Episode #122. Unlock Cybersecurity Success With Clear Communication Strategies, with Ashley Gelisse, Business Information Security Officer for Michigan Medicine
Effective communication is crucial for bridging the gap between cybersecurity and business operations, especially in healthcare.
In this episode, Ashley Gelisse discusses the challenges of communicating cybersecurity risks to business leaders in healthcare organizations. Ashley highlights the importance of tailoring language and messaging to resonate with the audience, whether technical practitioners or executive leaders. She also emphasizes the significance of creating "tentacles" throughout the organization to foster better communication and collaboration.. Finally, Ashley advises young IT professionals to start small, build incrementally, and continuously refine their approach based on feedback and results.
Tune in and learn how organizational change management fosters collaboration to secure patient data across multiple hospital systems!
For more information and ways to increase risk awareness and safety, visit us at www.censinet.com.
About Ashley Gelisse:
Ashley Gelisse is a seasoned leader in business information security, currently serving as the Business Information Security Officer (BISO) at Michigan Medicine. With over a decade of experience in information security, risk management, and government operations, she has played a pivotal role in strengthening cybersecurity frameworks across large organizations. Prior to her current role, Ashley served as Director of the Office of the CISO at Michigan Medicine, where she led strategic security initiatives, policy compliance, and enterprise continuity efforts.
Her career spans leadership positions in the Michigan Department of Technology, Management & Budget and the Michigan Department of Treasury, where she managed high-impact projects, including IT governance restructuring and operational excellence programs. A trusted strategic advisor, Ashley has a proven track record of fostering collaboration, driving innovation, and implementing initiatives that enhance security resilience. She holds a Bachelor of Arts in Political Science from the University of Michigan and is a Michigan Political Leadership Program Fellow at Michigan State University.
Things You’ll Learn:
- Language is the biggest barrier to communicating risk. Cybersecurity practitioners must learn to translate technical jargon into terms that business leaders can understand and act upon.
- Security controls must balance risk mitigation with enabling the business. Implement controls carefully, considering the impact on workflows, clinical operations, and patient care.
- A partially decentralized IT environment requires creating "tentacles" throughout the organization. This ensures that security messages reach the right people at the right time, fostering collaboration.
- Organizational change management can significantly improve security communication. Mapping out personas and governance groups helps tailor messaging and reduces confusion.
- Don’t strive for perfection from the start; just begin. Start small, learn from your experiences, and continuously improve your approach.