- Resources
- webinar-and-podcast
- Managing Third Party Risk with Special Guest Ed Gaudet
Managing Third Party Risk with Special Guest Ed Gaudet
Welcome to the IoT Security Chats podcast where we bring you the latest information in Cyber and IoT Security. From asset and vulnerability Management to Incident Response, hear the experts talk about the latest threats affecting connected devices and how to keep your organization secure. This session is dedicated to managing third party risk with Special Guest Ed Gaudet.
- Host: Shankar Somasundaram, Founder & CEO, Asimily
- Special Guest: Ed Gaudet, Founder & CEO, Censinet
Discussion topics include:
- Why did you start Censinet?
- What was the biggest challenge you faced when starting the company?
- How has the healthcare industry evolved since you founded Censinet five years ago?
- Where do you see the Healthcare industry headed from here?
- If you could change one thing as an entrepreneur, what would that be?
Show Notes:
- The Hard Thing About Hard Things, by Ben Horowitz
Shankar Somasundaram
Hi everyone. I am Shankar CEO and founder of Asimily. And today I’ll be personally moderating this episode of the IoT Security Chats podcast. Today, we’re going to talk to Ed, who’s the CEO and founder of Censinet. Censinet provides the first and only third-party risk management platform built by and for healthcare providers to manage the threats to patient care that exists within an expanding ecosystem of vendors. Welcome Ed and it’s great to have you here.
Ed Gaudet
It’s great to be here. Thank you.
Shankar Somasundaram
I have a few questions that I’m just going to go through them. And like we discussed, this is a conversation. So looking forward to it. I want to start by understanding why you started Censinet. You have had a stellar career, you might want to talk a little bit of your background, but you have had a stellar career. So why did you leave and start Censinet? What are the factors that led you to do it?
Ed Gaudet
Yeah, I actually had an interesting path to get to technology and become an “entrepreneur” — although I hate that label. I prefer to say I love to solve problems. I’ve been looking to technology to solve problems since I got a school back in the 80s. And many people don’t know this, but I went to an accounting school, I went to a business school, and I was a writer, and I did not belong there. And they did not belong in my worldview at the time, but it all kind of worked out. And I ended up getting a degree in technical writing, which makes sense that a love for technology and applying it in that way made sense where I could write about technology in a way that solves problems for users. It quickly turned into because my first job was at a startup, quickly turned into running all aspects of Marketing, which I don’t think they even had a course at school about, so I had to learn it. I’m an Autodidact. I learned a lot by reading, or I probably have three or four books going at one time. And, then quickly got into products and learned I was pretty good at not only developing products that solve problems but also seeing market trends and being able to anticipate what customers in markets needed over the course of time. really love that that to me gets me really excited to come into an industry and learn about it and find some of the problems and then apply automation and technology. Because ultimately, that’s what we’re doing where we’re taking a process that was largely manual in nature. And we’re automating it in some way and applying technology to that automation.
Shankar Somasundaram
That’s great. That’s a fascinating journey. I have met people who have gone from writing and journalism to technology. And that’s a great mix because if you can master both of the worlds, then you truly bring that comprehensive view, rather than a single dimension and technology view that some people might have. That leads me to do a follow-up question.
You have different backgrounds, which is interesting. And you know, when you have a background like this, and you’ve started a company — running a company comes with its own challenges. What is the biggest challenge you think you have faced, from your perspective, when you effectively have come from both the writing background and technology background? You clearly have some people experience as well. So what is the biggest challenge you have faced, when you have seen all the aspects before, that you have faced running Censinet and starting Censinet?
Ed Gaudet
I’m a pretty passionate guy. I’ve been told I leave my passion on my sleeve. So people know where I’m at, at any given point in time; I don’t tend to hide things. And, you know, for me, I’ve got to be able to get out of bed in the morning and enjoy what I do. And I also have an attention span probably of a nat. I get bored with things quickly. For me, I’m always looking for areas that interest me and that can keep me interested for a period of time. What I found really fascinating about the problem or solving at Censinet was I couldn’t see an end to it. It was that big. And even though it started off very tactical, in terms of the overall problem that we’re solving, it quickly evolved from a vision perspective to include many aspects of cyber and risk, governance risk, and compliance. And that’s what I love about it. I love how these things where you pull a thread, and you sort of all of a sudden have this complete suit and jacket, from this one sample.
Shankar Somasundaram
Yeah. Absolutely.
Ed Gaudet
But in healthcare, and in particular to, which we talked about this the other day, what I love about healthcare is you have this shared mission with your customers that in other industries just doesn’t exist. And this is my second company in healthcare, I’ve done 11 companies and this is only the second time I’ve been in healthcare, but I don’t think I’ll ever go back to, to doing anything else because of that, that uniqueness of that shared mission that you have.
Shankar Somasundaram
I agree. As we discussed before, every day you wake up, and you see you’re doing something meaningful, that actually moves the needle, even by a little bit. You move the needle for somebody else, in a positive way, that can make a difference to patients somewhere. And I think that’s definitely a very motivating mission to actually be a part of.
Ed Gaudet
I was going you add just in terms of the journey to Censinet, which got me really excited about is… is unpacking the problem and thinking about it. I always like to try to like you, we talked about this, I always like to try to find that connection with the emotional, the personal, so that it becomes personal. And with Censinet I quickly got there because I remember thinking to myself, ‘Wow, if a medical device gets hacked or a health system basically goes out of business or if care is disrupted because someone’s on their way to a hospital and now it’s under attack from ransomware and they’ve got to divert to another hospital. Maybe the hospital is another 50 miles away. And every minute counts when you’re in the ambulance, then it’s personal’ because that could be your mother, father, sister, brother, aunt, uncle, cousin friend, hooked up to that medical device, or in that ambulance, and in their life is threatened. And it really becomes this patient safety issue. And like you said, we’re all patients. We are all patients. We know patients and we care and we love her patients. So there’s nothing more important than protecting patients, in my opinion.
Shankar Somasundaram
Absolutely. I 100% agree with that. I think we believe both of us believe totally.
You spoke a little bit about the Censinet journey and your journey. You have been running Censinet for five years. The industry also has continued to evolve and the industry is not static. If you look at it from the industry lens, and you say, ‘how do you think the healthcare industry has evolved in the last five years?’ When you started in 2018 versus today, how do you think that has changed? If you can shed some light on that, that’d be great.
Ed Gaudet
Yeah, wow. Do you have three more hours? I mean there’s a lot happening as well. I started at the end of 2017. And we were getting ready to go to market in 2020. And we’re actually going to HIMSS in March of 2020. And of course, you know, what happened there? I was on a plane Saturday, and on Thursday, they said, ‘No more HIMSS like, we’re going into lockdown.’ Your whole world changed. Yeah. You had the pandemic and you had to deal with that from an entrepreneur’s perspective. Holy cow. You’re getting ready to go to market and then all of a sudden, you stop, you have to think differently about your plans, your hiring plans, how you’re applying capital, how long now, will this pandemic last for which nobody knew, obviously. I was the ultimate optimist. I said, ‘Oh, three months, and we’ll be out of this thing.’ Of course, you know, it lasts much longer. And it’s still … we’re still having it feeling the after-effects of that. I think that was one thing that didn’t exist in 2017.
I think the other thing that the hangover from the pandemic and the economic whiplash that these health systems have to deal with. In particular, the thinness or absence of any margin to drive any type of capital improvements or investments. We are seeing that hospitals are closing down or they’re collapsing or they’re being acquired by larger facilities or…there’s an incredible change right now that’s happening in healthcare that we’ve I don’t think we’ve experienced in a while. So you’ve got that.
In addition, you have the fact that ransomware is now top of everyone’s list. Everyone knows and understands what ransomware is the threat of it and the impact that can have on our hospitals. In 2017, we didn’t really know it. We didn’t really fully understand it. We had ideas. We had anecdotes. I remember Censinet and the Poneman Institute ran a survey. I was hearing people saying, ‘Oh, there is a patient safety impact.’ And I wasn’t sure. And I wanted to see if the survey data would actually show that. And sure enough, I mean, it’s qualitative survey results, but still, directionally it was showing that not only was there an impact on patient safety from diversions of ambulances, operations, and lab results but also there was an increase in mortality rates. Now, again, can you prove it? Can you directly correlate it? We’ve seen a couple of cases. But other than that, no, but we still think ransomware has such a significant impact on healthcare overall.
And we’re seeing now what’s happening from a regulatory perspective. It is driving agencies like the HHS and CISA to come together to develop a minimal set of cybersecurity standards. Now, we have HIPAA, sort of the gold standard for regulations as it relates to data, but not the impact of ransomware on safety, on operations…so shutting down or pausing operations or significantly impacting those organizations for a long period of time. My health system right now is still recovering from a recent ransomware incident. It is still not fully recovered. And it harkens back to what happened to the University of Vermont Medical Center where they were still dealing with this incident, they had for six plus months post the incident. These are really fundamental impacts on healthcare that we’ve never seen before—pre-2017. And the acceleration of that, too. So you’ve got sort of this threat vector, which is increasing because more and more of these health systems are moving their business processes into digital form and into third-party systems. Either being managed by a third-party application that may be hosted by a third party in the cloud or maybe in another data center. And so the whole footprint in the dynamic of managing digital assets and managing care electronically has changed significantly over the last five years.
Shankar Somasundaram
Absolutely. I think you put it well. I think there’s been so much shift. The fundamental shift and awareness and understanding of the risks they’re facing with more data available on things like ransomware has fundamentally opened the eyes in a way that you couldn’t imagine in 2017. And there is hope there for people who were starting companies. And if I had to ask you…if you take a crystal ball…if you had a crystal ball.. and you were a crystal ball, and you said, ‘what is it that the industry is going to look like in three years from now, five years from now?’ What would you think that looks like? And there’s obviously you’re giving your view, but what does the industry look like in three to five years In your mind? How does this shift? How does the landscape shift?
Ed Gaudet
Yeah, that’s, that’s a great question. I’ve got one of these weird abilities to… I mentioned this earlier. I get to see trends and I get to predict things that will happen. And oftentimes, my track record is pretty good. I would say I’m batting about 800. The challenge is the timing. I may not get it wrong, but I don’t always get the timing. That’s always the hardest thing to predict — especially as an entrepreneur. You’ve got this idea. You see a vision of how things can be done differently. And you’re like, ‘why can’t everybody else see this?’ Well because markets and people move incrementally for the most part. They don’t necessarily move in large shifts of disruption. And as entrepreneurs, we deal in those large shifts of disruption to solving those problems. So with that being said, and as a disclaimer, around timing.
I’ve always believed in and I’ve always been fascinated by…I’m a big fan of Amazon. I’ve watched Amazon early on. I’ve been an investor in Amazon early on. I saw AWS early on before anybody else. I shouldn’t say anybody else but before most investors did and I went in a big way in Amazon when they were at $50, based on Amazon, based on AWS. I believed that Amazon, AWS, was going to be the infrastructure and basically the utility infrastructure like electrical is to homes and things. And for the most part that’s played out. I’ve also thought and a little earlier, I would say probably in 2016 to 2017, that Amazon was going to make a big impact in healthcare. And I remember when I started the company, I went to a, I think it was at an advisory board meeting now actually was like one of the first meetings I’ve been at as a new founder of Cenisnet. I remember the folks around the world around the table, they were Chief Digital Officers, Chief Information Officers, and SVPs. And they were all kind of scratching their head wondering like, ‘what was going to be what was going to happen next?’ And I remember raising my hand and saying something like, ‘Amazon is going to completely disrupt your world!’ And of course, I thought it was going to happen in 2020. And like I said, my timing was off. But I do think the model, and the approach that someone like an Amazon has… if Amazon really got serious about healthcare, I think they could actually change drastically, dramatically the way care is delivered. And I think we’re starting to see a little bit of that, based on some of the purchases they’ve made. They’ve tested things out. They have this joint venture. And I remember when they disbanded it, and everyone said, ‘oh, look, Amazon failed’. I’m like, ‘no, they didn’t fail. That was a test.’ They learned a lot through that test with JP Morgan. They learned a lot. They’re off now figuring out their learnings and applying them to their model. So don’t count them out yet.
And they just did this One Medical, I think it’s called this program. I think this notion of the ability to deliver care through this medium, like we’re talking here on Zoom, with some devices in the home for diagnostics … for vitals, If I get to a point where I can do most of my care over at home in a way that is effective and efficient and cost-effective like it significantly drives the cost down, and the economics of care down, then really the last piece of the mile is what it’s really the, the operation theory. It’s like it’s the ER, right? It’s that. If you can solve that piece in the model, then I think you disrupt healthcare as it sits today. Whether that happens now in another five years or not, I don’t know given I’ve given up trying to… but I think it will happen. I think it will happen. I think the technology is at a state where you can you can do some really interesting things in terms of care delivery, that you couldn’t do, five years ago. Does that make sense?
Shankar Somasundaram
Absolutely. And I think COVID escalated it as people started getting more remote care and remote monitoring, it opened up their eyes to what is possible that allows the disruptors to come in faster. And so that timeline actually has probably been sunk. What might have happened in 10 years now can happen in seven or five, we don’t know the exact time, like you said, but I absolutely agree. I think that industry… I joke with my wife that one day all of us will be working for Amazon, Google or Microsoft, the way they are expanding and taking over industries. So it’s interesting.
Ed Gaudet
And that acceleration is so that acceleration is you’re so spot on acceleration because I know the industry was sort of, you know, dealing with Telehealth at the fringe, sort of at the edges. And all of a sudden it became like, ‘that’s how we’re going to deliver care’. And it’s almost like… I’m scratching my head why didn’t we keep pushing that forward? Why are we sort of backing off on Telehealth? It is interesting how markets move. It’s never a straight line up, right? It’s always sort of up down a little up a little down a little then back up. And then there are major movements. And so I still think that there’ll be interesting things over the next couple of years that Amazon brings to market and others that are certainly trying to follow in the Amazon strategy, if you will, with healthcare.
Shankar Somasundaram
No, absolutely and I think that’s why it’s so hard to predict timing because it depends on external forces, which you cannot say for certain.
So now if you have to go back to yourself and Censinet, you have done a lot of great things. If you had to go back and change one thing. Maybe you would not change anything. But if you had to go back and change one thing in your journey with Censinet, what do you think that might be? And if there’s nothing you can just say, you know, everything that you want, you have done. But if you had to pick just one thing, what would that be? What would be the biggest thing you would probably have changed in the last five years if you could go back and redo it all?
Ed Gaudet
Yeah, great question. There’s a book that I always recommend to entrepreneurs is called “The Hard Thing About Hard Things”. It’s a great book. It’s by the cofounder of Andreessen Horowitz. Ben Horowitz wrote it. And I remember reading it the first time thinking, wow, not only other phenomenal musical references, and I love music. And so I really enjoyed the writing style and the references to music but just the way that the stories were told about the challenges of being an entrepreneur and things to consider when you’re an entrepreneur in the trenches. Not academically. Not at a very high level. But really like, when you go to hire your sales leader, think deeply about that individual and hire for the process. Hire someone that really understands the process of building a startup. The ability to build a sales process and sell at the same time without saying, ‘Oh, well, I did this here, then I’m going to do the same thing at your company, because I worked at the last company’ because it’s never that it’s never that easy, right? If it were we just published a book off the shelf, we would read it, and then we would apply the sales practices. It’s no surprise that every year it seems like there’s a new sales methodology out there, right? Someone’s written another book about selling, it’s crazy. So it’s never that easy. And I think, you know, even though he said it, in the book and read the book over and over, I read it a couple of times over and over because I always found that I didn’t miss that the first read. Man, I violated the first principle which is that the founder is the best salesperson in the startup. The founder is the best salesperson and I don’t think I’m a great salesperson. And, by the way, I’ve sold before I don’t particularly like it. I was just talking to one of our salespeople today, it’s the hardest job in the company, I think selling. It’s because you’ve got to have that thick skin and shield, and you got to do it every single day, you got to be told no, every single day until you know, somebody says, maybe, and then you get all excited, right? And you got to be that internal optimist, and it is such a hard job. And when you’re starting up, you don’t have even you haven’t even figured out your sales motion image or figured out your key messages, you don’t even know if your product market fit yet. And so I got really excited because I closed a bunch of deals in the beginning. And I thought, ‘Oh, this will be easy because if I can do it, anybody can do it’. That, unfortunately, wasn’t the case. We hired a bunch of people, figuring we could scale up quickly, faster than we were ready, and…we weren’t ready. And it wasn’t about the individuals that were there. Very good individuals are great people and fit the culture. We weren’t ready for them, and I missed it. And I missed it. So that was a big learning for me. That would be one thing I would do over again. I would have continued selling which would have led me right into the pandemic, which would have been fine, because, again, things slowed down. And what I ended up doing was based on my board. I have a great board of advisors. I mean really blessed with the expertise at the board level. They see a number of different things. And they quickly said, ‘alright, you keep selling, and you should hire a product person, a product leader to help you out’. And I was like, because product is my first level like ‘no, I don’t want to give away product. No, no, no.’ But they work right? Absolutely correct. And I was able to hire someone who’s even better than me is our Chief Product Officer, Paul Russell, who I worked with at Imprivata. And he ended up going to an AI company at the time and just timing worked out. And he joined the company, and he made the product so much better than I would have ever made it. And so, but again, it was all like pandemic, without the pandemic I wouldn’t have Paul write it probably would have hired another sales leader because thinking well, it’s maybe it’s the sales team or it wasn’t the sales team. We weren’t ready. We need more time. We need more product market fit time. And we got that with Paul Russell.
Shankar Somasundaram
Thank you and thank you for the transparency. That’s a really honest answer. And you know, like you said, timing for an entrepreneur is the hardest thing to get right. And I think you nailed it like that is one of the hardest decisions. When to hire. When not to hire. When to do something. When not to do something. And that’s something we all grapple with all the time. So we’re almost out of time. I will have a couple of quick, rapid-fire questions. 30 second answers. If you can answer one fun fact about yourself outside of Censinet. Something that you know, listeners should know like something fun out about yourself that nobody knows.
Ed Gaudet
Shankar, I have a lot of fun facts about me. I’ll give you a couple. I am a poet. Well, most poets would say ‘you never call yourself a poet’. But I love poetry. I’m a student of poetry. How about that? And I’ve been writing poetry since an early age. And I’ve actually… I’m working with a couple of mentors that are helping me fine-tune my writing skills and also get me published. So that’s happening. Yeah, in the waking hours when I can find time, but I wish I could. I wish I could put more time into it. I have a lot of passions that revolve around writing. I’ve also got a couple of screenplays that I had in the process. Before he started Censinet. I put those on hold. And I am a big fan of the Grateful Dead. So I am going to five shows this year. I cannot wait next week, I’m going to two shows in New York, and then two shows in Fenway in Boston.
Shankar Somasundaram
Wow. I mean, that’s an interesting life. You know, I wish I had more interesting things to talk about in my personal life. So that is something to look at.>
Ed Gaudet
Oh. you have something very interesting in and I cannot wait for our listeners for the Censinet podcast listeners to hear about the riskiest thing you’ve ever done. So we want to talk about that. That was really interesting.
Shankar Somasundaram
Thank you. And so there’s one last question. What advice would you give to our listeners, as it from a security side or an entrepreneur, whoever is listening to the podcast, you had to give a piece of advice. What would that be?
Ed Gaudet
Yeah, commit yourself to being a lifelong learner. Always, always learn, always keep learning. keep learning. Keep recognizing that you don’t have all the answers. And that’s okay. There are a lot of smart people out there. Just know where to go. And, yeah for me, it’s always been it’s a lifelong journey of learning. And I love it. I mean, that, to me, is what makes life really interesting. And I think secondly, don’t take yourself too seriously. I think that’s what can get ourselves into trouble. When we lose that hubris, humility, if you will we get, we get ahead of our skis. So I guess those are probably two things since you put me on the spot there that I could come up with.
Shankar Somasundaram
That’s a great piece of advice there, Ed, and I agree wholeheartedly with both. So thank you, Ed, for your time, it’s been an absolute pleasure from my side. I hope you enjoyed having the discussion as well as. I’m pretty sure every listener who listens to this will learn something more about Censinet and will learn about your views of the industry, and hopefully a little bit about how they should think about the industry and careers as well. So thank you so much. And, you know, we will look forward to more discussion.
Ed Gaudet
Thank you for having me today. It’s been a pleasure. Thanks.
[end]
Reduce Vulnerabilities 10x Faster with Half the Resources
Find out how our innovative risk remediation platform can help keep your organization’s resources safe, users protected, and IoT and IoMT assets secure.