Download the "RNS_Yaron Levi audio file directly.
RNS_Yaron Levi: this mp3 audio file was automatically transcribed by Sonix with the best speech-to-text algorithms. This transcript may contain errors.
Ed Gaudet:
Welcome to Risk Never Sleeps, where we meet and get to know the people delivering patient care and protecting patient safety. I'm your host, Ed Gaudet.
Ed Gaudet:
Welcome to the Risk Never Sleeps Podcast, in which we discuss the people that are protecting patient care. I'm Ed Gaudet, the host of our program, and today, I'm pleased to be joined by Yaron Levi, the CISO, Chief Information Security Officer of Dolby Laboratories, right?
Yaron Levi:
Yeah.
Ed Gaudet:
So a little different than healthcare, but you do have some background in the payer space. I believe you were at Blue Cross Blue Shield.
Yaron Levi:
I did spend eight years, yeah, in healthcare. That's, I consider that one of my tour of duties because I spent with us, about three years with Cerner, which is a healthcare IT.
Ed Gaudet:
Yeah.
Yaron Levi:
And then Blue Cross Blue Shield for five years, yeah. Spent a lot of time in healthcare; it's interesting.
Ed Gaudet:
You have a unique background because you've done a couple of different industries, and how you got here is also interesting, so I think our listeners will be really intrigued about literally how you got to become a CISO. I think you were a sales engineer at one point, right, in your career.
Yaron Levi:
Yeah, so I don't know how far you want to go back, but I'm originally from Israel, and I served in the military in Israel. It's a mandatory service. I was an intelligence officer, and when I left the, when I left the service, I started my own company and did that for about six years, and then thought that back in '98 that I invented e-learning. And everybody said, Oh, nobody's ever going to learn through the Internet, and now this is a stupid idea. And just what I tried and failed, and that changed my course. Okay, I need to do something a bit different. And I got an opportunity actually in the telecom space, and I started working for a company still in Israel, and they, six months in, they said, Do you want to move to the US? Because we have a project for two years that we need your help with over there. And I said, Yeah, sure, for two years. And we just had a new baby at that time, and my wife said, Yeah, I can work from there, and we can just live on your salary, and you can work from there, and we can stay with the baby, and 20 years later, here we are. But yeah, spent quite of time in telecom, and then I switched to another company that was here, I'm in Kansas City, that was actually in the automotive space, and provide some technology services for automotive. And I think throughout my career, I was both on the kind of one leg on the business side and the other leg in the technology side. So I was a sales engineer, I was a project manager, I was an account manager, I did a bunch of different things, and somehow or another, I stumbled on security throughout the different things I was doing, and not only I found it really interesting, but also it reminded me a lot of the things I did during my military service. And it was almost like a calling because being in security is part of something bigger than just yourself, and you get an opportunity to support, and all of the companies and people, and that's what I enjoy about it, so that's how I started with that. And I really had an opportunity to work with like really great people and people who believed in me, and that's the other thing great thing about security. It is an awesome community, and you're always going to find somebody who is willing to help, and teach, and advice, so that's how I learned. And yeah, from there, from that company that was in the automotive space, I moved to eBay, I spent a couple of years there, and then into it, and then Cerner and then Blue Cross, and now Dolby. So I switched in different industries, and I find it fascinating just to get that experience from different places, yeah.
Ed Gaudet:
Well, I have a very similar background. I think that perspective too, gives you, in some ways, an advantage over other folks that stay in that one particular industry. They may rise through the ranks, but they miss that perspective that you can get from other industries. How has that helped you out in your career?
Yaron Levi:
Yeah, I think you're right. I think what I'm finding is that there's actually more common than none in the industries, right? So I understand that a lot of companies, they just want to have a proven commodity from the same industry who understands, and everything, and that's fine, and that's fair. But I think a lot of those skills or a lot of those, that knowledge is learnable, teachable, so it's I don't find it as a barrier. I think the difference is what skills do you have that make you who you are, right? Are you able to build relationships? Are you able to educate others, to mentor others, to communicate properly, and things like that, build that trust, and if you can do that, then you can work in any industry.
Ed Gaudet:
Why do you think it's difficult for cybersecurity professionals, in particular, to communicate with business?
Yaron Levi:
Well, a lot of us are, first and foremost, are nerds, and so that's maybe like the first thing, right? And a lot of us are very strategic thinkers, and many people are more introverted, if you will. A lot of us, and I know I'm a little exaggerated, exaggerating, and generalizing, but we're not known for our shyness, and we sometimes look for ... the things are on the edge and not like the mainstream. And sometimes, in the corporate, it doesn't fly very well, right? So I think that's one thing, ... a lot of us very specialized in different things. But I would say one of the things that form of cybersecurity folks, they care, and I don't know any professional that doesn't care. They have their heart in the right place. And if you're highly specialized and really go down on the professional lane, sometimes to make the switch to the business side, and it's not that easy, especially if you're like not a subject matter expert anymore. Now you have to feel much more comfortable with chaos and knowing that you can't control everything and some things are going to fall to the floor, and is nothing what you can do about it. It's a challenge, it's a skill, and I think what will happen is that as you rise through the ranks and the more you move towards the business side, you need to rely more on your EQ than IQ necessarily, and that's a shift ...
Ed Gaudet:
Yeah, yeah, no, that's so true. Especially, I think, when you're communicating risks at a business level, because ultimately it becomes a business decision, right, as to take the risk or not take the risk, obviously. What keeps you up at night?
Yaron Levi:
Well, I think it's like everybody else, I think we definitely have a heightened sensitivity to risks and seeing things that many others are not aware to or don't fully grasp and understand, but then we feel that burden of responsibility, and again, talking about that mission. ..., that's keep us up at night. We're always outnumbered, we're always understaffed, under-budgeted, always like all of us, and it's hard to keep up, it's hard to keep up with what's going on. Obviously, we're doing the best we can. I think we've definitely came a long way; we're continuing to improve as an industry, as a community, not just as a company. And I think the great thing that is happening is that we started years ago, but now I think you see it more and more to collaborate more and support each other, whether it's between companies and government and others and other things. Yeah, we came a long way; bad guys also came a long way, so we kind to have to keep up. What we've been doing is pretty new, 20, 30 years, probably not more than that, so we're still learning. I think a lot of what I'm seeing that it's troubling is how sometimes, maybe regulations, governments, law, they don't always kind of keep up, and sometimes what we're seeing coming out is not optimal or traveling.
Ed Gaudet:
You see it right now with AI, with artificial intelligence. You see that technology, even in the last four months, five months, has come so far, and regulation is still like trying to understand; is it three letters or two letters?
Yaron Levi:
What's right, yeah, yeah.
Ed Gaudet:
What's this thing we're dealing with?
Yaron Levi:
Yeah, now, I think it's fascinating if you think about how fast we adopt technologies. It's funny, but there's an interesting website, I was just talking to a friend about this, there's an interesting website out there, it is called Our World in Data, and they have a bunch of information that, about different things. As an example, for a flushing toilet, it took 60 years in the US to get 20% market adoption between 1860 and 1920, 60 years. ChatGPT, to get to 100 million users, it took them less than a month. So think about how fast things are changing these days, and how do we keep up, and how do we adapt to all of that.
Ed Gaudet:
Yeah, like Threads, they turn Threads on, and how many days did it take for them to get to 70 or 80 million users? It's absolutely incredible. And where do you see the space go? What do you see AI taking us over the next couple of years?
Yaron Levi:
It's a great technology, great force multiplier, definitely, it's one of those things that I don't think that we can put this genie back in the bottle. It has great promises and great opportunities, but also have a lot of threats. So it definitely, I think it's a force, I feel it's more of a force multiplier for a lot of things. You can do things faster and in a larger scale and whatever, like everything else, whether we're going to use it for good or bad, it's up to us, right? It's like nuclear technology. You can do good things with it and power a lot of power and relatively clean power and so on, and you can kill a lot of people with it. Whatever we decide to do, it's up to us. Yeah, it's the same thing, I think, in many ways.
Ed Gaudet:
What are some of the things you're doing at Dolby that you wish your peers would know about or maybe peers within other industries could learn from?
Yaron Levi:
Yeah, I don't think it's something that is specific for Dolby, I think it's more of a, again, as an industry, like the collaboration, really focusing on aligning with the business, where the business goals are, how do we support the business, how do we enable the business to go there? And also realizing that, like you mentioned, at the end of the day, it's a business decision. So our goal is to educate, to support, to advise the business on the risk, help when it comes to defense and things like that, regulations, compliance, but end of the day, it's a business decision. So I think with most industries, that's how we need to think about it, how do we align more with the business and how do we more support the business, how do we become part of the business? Because I think oftentimes I see this us versus them mentality, which again we are them. I think that's where we need to align more.
Ed Gaudet:
At the board level.
Yaron Levi:
Yeah, I think there's more education that needs to happen. Again, it's relatively new. We have now conversations about the SCC and potentially new regulations around cyber, right? Which I think it was postponed to October now at least, but it's one of those things that if we think back, we did not need to have somebody with financial expertise on the board until about 2004 timeframe, it was like the Sarbanes-Oxley Act.
Ed Gaudet:
That's right, Sarbanes, yeah.
Yaron Levi:
So it's only, what, 19 years? So now, it's ridiculous. What do you mean? Like we never had somebody with financial background on the board before that? Well, we didn't have to. Again, security is relatively new. Now, whether we need somebody with cyber expertise on the board or not, I don't know, that's still debatable, but it's definitely something that we need to educate, it's something that the board need to understand better, and I think, yes, it will benefit to have people with that expertise on the board and then helping and supporting. But yeah, we still have ways to go, again, it's still relatively new.
Ed Gaudet:
Yeah, I'd like to see change over the next couple of years in this area. I think it's a big issue. We have audit committees, you have comp committees, you have finance committees. Why don't you have a cyber security committee with actual expertise on the board that can help really drive that?
Yaron Levi:
And I think a conversation needs to happen, right? Is it right to have a cyber community on the board? Why don't you have a legal committee? Why don't you have a marketing committee? Why don't you have a sales committee? It's not all the same, and I think we still need to figure out what's the right construct to put there. But I do think that the expertise needs to be there in some form or fashion.
Ed Gaudet:
Yeah, I think most companies have it in audit, or it's buried in audit. Again, it's good that at least it's somewhere, but I just think, feel like it gets diluted in that area because there's so much to do and audit.
Yaron Levi:
Yeah, I think as a major, especially in this day and age, when we think about digital economy, and everything is digital, it's a major risk that we need to think about, and maybe it warrants its own committee, maybe not just cyber, but maybe more like cyber in some technology or whatever, but it's just, but it's not just technology. So we, I don't know that we know exactly what the right construct is, but I think definitely we need to get better at where we are today, yeah.
Ed Gaudet:
Agree, agree. The couple last couple of years have been difficult for a lot of people, the pandemic. What are you most proud of personally and professionally?
Yaron Levi:
Oh, that's a great question. So for me, the pandemic has had two things. One actually, took the role in Dolby during the pandemic, actually started in September of '20, and I started to work in January of '21. And I work from home now, and when they interviewed me, they said, even if we are here in San Francisco, you cannot come to the office at least until June of '21, and that was September of '20. The first time I saw somebody face to face was October. So everything was this, right? And how do you build relationships? How do you build trust? How do you build friendships? How do you integrate? And I'm happy to say that it worked very well. We have to be very intentional, you have to do a lot of different things, but I think the culture of the company is such that it enabled that, and people are really wonderful people that I mean to work with. So it was exciting because when I met some of the people, like the first time for ten months, people I already considered friends and that I had a connection with, but I never saw them.
Ed Gaudet:
Isn't that strange? I remember the first time I met someone physically after spending a lot of time with them on Zoom, and it was a real, it was ... a cognitive dissonance. Oh, I expected you to be taller or shorter or whatever.
Yaron Levi:
But I think putting together the program, helping building the team, connecting with the team, connecting, trusting the broader team in the company and stuff like that, and continue to operate, continue to enable the business, continue to provide that support to the business, despite all the challenges that we had, I think I'm proud of the team of how they were able to accomplish that. So yeah, that's good.
Ed Gaudet:
Outside of security, what would you be doing? What are you most passionate about?
Yaron Levi:
A lot of things, I think, but I don't get to do them too much.
Ed Gaudet:
It's always the case.
Yaron Levi:
Yeah, I think one of my resolutions for this year, which I'm glad I started, I wanted to do it for a very long time, I started to learn how to play piano, and yeah. So it's a completely out from everything else that I do, because I do a lot of things in the community and in security and people and my friends and everything, but that's different. Yeah, I practice daily and I have a teacher and I practice with her once a week. And yeah, it's hard, it's not easy to start playing piano when you are not five years old.
Ed Gaudet:
I tried guitar and it didn't end well.
Yaron Levi:
But I enjoy it so far, so yeah.
Ed Gaudet:
What's your musical inspiration? Is there a particular genre of music that you like?
Yaron Levi:
Um, I think I like everything. I listen to a lot of things. I can listen to classical and I can listen to heavy metal, so I like everything. Some of the music my kids listen to I'm not too crazy about, but yeah, I listen to a lot of things.
Ed Gaudet:
What's your go-to playlist? What are your bands that you go to like often?
Yaron Levi:
Oh, definitely '80s and 80 Rock. I would say '70s and '80s. ... so Queen and Guns N Roses and, not as much, but I would say definitely Stairway to Heaven.
Ed Gaudet:
Oh yeah, Led Zeppelin, yeah.
Yaron Levi:
Led Zeppelin, yeah, my kids always make fun of me when I play ... Dad, again?
Ed Gaudet:
I'm a huge Cure fan. Do you like The Cure or the Smiths or any of those?
Yaron Levi:
Yeah, absolutely. Yeah, almost anything '80s, I can.
Ed Gaudet:
I'm the same way.
Yaron Levi:
I can listen to, yeah.
Ed Gaudet:
So how about jazz?
Yaron Levi:
Jazz, yeah, jazz, country. Even though I wasn't born here. I like country music.
Ed Gaudet:
A band called The Band?
Yaron Levi:
No, I actually don't hear those. Where are they from?
Ed Gaudet:
It's an Americana. It's, combines, it's actually a Canadian band, believe it or not, but it combines a lot of musical elements that are part of America, but they've got, yeah, they've got incredible piano and organ sound and they were the backing band for Bob Dylan.
Yaron Levi:
Oh, wow.
Ed Gaudet:
And then they came out on their own, and they have their, yeah, once you hear the songs, you'll know who they are. People just don't know the name, but check them out because you'll, if you like the type of music, you might like them.
Yaron Levi:
Yeah, I also, I went to last weekend, I went to the Taylor Swift concert with my daughter.
Ed Gaudet:
Oh, there you go.
Yaron Levi:
It was great, yeah. Like I said, I span all decades here.
Ed Gaudet:
I'm a deadhead, so I just got, I did five shows in the last couple of weeks.
Yaron Levi:
Nice, very good.
Ed Gaudet:
Love music. What would you tell your 20-year-old self if you go back in time?
Yaron Levi:
Oh, wow, that's a great question. I would say trust your gut and tune out the noise. I think I, in my younger years, probably listened to too much and was more concerned about what other people think and what other people say. Maybe it comes with age, I don't know, and some people told me not to do some things and I listened to them not doing those things, and now I regret not doing those things and whatever. But I would say trust your gut, tune out the noise, not completely, close your ears, but tune out the noise. Things are going to be okay.
Ed Gaudet:
Yeah, yeah, I love that.
Yaron Levi:
That's great, yeah.
Ed Gaudet:
It's a very, very common response to the question, which I love, and it's surprising because I would have thought people would have said, buy Microsoft or invest in Apple.
Yaron Levi:
Yeah, maybe.
Ed Gaudet:
Yeah, maybe that's, because I'd be remiss if I didn't ask this question, this is the Risk Never Sleeps Podcast, what is the riskiest thing you've ever done?
Yaron Levi:
Oh, wow. I've done a lot of risky things. Maybe I would go with stupid risk. Is that okay?
Ed Gaudet:
You do whatever you want.
Yaron Levi:
Yeah, okay. ... risky things between starting a company, closing company, failing with a company, succeeding, whatever, moving to another country, it's risky, but, yeah, I would go with a stupid risk. I think I was 15 and a friend of mine and me, we really wanted to drive, and in Israel, you cannot drive until you are 17 and a half. We found like an abandoned car somewhere, that was just, I don't know how many years it didn't drive, and we decided to restore it and drive it at 15, and mind you, that's no internet back then. We found books and different things in libraries.
Ed Gaudet:
How did you restore it? When, so your parents didn't know you were restoring the car? Or did you like, keep it?
Yaron Levi:
We, so my friend's dad had a workshop in, that was kind of a little town they lived in, and so it was in the workshop. His friends, his dad knew my parents, they knew, they didn't really care much about that. But we were working in that workshop of his dad and we pretty much stripped the car from everything, we just left the chassis, the engine, the steering wheel, the gear, and everything else. But then the next thing was to, and we couldn't find a lot of parts, some we could, but the next thing was to make the engine run. So we found books and we were able to fix the engine. So that was good, but we had two problems: we didn't have a battery and we did not have a fuel tank. The fuel tank didn't work, it was just like.
Ed Gaudet:
Those are two big problems.
Yaron Levi:
Yeah, we found some, I don't know, some old battery from like a truck. It was like huge, and so we just mounted it in the front somehow, great.
Ed Gaudet:
Nothing bad's going to happen when you do that.
Yaron Levi:
That's a stupid risk, right? And then for the fuel, what we did, it was a carburetor, right? So we're not doing, like, fuel injection because old cars. So we didn't have, we didn't also have an air filter. So what we did, the diameter of the carburetor was pretty much the same as a ... can. So we took a plastic ... can and we stuffed some sponge inside, it was our filter and we just put it on the carburetor and we just taped that.
Ed Gaudet:
That's great.
Yaron Levi:
And then for the fuel, what we did, we ran like the gas line that goes through the carburetor, but because we didn't have a tank, we took this plastic can. So my friend was driving, I was sitting next to him holding the plastic can with gasoline inside, and the pipe just goes in there, and we just drove as long as that until it ran out. Like, it was like, it's really stupid, but we took the risk. I guess we had a lot of fun.
Ed Gaudet:
How far did you go? That sounds great.
Yaron Levi:
We did that for months. We were driving like in the fields, and not on the roads, but like in the fields.
Ed Gaudet:
That's so great. It's almost like a go-kart. We did it with go-karts, but you did it with a real car.
Yaron Levi:
Yeah, we didn't have any money or whatever, we take the fuel bucks or whatever.
Ed Gaudet:
How long did it take you from when you found the car to actually getting in operation?
Yaron Levi:
I think we've done it for probably a year and a half between everything and yeah, until we were stopped by police, some police officer who stopped us something, and they came and it was funny because, like, he didn't know if to laugh or to be mad at us because when he saw what we did.
Ed Gaudet:
You're sitting there holding the gas.
Yaron Levi:
And he's like, Go home, I don't want to see you ever again. And we stopped after that. 15-year-old, okay, yeah, the police was...
Ed Gaudet:
Probably not a good idea to continue at that point. They know who you are, they got you. Very good. Thank you very much. Any other last comments to the listeners on the program?
Yaron Levi:
Yeah, first of all, thank you for having me. This is fun. Cybersecurity, as you mentioned, right, it's we're, dealing with risk is our business.
Ed Gaudet:
That's right.
Yaron Levi:
And the more we can partner with the business, the more we can become the trusted advisor for the business on risk, and it's not the only risk, and we need to understand it's not the only risk for the business, but that's the mission, and that's the mission to help. And when we deal with, you mentioned healthcare at the beginning and my tour of duty in healthcare, we're dealing with people's lives and it's important. So it's not just about compliance, it's not just about regulations. These are important, too, but also at the end of the day, we also have to remember that there's a person on the other side, and that person, their life can be impacted, their financial, their health, whatever. So that's the mission. It's a hard mission. I'm glad there are a lot of smart and good people in this community who are operating for that mission and just keep going, somebody has to do it.
Ed Gaudet:
Thank you very much. That's a great way to end the program, Yaron. Thank you very much for your time. And to our listeners, thank you. This is Ed Gaudet from the Risk Never Sleeps Podcast. If you're on the front lines protecting patient safety, remember to stay vigilant because risk never sleeps.
Ed Gaudet:
Thanks for listening to Risk Never Sleeps. For the show notes, resources, and more information on how to transform the protection of patient safety, visit us at Censinet.com. That's C E N S I N E T.com. I'm your host, Ed Gaudet, and until next time, stay vigilant because Risk Never Sleeps.
Sonix has many features that you'd love including advanced search, secure transcription and file storage, automatic transcription software, world-class support, and easily transcribe your Zoom meetings. Try Sonix for free today.
