Risk Strategy and Managed Security Solutions

Comprehensive and Adaptable Programs Building Digital Health Trust

01Layer Assessment & Visibility Understand posture, calculate risk, and prioritize strategy
02Layer Operationalize & Protect Data-driven action plans and the expertise to proactively mitigate risk
03Layer Governance & Education Enterprise trust through policy, people, and process alignment

Framework Objectives and Activities

Risk Management Services Spectrum

Seeking Market Awareness and Risk Assessment

Connected Asset Risk Framework

  • Webinars
  • Speaking Engagements
  • Policy and Regulatory interpretation
  • White papers
  • CISO to CISO
  • Executive brief
  • Education
01 What is out there and where do we stand?
Organizational Readiness

Connected Asset Risk Framework

  • Human factor best practice
  • Risk assessment artifacts
  • Roles and responsibilities
  • Clinical Engineering and IT Security collaboration
  • Security program integration preparation
  • Budget guidance
  • Total cost of ownership
02 Is my organization prepared for and aligned for success?
Business Strategy, Tolerance, and Alignment

Connected Asset Risk Framework

  • Vendor awareness/partnerships
  • Selection criteria
  • Scoring guide
  • Market and product evaluation / comparison / analysis
03 Organizational alignment, and what defines completion / success? What are we expecting to get out of this solution?
Preparedness and Implementation

Connected Asset Risk Framework

  • Network and infrastructure
  • Project documentation
  • Kick-off meeting
  • Team development and collaboration
  • Connected asset data collection
  • Connected asset data integration
04 The key to the entire solution is right here; this defines how successful the next steps will be
Visibility and Integration

Connected Asset Risk Framework

  • Inventory connected assets
  • Identify security vulnerabilities
  • Calculate risk to device and organization
  • Develop near term action plan to address critical vulnerabilities
  • Develop short term budget to address mission critical remedies
  • Integration to leverate existing security investments
  • Mitigate false positives
05 Are we seeing what we need to see and have we removed what we do not want to see?
Operationalize and Prioritize Risk Mitigation

Connected Asset Risk Framework

  • Organizational security posture
  • Develop mature connected asset security program
  • Network segmentation report and recommendation
  • Develop data driven medical device strategy and security program
06 Proactive mitigation and how to we prioritize, focus, and deploy controls?
Security Operations Integration

Connected Asset Risk Framework

  • Policies
  • Develop / establish governance
  • Education
  • Inventory and vulnerability reporting
  • Dashboard and risk report dashboard development
  • Roadmap for connected asset management and planning
07 Traditional SOC and Clinical SOC collaboration and requirements?
Enhance Governance

Connected Asset Risk Framework

  • Incident management
  • Organizational security product assessment and recommendations
  • Integration into existing security program
  • Reduce alarm fatigue via security integration program
08 Are we reporting the correct information to the correct committees and teams? Are we compliant?
Continuous Operations

Connected Asset Risk Framework

  • Management contract
  • Virtual support
  • Cross training
  • Affordability
  • Board interaction and reporting
  • Security reporting and metrics
  • Operational review / consulting
  • 24×8 NOC / SOC solutions
  • SecOps (Security Operations)
09 Are we secure? Are we prepared for an incident? Are we aware of latest threats?

Asset Efficiency and Risk Program Experts

Randy Bailey

Co-Founder and Chairman

Co-Founder and Chairman, Randy brings 34 years of HIT leadership, security program development, and risk management knowledge in partnership with our clients.

Toby Gouker, Ph.D.


Toby brings 31 years of cybersecurity education, framework knowledge, and Medical Device/IoT leadership to First. He has extensive security policy experience for healthcare entities.

Carter Groome

Co-Founder CEO

Co-Founder and CEO of First, Carter brings 25 years of HIT, management consulting, health policy, and security leadership experience to our clients.

Jack Wagner

VP of Advisory Services

Jack is the VP of Advisory Services for First with 32 years of Medical Device/IoT Security and Technology Services leadership. Jack leads First's Guardian Program Team.

Meet the Entire First Leadership Team

Behavioral change programs have an enormous impact in reducing human factor risk

“If I had to make a choice about the one thing to spend money on, it would be about getting the word out, talking to people and training people about the risks.” – Health System CISO

First Healthcare Workforce Cyber Behavior Assessments

Who We Work With

AAMI Member HTM Introduction Request

A member of First will contact you shortly to set up a 30-minute virtual meeting.
  • This field is for validation purposes and should be left unchanged.

AAMI Member HTM Introduction Request

A member of First will contact you shortly to set up a 30-minute virtual meeting.
  • This field is for validation purposes and should be left unchanged.