For Epic Cheers go-live support, please contact NYP IS at
nypres.service-now.com/nyp-portal
or 212-746-4357
Despite being relatively new to WCM, Christine Klucznik is already making big changes as the only woman in a cybersecurity risk analyst role in ITS. As part of ITS Security, Christine’s approach to protecting institutional data is not being a roadblock, but fostering innovation and collaboration in a way that is still compliant with WCM’s cybersecurity policies and standards.
I really have a multifaceted role. My day-to-day varies, but generally I help support our cyber security and compliance efforts using a risk-based approach. Anything that I do I try to translate back to risk. I tend to look for potential issues early and help address them before they escalate into a major security incident, like a data breach.
With that being said, I evaluate vendors across different systems and technologies. If Cardiology wants to work with a vendor for a new piece of technology that's going to help them manage patient data or support care workflows, they actually go through a formal process with the Privacy Office and myself. We will vet the vendor just to make sure that patient data is safeguarded and that our organization and workforce are not exposed to unnecessary risk. That's primarily the bread and butter of what I do.
However, I also review and update security policies on the ITS webpage. I review any apps or tools that may come through to make sure that they're safe and secure for use, and if they're not, then I try to recommend other options. I handle requests where there may be a system or server that doesn't meet our minimum security requirements, or that deviates from those requirements, so I try to find ways to make it secure but also make it so the department it belongs to can do their job.
Yeah, it's going on two years now. Before this, I worked for a corporation focused on security operations, so it was more of a hands-on, high-pressure role, like a never sleeping-type situation. At three in the morning, you get an alert and you’ve got to get up and respond to it.
I really wanted to change my mindset from reactive to proactive because I was always responding, responding, responding, and thought, “Wouldn't it be nice if I could just be proactive and develop policies, processes, and procedures that may actually prevent those things from happening?” That was kind of a mind shift for me, but I really enjoy it. My job does not feel like a job – I absolutely love it. I feel so supported. Everybody was so welcoming and so inclusive, especially with like the Women in IT group. There's been a strong advocacy for continued education and I actually went for a Data Security and Privacy Policy certification through eCornell as well, so I've had a lot of opportunities here that I feel like I may not have had elsewhere.
I started off like in more of a help desk situation. I did that for about five years and worked for a non-profit. It was a really interesting job… their mission was to assist the blind or visually impaired to achieve their highest levels of independence.
I decided that I wanted to specialize more in cybersecurity just because I found I was interested in learning about different types of computer threats and things of that nature, which led me to purse a bachelor’s degree in Cyber Operations at Utica University. I worked full-time as a help desk technician while completing online coursework on a ¾ time basis.
The level of collaboration that I do. I don't work with just our own team, but I also work with the Privacy Office, Compliance, Legal, Human Resources, and a bunch of different groups on a daily basis. There's even some that directly support patient care. Just the other day, I got on a call with a doctor who was trying to cure some rare disease and he was working with other institutions trying to get research out to figure out a cure. They think they may potentially have something, but they need secure technology to support and share that research with each other. After I got off that call, I was really amazed by the fact that, in some way, I feel like I'm playing a small part in moving this progress forward.
I'll get on a call, and doctors will be talking in all these scientific terms I don't get, but I understand the overarching goal and I want to help you get there. Oftentimes, IT security is seen as an obstacle, and my whole goal throughout my career here is ensuring that it does not feel like that. I really try as best as I can to reach out to our users and help them understand if something can't be done why it can't be done, and if we have alternatives. It's about balancing the technical requirements along with what the institution needs and finding a solution that works for everyone.
Right now, I'm working on a project with NYP which is really cool. Prior to this, I didn't have a good handle on how interwoven we are, so I'm working with them on trying to figure out how we can improve our vendor assessment process. Currently, most of that work is being outsourced, but we found that giving that personal touch, like having me reach out and try to figure out specifics on things like, “Maybe the vendor can't meet this requirement, but maybe we can put in this.” You know, just working with people and having that give-and-take process with them is what we're really aiming to achieve.
It's a gargantuan project, to be honest with you. It’s us, NYP, and Columbia is also getting on board, so I'm really learning about all these different institutions and seeing how they manage security risks. I can take back a lot of the information that I get from them, and it helps me like understand how we can potentially improve our own processes.
I hate sounding like a broken record, but it is really important to read an e-mail message before you click on any links or attachments that are within the e-mail. Look at who’s sending it. Look at when it’s been sent and ask, “Is this normally sent out during this time?” There's a bunch of different red flags that you could look for, and I think all too often we're in a busy mindset and think, “Oh, this looks fine!” and just click it.
That can literally wreak havoc on the entire organization all by just one click because it could lead to a ransomware attack or something similar. And not even just from a security perspective, but also from a reputational perspective. If patient data were to get exposed, that obviously harms us as an org, so keeping those things in mind really helps to understand the big picture of why IT security exists. We're not trying to be a blocker… we're trying to keep our data, and our people, and the organizations secure at the end of the day.
I have two dogs, Callie and Loki. They’re mini goldendoodles and they definitely keep me motivated. I’ll take five-minute breaks just to play with them or take them outside, to get that breath of fresh air.
Callie.
Loki.
Outside of work, I do enjoy like gardening, attending music festivals – that's a big one for me. Every year, I go to Vegas for this music festival called “When We Were Young.” I love it there.
Christine at AREA15 entertainment center in Las Vegas, Nevada.
I'm also an avid Disney fan. I've been to Disney World before and I do enjoy a bunch of the Disney movies, like anywhere from princesses to villains, to Marvel characters… that's actually how Loki got his name. He fits his name very well – he's very mischievous, but he's a good boy.
I haven't (yet). I want to go to California, that's also a dream of mine to get there.
My sister. She's an optometrist, she's a writer, a wife, a mother to triplets… she's got it all covered and somehow manages to do everything in a single day. I don't know how, but I really admire her and she's the best role model for me I think that I could have ever had. She's older than me (we're actually half-sisters), but I just remember as a teenager going through some tough times and she would write these beautifully handwritten notes and send me Chicken Noodle Soup for the Soul books and stuff like that. Her positive type of attitude has inspired me throughout my life.
Christine and her sister, Cheryl.
My mom strongly encouraged the value of education and financial independence. I would say she not-so-gently nudged me along the way. If it wasn't for her, I don't know where I'd be, so I really commend her there.
On a celebrity note, I really love Lady Gaga. I've been to four of her shows and love that she’s so courageous and willing to speak up about different issues, and be her true, authentic self. There's a quote that that she said that's stuck with me throughout my career: “Some women choose to follow men, and some women choose to follow their dreams. If you’re wondering which way to go, remember that your career will never wake up and tell you that it doesn’t love you anymore.” That's kind of my mindset just to focus on my career and the rest will fall into place.
