Get ready, Generative AI is your CISO’s secret weapon

September 8, 2024
1 min read

TLDR:

  • Dave Heaney, CISO at Mass General Brigham, discusses how Generative AI can help his team learn and protect against cyberattacks.
  • He emphasizes the importance of getting the basics right and highlights best practices for securing data with and against AI.

In a recent interview, David Heaney, the Chief Information Security Officer at Mass General Brigham, shared insights on using Generative AI as a tool to enhance cybersecurity measures within his organization. He stressed the significance of laying a strong foundation by getting the basics right when it comes to securing data with and against AI. He highlighted the importance of understanding and supporting AI capabilities that drive positive changes in patient care and industry innovations.

Heaney discussed best practices for healthcare CISOs and CIOs, emphasizing the need for risk assessments, business associate agreements, and legal considerations when deploying AI-driven services. He also addressed specific AI considerations such as data use, model security, and adversarial testing. He emphasized the importance of ensuring continuous validation of AI models and implementing strict controls against unapproved applications.

When it comes to team readiness and training, Heaney underscored the value of curiosity among team members, citing it as a key skill in cybersecurity. He shared how his team dedicates time for learning and explores various training services to stay updated with the evolving technology landscape. He also highlighted the use of generative AI for learning purposes, leveraging prompts to create outlines and accelerate manual tasks.

Regarding types of AI used to combat cyberattacks, Heaney mentioned leveraging platform capabilities from technology vendors, with a focus on AI-driven tools for endpoint protection and access governance. He explained how AI algorithms help identify potential threats and analyze broader trends across the organization. Additionally, he discussed the benefits of using generative AI to automate manual tasks, improve efficiency, and enhance query creation for junior and senior analysts.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and