426- AI Breaks Faster Than Broken Processes w/Eric Brosius

426-Eric Brosius
Host: Mike Kelley
Guest: Eric Brosius
________________

Mike Kelley: All right. Well, it's a pleasure to have you back for another
episode of You've Been Heard. The space we've built specifically for the IT
leaders of today, and the rising stars looking to secure their own seat at the
leadership table. Our goal is to ditch the corporate scripts and have the kind
of raw conversational, deep dives it actually takes to lead an organization into
tomorrow. Eric, we really appreciate you joining us. Thank you for your time and
for being so open to sharing your experiences with our community over at
youvebeenheard.com. To our listeners, we're sitting down with a veteran who
spent thirty years in the trenches. Eric is currently the VP of it over at sun
River health, where he effectively acts as a CIO for ten different entities,
each with its own unique risk profile and security posture. A real gem in Eric's
philosophy is his rather visceral comparison of it to a sewer system, something
that nobody thinks about or appreciates until it breaks. he's also got a
refreshingly blunt take on the AI plateau in healthcare, balancing its life
saving potential with the risk of it becoming dangerous crutch for providers.
Eric, we've got a lot of ground to cover from the light switch mentality of
leadership to the unsustainable pace of tech since twenty fifteen, let alone
since twenty twenty three. but I'd love to start by handing the floor to you.
Could you introduce yourself and, to our listeners and share a bit about your
thirty year journey to the leadership seat?

Eric Brosius: Of course. Thanks, Mike, for having me. as you noted, I've been in
the industry for almost thirty years from when I graduated college. I feel like
I've covered most of the industries that are available for you to work in
retail. point of sale, education, loosely parallel financial. And now I've been
in healthcare for the last fifteen or so years. So I'm kind of blessed in having
that well-rounded experience.

Mike Kelley: A little bit of diversity there.

Eric Brosius: For sure. and so like I mentioned in healthcare, I've been the
vice president of it for sun River health for the last thirteen years, which is
New York state's largest federally qualified health center. And we're top five
in the nation and patient visits. So, ambulatory only, but we're in our own
minds, a pretty big fish in the underserved and underprivileged pond of health
care.

Mike Kelley: Okay. and that alone is going to be, I can't imagine myself I've
never worked in health care. And I know some of the compliance that you have to
deal with. and I can't imagine trying to run ten different organizations. I can
understand using it at scale to, offer services to ten of them, but trying to
maintain and run and deal with ten different chiefs that are the absolute chiefs
of their own domain. That's got to be an interesting, opportunity.

Eric Brosius: It's a good challenge for sure. And it's definitely not a
complaint when it comes to job security because I'm not worried about that, but
it definitely keeps you on your toes and in some levels there are pieces that
are the same. They're consistent. We obviously have the same kind of tenants
that try to do the same base security across all of them. Some are nonprofit,
some are for profits. all are in healthcare. So at least it's a lot of it
becomes a little cookie cutter until you get to, fifty or sixty percent of your
tech stack. Then you really dive into the business needs. And that's where you
really start branching off. I have one, client customer company that I deal with
that is near high tech certified. So that's one of the highest rated security
ratings you can get. Doesn't have to be high tech, but it's like three controls
away from high tech. A lot of the other healthcare companies don't have to reach
that level of standard. So there's a lot more auditability, a lot more controls,
separation of duties for that company where the other ones, it's just HIPAA not
to diminish the importance around that. So there's definitely unique challenges
for each company that we face. Thankfully, I have a really good team that
handles a bunch of that.

Mike Kelley: So I'm curious in that vein, are you able to utilize a single
template over all of them, even though you've got the one that's high tech and
the other ones that are HIPAA maintaining HIPAA compliance, are you using like
the a singular template over all of this, or are you having to do individual
templates for compliance?

Eric Brosius: it's a really great question. And like, I kind of alluded to, and
I can't describe it, trying to think of a better way to describe it, but the
short answer is yes. So thankfully, we're able to take a lot of the CSI
baselines and recommendations and apply them across all the organizations,
because every device needs to be encrypted, all the traffic needs to be
encrypted. We have to keep retention policies for seven years. So there's a
really systematic approach to check off the big boxes. But once we reach that,
each business specific security needs, as I mentioned before, the high tech kind
of takes it to HIPAA on steroids. So you really have to do more controls. You
have to have more documentation, you have to prove more evidence to the
auditors. Otherwise you become non-compliant. And that leads to a bad position
for my customers.

Mike Kelley: Yeah. But at least in this case, it sounds like that organization
is pushing for that. So then now it's not you trying to champion that for the
organization. It's the organization saying we want to be this level. So we're
enforcing these things on ourselves. So at least they don't have a they don't
have a choice. The leadership team is helping. Yeah. Okay. They don't have a
choice.

Eric Brosius: Yeah. No, thankfully, and I apologize for interrupting you, but
New York State requires them to meet these controls before they can receive
Medicaid data from the state. So personally being in it for thirty years, it's a
bit overkill. A lot of the CSOs that I talked to about this program, it's a
little heavy handed, but it's what the state Department of Health requires that
any entity that gets downstream Medicaid data has to meet this floor, or it
could jeopardize their ability to operate.

Mike Kelley: Is this a federal mandate or is it a New York state.

Eric Brosius: New York state. And you're going to find, a lot of other states
are going to be different. Each one's going to be different. California is
probably going to be maybe even more strict, because they have much deeper
privacy policies and laws than New York does. And I'm sure there'll be other
states that are a lot looser. It's just New York State is very protective of its
Medicaid data.

Mike Kelley: Are all entity and that's like fifty locations if I remember
reading that correctly. So are all of those inside of the state of New York? So
you're dealing with a single state?

Eric Brosius: Yes. at this point in time. Sun River, my nonprofit entity that
has the forty eight, clinical locations and then my for profit entity that has
clients right now all pretty much are in New York State, but the for profit does
have other clients when it comes to certain specific products. We offer on the
for profit side that aren't in New York State, but it's a different world from
the standpoint of not doing their. IT. We're offering them BI tools or some
other solution. So I don't have to live in their security infrastructure. I
don't have to worry about that. I have enough to worry about on my own.

Mike Kelley: Okay. so I'm a little interested in your statement around the the
pace of technology and especially going as far back as twenty fifteen, because
lately the focus has been, the pace of technology since twenty twenty three,
since the introduction of the generative art, not the introduction, but the
general release, shall we say, of the generative models and people's utilization
of that and the way that that's changing. but you're saying since twenty fifteen
and having experienced a lot of it right there with you, except for me,
transportation and you across multiples, talk to me, tell me a little more of
your thoughts on that.

Eric Brosius: So it's one of those positive challenges. sun river's been blessed
with the ability to grow. A lot of companies obviously haven't had that same
luxury over the last decade. So going back to twenty fourteen, twenty fifteen,
at that point in time, Hudson River healthcare started to take over operations
of the Suffolk County Health Center sites out on Long Island. So we took over
operations for nine health centers in Suffolk County. And so we had to
coordinate with the state or the county. They came in, they ripped out all of
their equipment on a Friday. We had the weekend to put in all of our equipment
because we had to be operational on Monday, and we did that across nine
locations. One weekend we had to do two because of the towns that they operated
in and the I don't know if it's a federal mandate, but essentially Fqhcs can't
close. Like we're not allowed to just we're going to shut down for renovations
for a week because we have to be open to provide patient care to our patients.
So it was an interesting challenge going again. That was all twenty fourteen,
twenty fifteen. And I remember, talking to people in twenty sixteen. I'm like,
oh, we got through this. Let's catch our breath. Let's try to, reorganize a
little bit, let's clean up our processes through twenty sixteen. And then
towards the end of twenty seventeen, we started an M&A activity. And so then
that ramped up through that entire process, all of twenty eighteen. What that
finalized in twenty nineteen, we rebranded and changed our name, almost doubled
in size when it comes to health centers and FTS. So again, good challenges to
have, but it just hasn't stopped. and I would always tell people, oh man, this
isn't sustainable. Like we, we all need to catch our breath. Well, then this
little thing called Covid comes along and that really changed our world. it will
change the world in general, but it changed our world. we sent four hundred
employees to go work from home, and they're remote and they stayed remote. They
have not come back into the office. So we had to free up office space. and it
was just all day long, like, just take your computer, like, just take whatever
you have on your desk and go home. I don't have enough laptops. Just, you got to
get away from people. And it was a little scary. And then we turned around and
started doing vaccine clinics and testing centers. I had technicians out in
these locations, out in parking lots, setting up my files so that laptops could
connect to the EMR. And we always, I think in healthcare and it no, we're behind
the scenes helping patients save lives. We're helping our doctors do their job,
which can save lives. During Covid, we actually helped people save lives, not
that we were hands on, but we were right there on the front lines and it was a
hazard pay, a lot of the guys were a little bit taking their own lives at risk.

Mike Kelley: I have to admit on to that whole topic right there. because, having
done this, as long as you and I have, it's easy for me to start listing out,
okay, if I need a pop up location, I'm going to need this, this, this, and this
and you know what? I was completely oblivious to all of that. Even though I
lived that life and I'm in technology, I didn't even think about all of the
challenges that that you and the rest of the medical community had to go through
during that time with this. so it's kind of a surprising to me to recognize my
own blind spot there. and yeah, exactly. It put themselves at risk early on,
especially.

Eric Brosius: we were and you, I'm sure you've seen videos and pictures, all
over the nation, but we were setting up testing centers and parking lots in
parks in, hall space because that's where we could get space where it was wide
enough open. And you had enough open air so that you weren't within six feet of
anybody. And then that turned into all of those turned into vaccine pop ups. So
we were all over our service region, which is Hudson Valley, New York City and
Long Island, Suffolk County and Long Island doing.

Mike Kelley: Pop.

Eric Brosius: Up vaccination. So again, here we are obviously a little bit less
hazardous, from the workers perspective, but we were out in parking lots and
parks and wherever we could do pop ups because we had to get vaccines and the
people as fast as possible.

Mike Kelley: Not to mention the population centers, New York state population
centers and heavy. I'm out in New Mexico where, getting six feet away from
anybody I walk outside. Yeah.

Eric Brosius: And I.

Mike Kelley: Mean.

Eric Brosius: kind of it turns into a little bit sad when you really start to
think about it. I mean, New York City was ground zero. If you know of Covid and,
the amount of deaths and the scary things that you saw on the news,
refrigeration trucks and just things that nobody thinks about or wants to talk
about now, but that's an hour, from me. Lane. That all happened. I knew people
that were afraid that they were going to close Manhattan down, and they weren't
going to be able to get off of the island. And so, because it was that serious
that, and when it when the height of twenty twenty, but let's, not dwell on.
Yeah, that's very depressing. And then, but, we have all this stuff happening,
but we still have to keep the lights on. We're doing all of this other work, but
we're still running forty five health centers. We still have all of these
customers and other companies that we have to support, maintain, and be there
for their security issues. And when they have HIPAA breaches and when they have
ransomware attacks. so it's been and I just keep saying this isn't sustainable,
this isn't sustainable. But here I am ten years later, as my mom always liked to
say, I'm on the right side of the dirt. So I'm okay so far. and then, sun River
has done some more M&A activities in twenty twenty two. we're trying to grow the
for profit more solutions for community health in twenty twenty two, twenty
twenty three, twenty twenty four. So it's that positive challenge. This isn't a
complaint. Yeah, we might get a little stressed out. We might get a little burnt
out. But it's what nobody is going to be unhappy with growth And, healthcare is
going to continue to grow. It's shifting for sure. Shifting away from a fee for
service, retail, healthcare, come in and get seen. You get paid for the visit to
that more value based care where you get reimbursed based upon how well you're
actually performing and keeping your patients out of the ER. So the landscape is
shifting, but the challenges are still there. And it's, we're blessed to be
growing. And that's exciting.

Mike Kelley: So I got another deviation in the conversation a little bit. but
and we'll circle back to that pace, because that pace has, it's grown
exponentially in the last three years at least. But so how, your ability to
handle these things, to get all of these things done that got you that seat at
the leadership table. how are you keeping your teams from feeling that burnout
of that extended pace and the fact that they're in the middle of a ten year or a
fifteen, thirty year marathon, their careers are centered around this. The
organizations will take everything we're willing to give. and if I'm willing to
put in the sixty, eighty hours a week, they'll take it. how are you and how are
you helping your teams maintain that balance?

Eric Brosius: again, I think it's one of the areas in my career that I've been
very successful in. I've one of the lowest turnover rates in the organization. I
have staff that have been here with me for a decade, have lived this battle with
me. I have staff that have come from my last company. I have staff that came
from the company before that to my last company to this company. not that I'm
irreplaceable because anybody can do my job at the end of the day, but the
strengths that I have seen in my career is the ability work hard, play hard,
show the team that I'm never going to ask them to do something that I wouldn't
or haven't already done. when we converted those Suffolk County sites in twenty
fifteen, I was down there sweeping floors, breaking down cardboard boxes because
I needed them to do their job. And I was able, let me get this box out of your
way. I mean, I could set a computer up on a desk and plug it in, but at some
point back then to joining it on the domain and then that, the technical pieces,
I became our own worst technician and I had to get out of the way. So I just
broke down boxes.

Mike Kelley: I understand that I get that part completely.

Eric Brosius: and I think as a philosophy, I'm not a big outsourcer. I think
outsourcing. They don't care about your problems. like an FTE Employee does.
Again, there's that loyalty that I've created in the culture. everybody feels
safe and I'm, mandate when they take PTO, nobody's allowed to contact you unless
it's me. You're not allowed to check your email. I will shut your email off if I
have to. so I would like to think that it's all because of me, because everybody
has a little bit of an ego at the end of the day, but it's just a lot of proper
vetting when we're hiring and then always trying to promote from within. I'd
rather grow somebody than trying to go and hire off the street one, maybe get a
little bit of a discount. because I've been able to promote them, I've been able
to get them on the job training. And so I might be able to save the organization
a little bit of money, but I'm blessed with an exceptional team that understands
the job, understands it, understands the twenty four seven nature of it and in
health care. And so when a database gets corrupted at four o'clock in the
morning, I've got eight guys on the phone figuring out how to come back from
that.

Mike Kelley: So the growing of employees versus the outsourcing or bringing in
senior people. I too like that philosophy. I like growing them. But, especially
with the pace and lately the new pace that we've been hitting because it feels
to me like we've been in that marathon and now we're having to go from the
marathon pace to the sprinting pace and sustain. But so now when wanting to ramp
up the capabilities or needing to provide more for the organizations. How are
you balancing bringing in somebody new and growing them against being able to
drop in a air quotes professional that can hit the ground running?

Eric Brosius: So, it's been a challenge, especially for some of the higher
skilled, experienced, truly professional niche markets, developers, data
engineers, some of those real high end talent pools. I don't have that
internally. You know, I don't have a lot of that where I can say, oh, this
desktop person really wants to start sticking their fingers in the data
engineering pie. And so I can get them some on the job training. that is hard to
do where if I'm dealing with a help desk or a desktop person that wants to get
into networking, it's really easy to have pair him with somebody on the
networking team and get some mentoring, some on the job training. I get a little
free extra help for the network team because I'm using a help desk person, so we
took a guy Friday afternoons. He worked for the network team and now he's on the
network team because I was able to promote him. So, and the typical, it help
desk, desktop engineer, telecom networking. I have a really good,

Mike Kelley: Structure group.

Eric Brosius: Yeah. to promote and grow those, really specialty pieces developer
for, full stack developers, web developers, front end developers, data
engineers. That's a lot harder. I've had a couple people that have come in. Oh,
I wanted to get into, I want to be a DBA. Okay, sit with the DBA. And it's not
something that you can just jump in and out of because you really have to live
in the space. So I haven't had as much success there. Unfortunately, as much as
I would love to see everybody grow, because I really feel like if you're not
challenging your staff and encouraging them to grow, they're going to become
stagnant. When they become stagnant, they're going to get resentful, and then
you've got a different problem on your hands because then you're hurting morale.
other people have to pick up the ball for them. those highly skilled positions,
I've had to go out to the market. and that's been a challenge in and of itself.
I've made some networking contacts over the last year or two that has really
helped with a skilled pipeline in and our last couple of engineers that we
brought in, were just terrific. And one of the challenges we had a little bit of
a budget issue. And I said, this guy is so good. Take it out of my salary. Like
cover the distance out of my salary because that's how good he is. And I don't
want to lose him over a small amount of money.

Mike Kelley: And hopefully they did the right thing and took care of him while
not taking a bite out of you.

Eric Brosius: Correct.

Mike Kelley: because they just hear that if you're willing to do that for him,
then we need to listen. okay. So. Yes. the whole data engineering, the DevOps,
all of those people and I'm finding myself that those people are really core
right now to that increase in speed that we're expected to produce. we talked
about the entities and the, you've got to have ten different chiefs telling you
what they expect out of AI today. and there may be some commonality, but I'm
betting that there's more disparity than commonality amongst the that entities.

Eric Brosius: obviously AI is so prevalent in our industry right now. and I've
spoken at a couple conferences about it and I always sort of like, okay, do you
want to talk about the technical sides and the good use cases? Or do you want to
talk about the bad use cases and the moral and the ethical conversation around a
and depending upon the group, we can kind of go down different roads. And I kind
of enjoy that challenge. And lately I've really had to put the brakes on AI in
healthcare for my organizations, because everybody's off doing their own thing.
So I have ten organizations with two to six rogue IT departments because every
area, every business unit wants to go do their own thing. And at one point over
about six months ago, we just said like, you can't do anything. And we actually
blocked some of the loosely major AI sites, otter AI and some locations. We had
to block ChatGPT, like just the very common ones because people were dumping p h
I and Exfiltrating p h I in the ChatGPT or otter was automatically joining a
meeting. And if it was a client conference, it that's all p h I and if you don't
have the bar in place and if that data isn't encrypted in the cloud, you just
had a HIPAA breach. but if the meaning has p h I in it's transcribing p h I in
otters cloud and now you've just lost p h I. So we've been very reluctant And
careful, even Grammarly. the writing tool has some AI functionality built into
it. And we were really careful with the people that wanted to use it because of
the exfiltrating of data. And we had to be really careful that the staff, people
that are using it will never handle p h I so they're really executive
assistants. They are not clinical staff. And, these are the little things that
if you're not in healthcare, you're not thinking about and there's going to be
trade secrets, like there's going to be other companies that have their own
proprietary information that they don't want getting out into these language
models either, whether they're thinking about it or not, because then you're
losing, your product. So it's incredibly.

Mike Kelley: Depending. Yeah, depending on what you're doing. Like in your
world, you're picking up liability by that happening in my world, I potential of
it, but it's not a direct liability like like health care. I've got a due
diligence. but you've got a legal mandate.

Eric Brosius: Yeah. and that company that I mentioned earlier that has that near
high tech requirement, they are probably a year away from touching AI just
because of their security silo. And they have to have a reportable boundary of
their IT infrastructure and where all the Medicaid data lives. And plugging some
AI tool in there means you have to document everything. You have to get it
re-approved by the state before you use it or you're out of compliance. So I
just said, you're not touching AI right now. yeah, I have a lot.

Mike Kelley: Even once they do, you're going to have to do that one on prem.
Probably you're going to have to do an isolated case.

Eric Brosius: Unless we have essentially either siloed, carved out private, AI
llm in the cloud with, someone's going to Gemini or ChatGPT or Claud's going to
jump into that business with health care, where they can guarantee that they're
not intermingling data with somebody. Yes, absolutely. or, my for profit company
is developing some AI solutions. So that might be where I have to push people
because that I control in its entirety. so I know its boundaries, so I have the
security around that.

Mike Kelley: And okay.

Eric Brosius: governance around AI has been a challenge. We've had to bring,
again, policies together and share them with all the entities, because a lot of
my nine other entities are smaller. They don't have it people. That's why they
come to me and, had to really Help them understand you can't do this because
you're just throwing p h i out your window so you really need to dial it down.
There are obviously approved use cases in healthcare right now. A lot of
benefits to ambient listening and helping providers transcribe, visits. We have
a lot of AI around, our contact center. So what we're able to do in real time
coaching and monitoring, even the IT help desk has some of that sentiment
calling and real time coaching integrated into it. I am very hesitant, as you
alluded to earlier, of AI becoming a crutch in clinical situations where a lazy
provider, instead of doing their job, is just going to, Mike has a runny nose
and into ChatGPT and it comes back and says, oh, Mike's got the flu when it's
not the flu. You've got a cold or and becoming really lazy. And I read a study
the other day that AI is helping detect breast cancer so early that the
insurance companies are spending more and more money doing more and more imaging
tests to prove that it's right. Because it's so early, it's so small, they can't
catch it with their imaging in the human eye. But AI can. So that's a great use
case of where AI is advancing healthcare to everybody's benefit. Once the trust
is there, once you can believe in what it's telling you, because at the end of
the day, ChatGPT themselves said their newest model hallucinates forty percent
of the time.

Mike Kelley: So many people are just taking what it says for granted that, and I
personally, I think the term hallucination is misleading. because to me, and it
really took a while for that one to sink in as I was playing and trying to
develop something for myself. I'm just trying to make like a little, mix
assistant and, as I'm doing that and it suddenly goes off into left field, like
I'm setting it up to look at my, or to help me with my email management. And it
starts asking me to log in to a completely different email system so that it can
access that email that I'm asking it to look at and summarize. I'm like, well,
wait a minute, and mistakes. It is making mistakes and it is completely off
base. Hallucinations do not infer to me. It does not infer the level of mistake
that's happening. It's just a generic term that covers any kind of mistake of,
thinking that it's yeah, back to the cold versus the flu, right? That would be a
hallucination or potentially a hallucination, even though it just wasn't given
enough context. so that's an interesting.

Eric Brosius: it's what you said is exactly what I said at Enterprise connect in
Las Vegas in March, which is they are using the word hallucination to make it
sound better, that it's wrong, that it's inaccurate. And instead of just saying
we're wrong forty percent of the time, we're saying, oh, it hallucinates forty
percent of the time, because that doesn't sound as bad. So I've been out there
pounding what little drum I have that non-it people really understand just how
wrong AI is right now. So you always have to take the AI bubble with a grain of
salt. Right now, I kind of feel like the tech bubble a decade ago, the AI bubble
is probably going to burst some point in time because it's going to get us to a
point, and we're not going to take that next level. So I think there's great use
cases to help people, move the lower end of their job description into AI and
let them focus on, what? We should be paying our staff for their higher skilled
To capabilities and have, lower hanging fruit be handled by AI because that's a
great use case. What I fear is we don't want people at the upper end to again,
rely on it as a crutch.

Mike Kelley: Yeah. and so, hearing all of that and like, I'm seeing multiple
kind of, challenges or opportunities in front of us. and like a majority of what
you're talking about is to me kind of the level one usage of these generative
models. and, what the public still or society as a whole is still just trying to
get used to what can it do? Where can it be? and so there's that layer of it.
And then we have the third parties that Otter Grammarly. you take any of your
major ERPs or any major system, and they're baking it in. And that's got to be
another challenge for you too, is any of those systems that are bringing it,
baking it in and not necessarily checking with you before suddenly it's inside
of your environment and it's potentially leaking some of that data that you were
talking about having to secure anyway or pulling it into their model, even
though they're promising not to share it or train their models off of your data.
there's that level and then you got people like me. Like I said, I was trying to
make my own little personal assistant. And I've got, teams that are like
chomping at the bit, trying to get to the co-work, the deep agent, the advanced
things that will help write code and, and generate applications themselves. And
then now I'm actually thinking of like the fourth one that you mentioned earlier
of a pure AI solution like the detection model, because that is a, standalone
thing that's being created, utilizing it and. Okay. Four separate races all at
the same time. Run them all. Let's go. Because and every one of those entities,
the entities is still trying to figure out how they're going to leverage it to
the benefit of the organization.

Eric Brosius: I think we're going to see organizations that have efficiency
issues. they have poor workflow. They haven't sat down and really thought out
their processes. And let's face it, nobody's perfect. Every place has some level
of dysfunction. When you layer AI in. And if you're building an AI solution or
adding an AI solution on a house of cards, you're just going to have a more
exponentially worse process because you don't have a solid foundation. So that's
something that I am very conscious of as we think about where we can leverage AI
in business, that you really have to make sure that where you're trying to layer
it in and the processes that you're looking for it to do it better be pretty
solid because then it's just going to go a little crazy. The other thing that I
know a lot of people will talk about and we'll see is, Mithos from Anthropic.
They gave it to Microsoft before they released it, and it found an exploitable
bug in windows eleven like less than an hour is what I have heard. I haven't
seen the report, but I heard this from somebody that I trust. And that's scary
because the the malicious actors are going to take advantage of AI and they'll
do it better because they can get around almost every security that we have in
place now for any organization, any entity. It's not a matter of if it's a
matter of when. At some point somebody's going to get into your environment, be
it in healthcare or not, and you're going to have a data exfiltration layer. And
what keeps me up at night is that malicious actor out there getting Ahold of a
strong AI tool like mythos, and then all of a sudden they have thirty backdoors
in your environment, and you won't detect them till your data's already gone and
on the dark web. or it's sixteen months later and now suddenly you're in deep
trouble. And that's what scares me.

Mike Kelley: Well, and I was going to say, they're not going to start using
them. They're already using them. I went to hang out with the guys and one of my
guys works at one of the military installations close by me. And he's like, hey,
have you seen that latest CVD? And I'm like, no, which one are you talking
about? He's like, they've got an exploitable or zero day exploit in the Linux
kernels that, have almost every version of Red hat is fully exploitable. they
leveraged AI to do it. Guess what? he said, at least for the moment, you still
have to have direct access to the machine. And so there's a little bit of a
challenge before you can exploit it, but come on. Yeah. If anything, all of this
is, Here we go. Now I've got to get the scooter, because running out at a sprint
isn't going to be fast enough. I need to we need to be faster. And it's a great
analogy. and so, I'm hearing so much or there's a lot of focus on the data side
and the data's got to be solid. Well, the process is too, but, the thought of
the fact that processes, we almost need to stop for a moment and go, wait a
minute, this process. Yes. Okay. Can we make this process better? Should we make
this process better? Hey, can we completely change this process? Because right
now, when it comes to processes, I that's an area where, well, this is the way
we've always done it. I keep hearing that kind of thing and layering this in.
This is a chance for us to take and say, stop. If we were going to redo this or
if we were going to approach this completely new today, how would we do it?
Let's play that mind game. At least, run that scenario at least once because our
processes are based on human moving something from A to B, whether it's words,
technology, things.

Eric Brosius: There's a lot there that you said that I completely agree with. If
your data is bad, again, not it's not just the process, but if your data is bad,
you're going to end up in a bad, spot. And everybody, every organization,
whether they're admitting it or not, are in this realm of keeping up with the
Joneses is, I got going to get on the I t train it's going or the AI train. It's
going to help me with this. It's going to help me with that. And if you don't
stop and you think about how to deploy an AI solution and how it's going to
work, it's probably going to fail. And I've seen metrics somewhere between
thirty and fifty percent of all AI projects over the last couple of years have
failed, their implementation failed, their utilization has failed. And you're
investing all of this money into a solution that fails. That's not a good look
at the end of the day. and IT leaders don't like to fail, whether we like to
admit it or not. That's why we're in the business. we want to keep the lights
on.

Mike Kelley: We puzzle solvers.

Eric Brosius: We want to keep things running and working, and we don't want to
get calls at three o'clock in the morning.

Mike Kelley: So you we don't want that sewer backing up. Exactly.

Eric Brosius: And so you really need to map out an implementation and you need
to have champions that understand the ins and the failure points and the risks,
more so than any other project that anybody has probably ever undertaken before.

Mike Kelley: Yeah. Well, one of the other guests that I was interviewing and
talking to around this topic, he had been challenged to, produce twenty AI
projects or take twenty AI projects to success throughout the year. And his
experience so far in getting to that point where he was given that challenge of
twenty, was that two out of three failed. So his plan was that he had to get
through sixty. Right. and, be churning through all sixty of those throughout the
year, meaning, what, sixty and twelve months. So that's five a month. Yeah. and
he had to go through all of those to be able to get that twenty. Mhm. and so

Eric Brosius: I don't have those kind of resources. even if I was given the
directive of that equation, I want to see twenty successful AI projects knowing
two thirds or half of them are going to fail. And you have to, do more. I don't
have the resources to do that right now.

Mike Kelley: Yeah. and so the pace that we're expected to maintain. I keep
trying to do my best to use the word opportunities because there are so many
opportunities within this. so I'd like to back up into a different portion of
the conversation. you were talking about Grammarly Otter, what methodologies and
what kinds of things have you seen in the market that help with that besides
just the, outbound and inbound network filtering, how else are we stopping this?
How else are we controlling this?

Eric Brosius: I think the sad answer is you end up getting a little too big
brother than I think any of us really want to be in, being conscious of where
your data goes. and in healthcare, we go through a lot of risk assessments,
HIPAA risk assessments based on a lot of new standards. And they all are talking
about, having to do a data diagram, not just a network topology, but where and
what data is going throughout your infrastructure, not just internally, but
externally. And that's a kind of a daunting thing. And I know Microsoft has some
tools that at least gives you insight. I think it's through their cloud security
solution as to what's happening within their footprint. part of it is you have
to pay attention and you have to listen to what your colleagues are doing, not
your IT colleagues, but the business units. the only reason we heard about the
otter AI issue is somebody said, oh, I was in a meeting so and so wasn't there,
but their otter AI recorder joined in their absence. and they were just like, is
that okay? And it wasn't like they weren't thinking about exfiltrating, AI, etc.
they were just thinking like, this is weird? Is this compliant? Is this a
privacy issue? I, of course, immediately took it to, what meeting was this? Did
you guys talk about any AI because you just exfiltrated ten patients names
during that meeting and, date of birth and diagnoses and that's a problem. So we
immediately, I mean, that day blocked out our AI from the environment because it
would automatically join meetings. So, it's frustrating because we're in this
world of where, especially in healthcare, you want to share data with other
healthcare partners to do better patient care because Mike doesn't see all of
the same doctors under the same roof. He goes to a cardiologist, he goes to an
oncologist or pulmonologist, unless you're dealing with some major health center
where all of they live. There's a sharing of data that is challenging. And
healthcare doesn't like to share data. EMRs don't like to share data, but they
have to do better patient care. Yeah.

Mike Kelley: And I mean, back to your example about the breast cancer, the more
data that those kinds of organizations have to be able to recognize all of the
cases to teach the models, the more accurate and less hallucinations are going
to be out there. and so that sharing of that data, it's critical for tomorrow.
what a dichotomy. Eric, I'm enjoying this conversation. I could keep going for a
while. I got two questions for you. One is the one I warned you about, eighteen
months from now, what do you think we're going to be talking about? We as IT
leaders, what are we going to be talking about in eighteen months that we're not
talking about today?

Eric Brosius: I honestly believe, and I hope that I'm wrong, we're going to be
in this same churning limbo of how we can effectively and efficiently use AI,
because I don't think there's going to be a clear blueprint for this is how you
implement an AI tool. There's going to be great successes. I've already have
great successes with small use cases around, contact center, ambient listening
from a medical charting perspective. But I don't think the processes and the
businesses can keep up with AI. So it's just going to be more and more failed
implementations because they're trying to put something in before the entity is
prepared to operate as efficiently as some AI things can. So none of us know. I
would love to be wrong. I would love to see, a greater future in AI, in our
industry.

Mike Kelley: You bring me to a quote and I can't remember whether it was from
the Phoenix project or the goal since the Phoenix project is based off of the
goal, which was that optimization anywhere. But the constraint is an illusion.
Mhm. and how true that is because AI is can help us optimize all these different
things. But if we're not ready for the flow that is created, then the constraint
just moves from point A to point B, and we're still trying to get to D or E. And
so that's an interesting piece. okay. So at the end of the day, when you've
secured your environment and empowered the people, what's the one thing you want
to make sure the business, the industry has finally heard from IT leaders such
as yourself.

Eric Brosius: I bet everybody that you talk to either through this podcast or,
in meetings or conferences. Not enough non technical companies treat it like a
business partner. And I've always said I can't be the tail wagging the dog
because I've always worked in healthcare or education or these other industries.
I wasn't working for a tech company and all we were pushing out was tech. So you
had to work within the framework of, listen, I got to talk to the doctors.
They're the experts. They're the ones that I'm trying to make their jobs better.
But they also have to understand we're here to help make their jobs better.
we're not against them. We're not trying to fight with them. We don't want their
laptops to not work. We want them to be able to work more efficiently so they
can go home an hour earlier at the end of the day. And it happened just this
morning. Oh, we're deploying X and I had to go. Can I see the contract for x
before you deploy it? Because I have about thirty questions that nobody else has
thought of, and I think everybody in in our seats, in our shoes can tell you
that same story ten times over.

Mike Kelley: Yeah. I mean, it's really kind of the basis of You've Been Heard
was we started off trying to help teach, the current and or the next generation
how to get a seat at the table. what did those like you and I who have made it
to the leadership, what did we do that helped us get there? how did we get our
leadership to hear us? And thus, the reason that we're calling it, You've Been
Heard. and it still, unfortunately is so true that. Yeah. Oh, by the way, we're
implementing this thing. Hey, wait a minute. This is in mine or in the
environment that I'm responsible for. I'm trying to help you guys. And you're
doing this and you haven't even told me about it. Let me see the contract.

Eric Brosius: Yep.

Mike Kelley: Yeah.

Eric Brosius: So I appreciate what you're doing from that perspective.

Mike Kelley: Yeah, appreciate what you're doing and the challenges and
opportunities that you're having fun with. and man, I hope that we can maintain
this pace and survive it.

Eric Brosius: Agreed. I keep my running shoes on and lace tight is the best
thing I can do.

Mike Kelley: Yeah. All right, well, thank you very much for your time today.
Eric truly appreciated it. and so thankful for you sharing your experience.

Eric Brosius: Thank you Mike, I appreciate