HCISPP Spotlight: Shawn O’Reilly

[ This article was originally published here ]

Shawn O'Reilly HeadshotName: Shawn O’Reilly
Title: Information Security Officer
Employer: SUNY Upstate Medical University
Location: Syracuse, New York
Education: Master’s in Information Management, Syracuse University
Years in IT: 25
Years in cybersecurity and/or privacy: 20
Cybersecurity certifications: CISSP, CCSP, HCISPP, CISM, CISA


How did you decide upon a career in healthcare security and privacy?

The opportunity to move into a healthcare security and privacy career presented itself about 15 years ago when I was searching for a new job. I was previously employed by a Big 4 accounting firm, where I got my start as a cybersecurity consultant. I was looking to move to another company where I could take my skills and knowledge learned as a consultant and make a significant impact at one organization in the cybersecurity arena.


Why did you decide to pursue your HCISPP?

I value knowledge and education, and believe it is important that your skills do not get stale over time.  For this reason, I chose to pursue the HCISPP certification and not get complacent in my current position. After looking at the requirements and materials on why one should become a HCISPP, I believed I would be doing a disservice to my position if I did not get certified.


What is your main role in your organization?

My position involves many aspects of cybersecurity, from policies and procedures, risk assessments, regulatory compliance, user account management/provisioning, security/privacy investigations and technical matters related to vulnerability scanning, penetration testing and phishing education. My days are never the same, and I come into my job each day with a plan of attack which immediately changes as a result of the hot topics of the day.


Tell us about a project that you were particularly proud of –

About 10 years ago, our organization did not have a strong process to track user accounts for new hires, transfers and terminations. I worked with our internal database administrators (DBAs) to develop a security tracking system, that tracks user accounts by systems. This new tracking system proved beneficial in generating reports for terminated or transferred employees for security administrators to disable or modify accounts; the Help Desk to address questions from users about access to specific systems; and a means to report metrics on the number of user accounts by system. This system has proven itself time and time again since its inception, as it is the primary way our organization tracks user accounts for all employees. All system security administrators use this system as their first check for investigating user access issues. The system is also being used to drive all of our identity management (IDM) initiatives to improve the user provisioning process at our organization.


What impact has the HCISPP had on your career?

Personally, the impact the HCISPP has had on my career has been amazingly instrumental in my development as an Information Security Officer. I am more confident in my position and strongly believe the details covered within the certification have allowed me to understand the security and privacy practices and methods that can be applied to my organization. My knowledge of the combination of cybersecurity skills with privacy has provided a solid foundation to build upon my prior experience and education to further enhance our cybersecurity and privacy practices.


What advice would you give to those aspiring to get their HCISPP?

My advice to anyone aspiring to get the HCISPP is this: Your decision to get certified should not be a result of an employer or regulatory requirement. You should get certified to further enhance your personal goals to strengthen your knowledge and skills in cybersecurity and privacy. Certifications, like the HCISPP, are great to attain, but if you don’t seek to attain the certification for you own personal reasons, the benefit you get from it will be lost. Seek it, use it, and apply it to your position, and you will reap many benefits from the knowledge and skills you attain.


For more information about the (ISC)² Healthcare Information Security and Privacy Practitioner certification, download the Ultimate Guide to the HCISPP.