For individuals working in healthcare IT — and specifically cybersecurity — the job market couldn’t be hotter. According to some estimates, there are as many as 500,000 positions open, many of which include remote-only options.
And while offering remote-only may be necessary to compete today, it may not be sustainable in the long run, particularly for health systems, according to Jacki Monson, Chief Technology Risk Officer, CISO, & Chief Privacy Officer at Sutter Health. “It’s going to be really challenging not to have some in-person interaction,” she said during a recent webinar. “It’s hard to get attached to the mission when you’re not in a hospital, not rounding, and not seeing how our work impacts patients.”
For CIOs and CISOs, it’s become increasingly important to recruit individuals who, in addition to having technical skills, are driven by a desire to contribute to the greater good. Fortunately, this seems to be a growing trend, according to Audrius Polikaitis, CIO and AVP of Health IT, University of Illinois Hospital and Health Sciences System. “People are seeking a different type of relationship with work. They want meaning in what they do,” he said. “Absolutely everything we do in healthcare has meaning.”
The challenge for healthcare organizations is to connect the dots by creating a stimulating environment that allows for flexibility while also promoting collaboration. Not an easy feat by any means, according to Polikaitis and Moson, who spoke with Drex Deford (Executive Healthcare Strategist at CrowdStrike) about how they’re approaching this issue.
Staying connected to the mission
Like many organizations, Sutter Health allowed employees to be fully remote during the height of the pandemic. Now, even as numbers have leveled, convincing them to return has been difficult, noted Monson, who is a big believer in the power of face-to-face communication.
“We have some folks on our team we’ve never met in person,” and therefore aren’t as tightly connected to the vision as those who’ve been with Sutter since before Covid. “We want to develop that rapport that you just can’t get remotely. You have to visit our hospitals and round with providers who are saving lives every day using the tools we put in.”
And although she believes it’s important to meet people where they are, Monson also feels that in-person interactions are vital in facilitating teamwork. “You don’t build the same relationships through Zoom as you do in person,” she noted. “Even a 10-minute conversation in person is more valuable than months of Zoom meetings.”
The other benefit of showing up, according to DeFord, are the spontaneous conversations that don’t tend to happen on video calls. Like, for instance, early morning chats with those working in environmental services. “They have a lot of insight on what’s happening in the organization.”
Similarly, strategic planning discussions are far more effective when held in person, noted Polikaitis. “I can’t imagine how that conversation would go on a Zoom call where you can’t read body language, and everyone is tripping over each other.” He believes that when people are able to see firsthand how solutions and processes are — and are not — working, they’re able to make better decisions.
It’s also good for morale, he noted, adding that UI Health has already reaped the benefits of having individuals on site for at least a few days each week. “It’s amazing; teams started coming together maybe once a month, then once every two weeks. And when they do, you see pure joy,” he said. “Even the most hardened IT folks miss spending time with people.”
Reintroducing in-person work
The big question, of course, is how organizations can reintroduce in-person work in the best possible way. Below are some of the suggestions offered by the panelists:
- Get social. For those who are fully remote, coming back to the office can feel daunting. One way to help ease the transition is by sponsoring social events, such as an escape room or a golf entertainment outing, as icebreakers. “We have to make up for the last two-plus years of not having that level of interaction,” said Monson. “The personal connection is important, and these events can help ease back into that.”
- Stick to two or three days. While some may want to jump back into five-day weeks, most prefer to wade back in slowly, according to Monson, who is focused less on how many days people report to the office, and more on making in-person days as beneficial as possible. At Sutter, leaders are asked to be present on Tuesdays and Thursdays for face-to-face meetings and chats, which she said provides a more “welcoming environment” for teams. “There’s a science to figuring out the right frequency, but once you find that sweet spot, it will work out.” For organizations that are large or spread out geographically, defining requirements at the local level can help ensure compliance, said Polikaitis.
- Managing the details. One of the biggest challenges in offering a hybrid environment is the logistics of holding a meeting, he noted. “How do you integrate those who aren’t there when the action is in the room? It’s the most complex part of this.”
- Rip off the band-aid. Although it’s critical to recognize the anxiety people feel about returning, “at some point we have to rip off the band-aid and say, ‘We’ll see you in the office,’” noted Monson. “You can only prepare them so much, and then you just have to do it. Some are going to like it, and some aren’t, but it has to be done.”
In some cases, it has proven very successful, according to DeFord. “I’ve heard stories where even the most grumpy, introverted people who think they hate the idea of coming back, find that they enjoy it.”
Where they struggle is with the uphill battle of data security, he said, citing a report which found that there were more zero days in 2020 than ever before. “A lot of cybersecurity pros feel like they’re up against this impossible grind and they’re wondering, how long can I stay in this role?’” They need to be ensured that “there’s a light at the end of the tunnel, and there are ways to work through this.”
One way is through “strategic outsourcing” of time and labor-consuming tasks that aren’t considered core competencies, said Polikaitis. Managed services firms can perform these functions more effectively “because they can scale operations across multiple organizations.”
Leaders, however, should be mindful of using the term “outsourcing,” which often creates fear within organizations, according to DeFord. “I don’t think of it as outsourcing as much as finding good partners to take things off your plate that are complicated and require special skills.” By offloading tasks like endpoint monitoring, the staff can better direct their talents and feel more engaged with the overall mission.
That, agreed Polikaitis, is the ultimate goal for all organizations, especially in these times. “It’s all about protecting patients. The organization needs to be protected; that’s what we’re doing.”
To view the archive of this webinar — Burnout, Retention, and the Great Resignation: Leading (and Keeping) Information Security Professionals (Sponsored by Crowdstrike) — please click here.