team to keep up-to-date with the latest trends and developments in security. She comments, “We start our morning by reading the security news feeds. We are fortunate nowadays to have such great resources at our fingertips. The intelligence distributed by research firms and government agencies like CISA and the FBI are invaluable. Their advisories, reports, and bulletins are crucial for security professionals tasked with protecting networks and sensitive information from evolving cyber threats.”
INVESTING IN THE RIGHT TOOLS
To make sure Tina spends her budget wisely when investing in security technology, she looks at it from a holistic and strategic perspective. She explains, “I am a big proponent of not chasing the shiny new object and losing sight of what we’re trying to achieve. My approach is to explore what we already own. We look at our existing contracts and see what we have already invested in, and how we can better optimize and potentially use additional functionality. Less is more. More tools mean more maintenance and possibly more complexity to the environment. It is all about trying to keep the inventory of technologies to as few, yet as effective as possible.”
She also believes in reporting to senior leadership on the tools we have invested in and says, “I’m a believer being transparent and reporting on the status of security investments. Are the tools meeting the objective, have they helped us improve our security posture as expected? CISOs, like other business leaders, need to hold ourselves accountable for how we allocate our budgets.”
Although reporting on technology is imperative, Tina believes reporting on how security is helping progress the organization’s enterprise strategic goals is even more important. Senior executives have a vested interest in the security program, and by reporting on progress against the organization’s strategic plan, she can demonstrate the positive impact of security, and the initiatives being aligned with the business goals.
LEADERSHIP
Tina considers herself both a transformational and servant leader. She explains, “I would say that I’m a transformational leader and I’m here to inspire, motivate, and influence as we work to achieve objectives. But at the same time, I’m also a servant leader - I strive to understand what each individual needs from me to be successful.”
Tina is a lifelong learner and continues to grow as a leader. She obtained her Master of Science in Executive Leadership and continues to draw from the coursework to hone her leadership skills. She is also an avid reader on leadership.
When she needs help to overcome specific challenges, she connects with her security peers to understand their experiences. Seeking guidance from peers about their own experiences, use cases and understanding why they implemented specific technologies to solve problems has been helpful. Networking with local CISO groups allows Tina to meet with peers facing similar challenges and grow her community.
Subscribe
Stay up to date with cyber security trends and more