What is it like to be in charge of security at a health-care organization? One employee reveals the truth about his job in information security. The man who ran information security here, my boss, was set to take some vacation time to attend his daughter’s wedding. But the CIO called him in and ordered him to stay. There was a downtime issue; the CIO wanted him around “just in case.” Harsh words were exchanged, and my boss left that afternoon. When he didn’t show up to work the next day, management called and his wife informed them that he had died in the middle of the night. A brain aneurysm.I have his job now. My official title is “computer security analyst,” but I am the only person at our 8,000-employee facility dedicated to information security and enforcement of HIPAA. I am variously referred to as the CSO, CISO, ISO or Security Officer, but I report to a manager, who reports to a director, who reports to a senior director of operations, who finally reports to the CIO. I have no power. But if something goes wrong—a virus, a HIPAA violation—I will be fired. I submitted budget requests for nearly $1 million on security-related hardware and software, and got less than $50,000 approved. Rarely do I get to interact with senior management. In fact, I’ve been told that bad things have happened to those who have gone to the CEO with security concerns. And my CIO is more concerned with pleasing users than meeting security requirements.RELATED LINKS See more “What It’s Like To…” storiesThe message, in so many words, is: “Keep the bad guys out, but we’re not going to let you enforce any rules.”That’s my role: I’m the guy sitting on the bomb. I’m here to take the fall when it all blows up.It’s a stressful position. I get migraines. I don’t sleep well. I worry constantly about what’s going to happen but at the same time I feel like I can’t do anything to affect it. I’m irritable with my family and friends.Occasionally, I search the job boards. But security is my calling, and I’m stubborn. You have to be to survive in this line of work. While part of me wants to quit, I don’t want to go down without a fight.But when I think about my old boss, I think about that fight he had with management. And how he died. Now I’m facing the same issues. I just hope I don’t snap. —As told to Scott Berinato * Tom requested anonymity Related content feature 10 most popular IT certifications for 2023 Certifications are a great way to show employers you have the right IT skills and specializations for the job. These 10 certs are the ones IT pros are most likely to pursue, according to data from Dice. By Sarah K. White May 26, 2023 8 mins Certifications Careers interview Stepping up to the challenge of a global conglomerate CIO role Dr. Amrut Urkude became CIO of Reliance Polyester after his company was acquired by Reliance Industries. He discusses challenges IT leaders face while transitioning from a small company to a large multinational enterprise, and how to overcome them. By Yashvendra Singh May 26, 2023 7 mins Digital Transformation Careers brandpost With the new financial year looming, now is a good time to review your Microsoft 365 licenses By Veronica Lew May 25, 2023 5 mins Lenovo news Alteryx works in generative AI for speedy analytics results OpenAI integration and AI wizardry for report generation are aimed at making Alteryx’s analytics products more accessible. By Jon Gold May 25, 2023 3 mins Analytics Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe