Select Page

CIO QUARTERLY REPORT - June 2024

  1. Archives
  2. June 2024

Meet Our New Chief Information Security Officer

John Mowery joined Houston Methodist in April as our new vice president and chief security officer. He brings over 30 years of IT and cybersecurity experience to the role.

Having worked in multiple industries, including technology, finance, health care, energy and government sectors, John has watched the digital landscape evolve first-hand as well as the increasing threats to the data, infrastructure, and people in it.

John is also a U.S. Army Combat Veteran, where he learned invaluable lessons that have come in handy as a cybersecurity leader.

Here, John shares his background, insights into how HM is keeping our systems safe from threats, and what employees can do to be our “human firewalls.”

What will be your top priorities in your role as HM’s CISO?

My first priority is to evaluate what infrastructure and policies we have in place at HM to protect and defend us. How we contain and respond to threats is also important. It can mean the difference between an impact to a few systems or a widespread outage.

Secondly, I’ve been learning about our cyber culture and looking at where we are today and where there are opportunities to strengthen it. This includes how we can improve everyone’s understanding of cyber threats, and how we can build out and strengthen our employees in the role of adding another layer of protection – essentially what I call a human firewall. Our IT team can do everything we can on the back end to protect and defend HM, but it’s critical for employees to understand that their behaviors and missteps can lead to significant consequences. The more you know, the safer we can all make our systems and data.

What misconceptions do people have about cyber risk, and what can employees do to manage and mitigate these risks personally and professionally?

On a personal level, many of us experience a threat every day in some form. This could be getting a phishing email or receiving a strange text from a number we don’t recognize. When you look at the trends of how cybercriminals access your information, simple safeguards can be helpful. Using multifactor authentication on your devices and changing your passwords routinely will increase the likelihood that a hacker will skip over you.

When you’re at work, remember that mitigating cybersecurity risk involves everyone. The biggest way employees can be a human firewall for HM is to slow down and think. We work in a challenging, fast-paced environment. But take a few extra seconds to look at emails and text messages and stop. Ask yourself, “Would this person really send this to me?” Some people don’t take that pause, and that can make us vulnerable. Another tip is to not circumvent our security rules.

How would you foster a systemwide culture of security at HM?

Our modern, connected world provides enormous benefits, but also enormous risks. Today, people are more informed and “tech savvy” than ever, yet most still don’t understand the risks that exist. I see it as our mission to help inform everyone about these risks and how they can help. Most people want to help, and they want to protect themselves, their family, and HM.  Building a culture of security starts with establishing an organizational understanding of not only what the risks are, but also what that risk means.

What cybersecurity programs and initiatives have you found to be the most effective?

In my experience, a successful cybersecurity program is a structured one. Other elements to a strong cyber defense plan are visibility and rapid response. No single cyber system is a silver-bullet, though. A multi-layered, comprehensive, and broad-and-deep approach is required. Anything you can implement to strengthen these key areas will put you in a better position.

As a US Army Combat Veteran, what are some lessons learned that have been helpful in your roles as a leader and as a cybersecurity professional?

From a leadership perspective, my military career instilled the value of teamwork to be successful. As a team member or leader, the obligation is the same – we work together to support everyone around us to accomplish our mission. This involves leading by example, asking for help, being vulnerable, having respect for one another, as well as having discipline and executing efficiently.

There are a lot of parallels from my military career that were directly transferable to cybersecurity. In the military, you learn about planning, training and being prepared for potentially high-stress situations. When properly trained, you’ll know how to respond, because you’ve developed and practiced those skills as a team. We also treat the concept of cyberwarfare very similar to military warfare: you collect intelligence, create your defenses, plan for contingencies, and execute.

Tell us a little about yourself.

I’m an active leader in the cybersecurity community, and I enjoy participating in and speaking at professional association forums. I’m also an adjunct professor of cybersecurity at Lone Star College, which I’ve done for a few semesters, now.

My wife Angela and I are long-time Houston-area residents, currently residing in Sugar Land with our two sons and two dogs. I enjoy good food, cycling, running, triathlons and occasionally playing guitar. I’m also an avid reader, often reading two to three books simultaneously on leadership, self-improvement or military fiction.