Like some of the employees in the information security department at Oklahoma City-based INTEGRIS Health, Michael Wood was recruited from out of state. He began his IT career working in the loading dock at a Texas healthcare organization. Rather than wait for IT, he often fixed local computer issues; soon, a manager invited him to transfer to the IT department. When that same manager moved to INTEGRIS, he recruited Wood to join the health system’s security group.
Although his path to IT is not a common one, his journey from out of state is. Wood, now assistant vice president and information security officer at INTEGRIS, is trying to change that.
To recruit new talent, Wood is working with the Oklahoma Center for the Advancement of Science and Technology (OCAST), a state agency that helps companies advance and retain science, technology, engineering, and mathematics talent in Oklahoma. The agency provides funding and connects students with local positions, where they get hands-on experience solving complex problems.
In recent years, INTEGRIS has transitioned to a largely virtualized server and desktop environment. With virtualized systems, a single piece of hardware can run hundreds of desktop instances, allowing employees to connect to their desktops from multiple workstations, such as a laptop or tablet. “We all have our own instances of a desktop running in the data center and we connect to that instance,” Wood says. “I can connect to it from anywhere because it’s not something that’s sitting at my desk.”
Virtualization gives the IT group centralized control, allowing them to apply the same policies to every desktop. As a security measure, the system auto-builds a new desktop after a user logs off or a computer has been idle for many hours. This protects sensitive information from security breaches.
Initiatives such as this give the healthcare system a recruiting advantage as well as a technological one. “It is appealing to people to come to an environment where they know that there’s going to be a significant piece of technology to manage,” Wood says.
A partnership with OCAST would allow the information security group to secure funding for future technical projects, but perhaps more importantly, it would keep brainpower in the state of Oklahoma. “We’re constantly pulling from an ever-shrinking pool,” Wood says. “If we’re helping to keep it replenished, then when we do need new talent, we can go there.”
Having a small community has its benefits as well as its drawbacks. Wood and his team regularly attend information security and technology conferences in Oklahoma, such as the Information Warfare Summit, a decade-old conference that draws hundreds of attendees each year. These networking opportunities help establish the security group’s place in the local ecosystem. “It’s such a small community that we can create those relationships,” he says. “That’s one of the advantages of it being smaller.”
INTEGRIS largely competes for talent with oil and natural gas companies, which often have high salary budgets and robust benefits programs. To maximize retention, Wood strives to create tailor-made development programs for employees. New hires see these development opportunities as a benefit, and it allows INTEGRIS to compete with higher-paying companies in the energy space. “They’re willing to overlook the fact that you don’t have as robust a bonus program or that you don’t pay at the top of the market in Oklahoma City because they know that they’re going to be able to develop themselves,” he says.
Wood and his managers work with individual employees to identify the learning opportunities that will be most beneficial to them, whether that be attending a conference or completing a degree. “There are different specialties within the security group, so we don’t offer them a specific training,” he says. “We tell them that the funding is going to be there for them to train and that we’ll work with them to identify the things that they’re interested in learning.”
This funding demonstrates the organization’s support for the security group—another selling point for new recruits. Although the organization has long supported the security group, Wood has worked to strengthen ties between business and information security leaders. Among Wood’s biggest challenges is translating what the security group does to business leaders who don’t understand the technical jargon. “You have to get it down to a common language where everybody can understand what you’re talking about,” he says. “Otherwise, they’re just going to turn off.”
To make risks clear to board members and senior leaders, Wood translates the security program into business terms. “They’re used to seeing risk from a red, yellow, green perspective,” he says. “If we can translate those things into monetary terms, that’s something that resonates with them.”
The security group has partnered with the business to create an information security advisory committee made up of executive leaders and physicians that helps to govern the information security program. This counsel gives business leaders a personal stake in the security group as well as a financial responsibility. “They’re more engaged,” Wood says. “When I meet with them, the different members are asking, ‘What can we do for you?’”
The last recruiting tool that Wood uses is INTEGRIS’s mission itself. “INTEGRIS is a pretty well-recognized brand in Oklahoma,” Wood says. “People like what INTEGRIS is here to do, and they want to be a part of it—to improve the health of the people and communities we serve.”