Varonis announces strategic partnership with Microsoft to accelerate the secure adoption of Copilot. Learn more

Speed Data: Combating the Cybersecurity Skills Shortage With Bryan Chnowski

Bryan Chnowski, Deputy CISO for Nuvance Health, explains why one of the most significant cybersecurity risks on the horizon is the shortage of workers.
Megan Garza
2 min read
Last updated April 9, 2024
Megan Garza and Bryan Chnowski

Welcome to Speed Data: Quick Conversations With Cybersecurity Leaders. Like speed dating, our goal is to capture the hearts of CISOs with intriguing, unique insight in a rapid format for security professionals pressed for time.

Bryan Chnowski, Deputy Chief Information Security Officer for Nuvance Health, is one of the most personable cybersecurity leaders you’ll ever meet. His passion for providing security awareness education to his staff, combined with his 25-plus years of experience across the education, financial, healthcare, and insurance industries, makes him ideal for leading the cybersecurity strategy at the not-for-profit health system.

Watch Bryan’s full Speed Data episode below to learn the key attributes he thinks all successful leaders should have.

Nontraditional cybersecurity recruiting

Ransomware, malicious actors, vulnerabilities, and insider threats are terms every CISO dreads. But for Bryan Chnowski, one of the most significant risks on the horizon is the shortage of workers.

“What you’re seeing is there are 3.5M open cybersecurity positions worldwide,” the Deputy Chief Information Security Officer for Nuvance Health said. “There’s a skills shortage.”

Rather than rely on existing cyber professionals to continue to fill the growing roles, Bryan offered an alternative suggestion. “Businesses need to target individuals who can transition into cybersecurity roles with proper training and then support their training initiatives, whether it’s boot camps, workshops, or online training platforms,” he said. “Organizations need to look outside of IT."

There are individuals that are more than capable to be successful in cybersecurity that might come from legal or risk management or even your training team.
Bryan Chnowski, Nuvance Health Deputy CISO

Key attributes for cybersecurity leaders

And these individuals could be ideally suited for security leadership positions, Bryan added, if they have specific characteristics.

“There are personality traits a leader needs to have to be successful,” he said, listing off a few key attributes, such as staying calm amid the chaos, being persistent, and keeping wise company. “Surround yourself with people smarter than you — they’ll challenge you. If you’re the smartest one in a room, you’re better off leaving that room.”

Data breaches: prepare, practice, and then proceed.

A sense of situational awareness is also key. “You need to realize that incidents and breaches will occur, so our job as leaders is to limit the frequency and impact,” Bryan said. “Make sure you have up-to-date and accurate business impact analysis, business continuity and disaster recovery plans, and incident response playbooks.”

Your organization needs to feel comfortable that if there is an attack, they’re going to be able to proceed.
Bryan Chnowski, Nuvance Health Deputy CISO

“The way you get them comfortable is to drill it, practice it, and do tabletop exercises. The more comfortable they are, the more successful you’re going to be when you experience some time of attack.”

And in an attack on Bryan’s industry, the stakes are higher. “I’m in healthcare, so any offline system has the ability to impact patient lives in a negative manner,” he said. “When thinking about the different types of attacks that worry me, the biggest one is one that takes down any of our critical systems.”

Life outside of cybersecurity

With more than 25 years of leadership experience across the education, healthcare, and insurance industries, Bryan’s passion for securing data and teaching those around him could have led him down a different path.

“If I wasn’t in cybersecurity, I’d be a teacher,” he said. “I find it rewarding educating those who want to learn.” His face lights up when he talks about the topics he’d teach.

“I love technology, but I’d love to branch out and learn something a little different,” he said. “I love working with my hands, working outside, getting outside my comfort zone, forcing me to grow. I have a lot of hobbies outside of technology, so I think there are plenty of possibilities on what I would wind up teaching.”

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:


Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.


See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.


Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

Varonis Launches Data Center in Canada for Cloud-Native Security
We're excited to announce the opening of our data center in Toronto to support new customers and existing customers moving to Varonis' SaaS offering.
What About Individual Users on ACL's?
One question I received in response to our recent post about aligning windows security groups and automating entitlement reviews was, “If you’re using single-purpose security groups and managing them automatically...
Varonis + Splunk: Epic Threat Detection and Investigations
We’re bringing our powerful DatAlert functionality to Splunk® Enterprise to give you comprehensive visibility into data security with our new Varonis App fo
SecurityRWD – GitHub Secret-Scanning Could Create False Sense of Security
Microsoft recently announced they would be adding another layer of security to their popular code repository, GitHub, by scanning for "secrets" (API tokens, access keys, etc. inadvertently saved in the platform). However, as Kilian Englert and Ryan O'Boyle from the Varonis Cloud Architecture team discuss, this positive first step shouldn't lull developers into a false sense of security. Listen in to hear why it's so important not to let your guard down when securing critical cloud apps and data.