The most successful cybersecurity leaders in healthcare have shifted from acting as gatekeepers to becoming business enablers who help organizations achieve their goals securely. This transformation requires building deep relationships with leadership, understanding operational workflows, and balancing robust security controls with positive user experiences.<br /> Randall (Fritz) Frietzsche, Enterprise CISO at Denver Health, has spent nine years developing an approach that positions cybersecurity as a strategic partner to the business. Denver Health, a safety net hospital and Level 1 trauma center, has been serving the community since 1860 and operates multiple clinics, a health plan, and educational programs. The organization&#8217;s cybersecurity strategy reflects a fundamental shift in how security leaders must operate in healthcare environments.<br /> From Gatekeeper to Business Partner<br /> The traditional model of cybersecurity as the &#8220;department of no&#8221; has become obsolete in modern healthcare organizations. Security teams that focus solely on blocking activities create friction with clinical and administrative staff who need to deliver patient care efficiently. The more effective approach involves working collaboratively with business units to identify secure methods for accomplishing their objectives.<br /> <br /> &#8220;Instead of saying, no, you can&#8217;t do that, we have to find ways to say, let&#8217;s figure out a way to do that more securely,&#8221; Frietzsche explained. This mindset shift requires security leaders to inject cyber risk analysis into business processes early, allowing organizations to make informed decisions about vendors, acquisitions, and new initiatives before committing resources.<br /> When evaluating vendors or considering mergers and acquisitions, cybersecurity teams that participate in due diligence can identify risks that materially affect pricing and contract terms. Organizations can negotiate security requirements into contracts, establishing clear expectations and remediation timelines. This proactive involvement helps avoid costly post-acquisition security issues and strengthens the organization&#8217;s overall risk posture.<br /> Building Trust Through Competence and Relationships<br /> Earning a seat at the leadership table requires more than technical expertise. Security leaders must build strong relationships across the organization and demonstrate consistent competence over time. This trust-building process enables cybersecurity to influence critical business decisions and establish necessary security reviews for technology purchases.<br /> &#8220;You have to have built great relationships with the leadership of your organization. And that takes time and it takes skill. And you also have to be able to demonstrate your competence to them,&#8221; Frietzsche noted. The process involves maintaining awareness of how security controls affect daily operations and ensuring that protective measures do not unnecessarily impede productivity.<br /> The relationship with the chief information officer plays a particularly important role. A supportive CIO who understands cybersecurity can advocate for security initiatives in conversations where the CISO is not present, explaining the reasoning behind controls and their importance to organizational protection. This partnership helps leadership understand that security measures serve essential purposes and use modern tools designed to minimize negative impact on workflows.<br /> Frietzsche makes a deliberate effort to maintain visibility throughout Denver Health. He works support tickets directly to understand user challenges and identify opportunities for broader improvements. This hands-on approach provides insights that inform both tactical solutions and strategic decisions about security architecture.<br /> Balancing Security Controls with User Experience<br /> Effective cybersecurity requires understanding how layered secur...

healthsystemCIO.com

Anthony Guerra

Cyber Success Depends on First Understanding, Then Empowering, Users

DEC 23, 202542 MIN
healthsystemCIO.com

Cyber Success Depends on First Understanding, Then Empowering, Users

DEC 23, 202542 MIN

Description

<p>The most successful cybersecurity leaders in healthcare have shifted from acting as gatekeepers to becoming business enablers who help organizations achieve their goals securely. This transformation requires building deep relationships with leadership, understanding operational workflows, and balancing robust security controls with positive user experiences. Randall (Fritz) Frietzsche, Enterprise CISO at Denver Health, has spent nine […]</p> <p>Source: <a href="https://healthsystemcio.com/2025/12/23/success-in-cyber-depends-on-first-understanding-then-empowering-your-users/">Cyber Success Depends on First Understanding, Then Empowering, Users</a> on <a href="https://healthsystemcio.com">healthsystemcio.com - healthsystemCIO.com is the sole online-only publication dedicated to exclusively and comprehensively serving the information needs of healthcare CIOs.</a></p>