In the face of growing cyber threats, ChristianaCare CISO Anahi Santiago is taking a bold approach to cybersecurity awareness and resilience. At the heart of her efforts lies the Cybersecurity Ambassador Program—a forward-thinking initiative designed to transform the health system’s workforce into a first line of defense against cyberattacks. This program not only enhances individual skills but also establishes a culture of security that spans all roles and departments.
Scroll down to watch or listen to the full interview; or subscribe to healthsystemCIO on your favorite podcasting channel
A Visionary Approach to Workforce Training
The genesis of the Cybersecurity Ambassador Program was a Department of Labor grant that aimed to provide advanced training in areas like data analytics, cloud computing, software development, and cybersecurity. Santiago, in partnership with ChristianaCare’s iLEAD department, saw an opportunity to extend the reach of information security beyond the confines of IT. The result was a comprehensive 12-week program designed to prepare caregivers across the organization to earn two industry-standard certifications: Network+ and Security+.
“The course is designed to enable anyone who finishes it to sit for these certifications,” Santiago explained. These certifications not only validate participants’ technical expertise but also offer a gateway to deeper involvement in cybersecurity. The curriculum combines intensive coursework with practical, on-the-job training, allowing participants to apply what they’ve learned in real-world scenarios.
When the program launched, Santiago anticipated modest interest—perhaps 12 to 15 participants. Instead, the response was overwhelming. “About 150 people signed up, which was really exciting,” she said. While the rigorous demands led some to drop out, 96 participants are now on the verge of completing the program.
A Diverse Cohort with a Shared Mission
One of the most striking aspects of the Cybersecurity Ambassador Program is the diversity of its participants. Approximately 44 percent of the current cohort comes from IT backgrounds, though not necessarily from cybersecurity roles. The remaining 56 percent hail from non-IT disciplines, including clinical care, billing, and data analytics.
For the IT professionals involved, the program offers a pathway to transition into specialized cybersecurity roles. But Santiago is equally focused on the contributions of non-IT participants. “These individuals are now positioned to extend the fabric of our information security team into non-information security departments.”
Non-IT ambassadors are being encouraged to bring cybersecurity awareness into their daily workflows and to serve as champions within their teams. For example, a nurse who completes the program might collaborate with Santiago’s team to create cybersecurity training tailored to bedside care, addressing specific vulnerabilities like medical device security and patient data handling. This approach ensures that cybersecurity principles are integrated into the day-to-day practices of all departments, making the organization more resilient.
Bridging Gaps and Building Resilience
While the program’s immediate goal is to improve individual competency, its broader mission is to strengthen ChristianaCare’s organizational resilience. Santiago acknowledges that traditional IT downtime plans often fall short in addressing the complexities of modern cyberattacks, which can render systems inoperable for weeks. “Most people in the organization don’t understand the complexities of cybersecurity or the extended time it takes to recover from a massive cyberattack,” she noted. This gap in understanding can leave organizations vulnerable during critical incidents.
The Cybersecurity Ambassador Program directly addresses this challenge by fostering cross-departmental collaboration. Ambassadors are tasked with helping their teams prepare for potential outages, whether caused by ransomware or other cyber threats. Their work includes developing downtime procedures, improving awareness of cybersecurity risks, and ensuring compliance with best practices.
Santiago is particularly focused on operational resilience—a key component of ChristianaCare’s broader cybersecurity strategy. This involves partnering with clinical and business leaders to design processes that can sustain the organization during extended IT outages. “I cannot profess to understand what it takes to admit a patient into the emergency room or to schedule a surgery,” she admitted. “But I do recognize that those capabilities will be needed without technology, which is something a lot of us aren’t used to doing anymore.”
Looking Ahead
Implementing a program of this scale has not been without challenges. Santiago candidly described the significant effort required to support participants, both in terms of mentoring and creating opportunities for practical application. “It’s a lot of work—not only for the students but also for us who have to engage and mentor and build out these on-the-job capabilities,” she said.
Despite these challenges, Santiago believes the program’s benefits far outweigh its costs. Participants have not only gained valuable certifications but also developed a deeper understanding of their role in protecting the organization. This cultural shift is perhaps the program’s most enduring impact.
Looking ahead, Santiago envisions expanding the program to include more tailored training opportunities and deeper integration with ChristianaCare’s strategic priorities. She sees ambassadors playing a key role in ongoing initiatives like tabletop exercises and scenario planning, which simulate real-world cyber incidents. These exercises help refine the organization’s response strategies, ensuring that all stakeholders—from clinical leaders to IT professionals—are prepared to act decisively in a crisis.
“Building a culture of cybersecurity isn’t just about technology—it’s about people,” Santiago emphasized. “When caregivers become part of the solution, we create an organization that is not only more secure, but also more resilient.”
For more cybersecurity awareness content click here.
Podcast: Play in new window | Download (Duration: 27:42 — 19.0MB)
Subscribe: Apple Podcasts | Spotify | Android | Pandora | iHeartRadio | Podchaser | Podcast Index | Email | TuneIn | RSS
Share Your Thoughts
You must be logged in to post a comment.