UnHacked Episode 36 : Breaking Down a Doctor’s Rant with Evgeniy Kharam
Main Topics:
Core Discussion: Response to a Doctor's Frustration
- The episode centered around a Reddit post from a frustrated doctor dealing with cybersecurity requirements
- The doctor expressed feeling overwhelmed with multiple responsibilities and viewing cybersecurity as another burden
- Key complaint: Too many vendors, unclear standards, and difficulty understanding the real business value
Key Insights on Communicating with Clients:
- Need to translate technical language into business outcomes
- Focus on explaining impact rather than technical details
- Understand that clients are already overwhelmed with their core business
- Important to show how security measures protect their ability to make money
Essential Security Requirements for Medical Practices:
- Basic endpoint security
- Regular updates and maintenance
- Physical security (securing computers in patient rooms)
- Asset management and inventory
- Password hygiene and management
- Employee education and training
Schedule Your Free Security Assessment
Industry Challenges Discussed:
- Lack of standardization in IT services and pricing
- Difficulty in communicating value to non-technical business owners
- Challenge of balancing security needs with business operations
- Need for ongoing maintenance versus one-time solutions
Solutions Proposed:
- Treat cybersecurity as a journey rather than a one-time fix
- Focus on incremental improvements
- Use frameworks (CIS, NIST, HIPAA, PCI) to create standardized approaches
- Emphasize prevention rather than cure
Special Segment on Public Speaking:
- Evgeniy shared techniques for managing public speaking anxiety
- Introduced "box breathing" technique (Navy SEALs method)
- Discussed converting fear into excitement
- Emphasized the importance of managing filler words and using strategic pauses
The episode concluded with each participant sharing their key takeaways, emphasizing the importance of education, communication, and understanding client needs. The host wrapped up with a simple framework focusing on three key areas: protecting people, data, and technology, combined with good policies and cybersecurity insurance
