Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceTop Cybersecurity Leaders

Special Report

Pam Nigro - Top Cybersecurity Leaders 2023

VP, Security, Medecision

By Madeline Lauver
Nigro

Bio image courtesy of Nigro / Background image courtesy of KrulUA / iStock / Getty Images Plus

March 1, 2023

Over her 25-year career in information technology (IT) risk and cybersecurity, Pam Nigro has learned that security works best when it’s baked into development, rather than added on later in the process.

Nigro started in information technology as a Manager at PricewaterhouseCoopers (PwC), consulting with clients to develop and build internal cybersecurity controls. This role led her to discover her passion for seeing cybersecurity programs implemented from beginning to end and framed her understanding of cyber risk.

At PwC, Nigro engaged in a project designing Health Insurance Portability and Accountability Act (HIPAA) privacy controls for Health Care Service Corporation (HCSC). “On the PwC side of HCSC, I got to build out all these controls and processes, and the opportunity came when HCSC said, ‘Well, if you really believe this, and you think this is the right way to go, come on board and operationalize it.’”

That jumpstarted Nigro’s 14-year career working at HCSC, where, as Senior Director of Information Security, she developed data privacy and cybersecurity controls into the cutting-edge, mature processes they are today. One of the cornerstones of her time at HCSC was developing a DevSecOps framework that automated security using data analytics. “I started to fundamentally shift my thinking about how to apply security in the organization, and my phrase was, ‘Bake it in, don’t bolt it on.’” In past security models, HCSC relied on having security approve tools and procedures after they had already been developed, relegating security to a function that was seen as a bottleneck, rather than a business enabler. By integrating security into the development process, Nigro was able to bake cyber controls in at the early stages of code creation.

Nigro developed a DevSecOps model for the organization that baked dependencies into the IT space at HCSC. She worked with the DevOps team to develop scripts that tracked network anomalies and incorporated security at the code level — and accomplished this in the era before commercial DevSecOps tools existed and matured. “The scripts did the automated checking for security so that the developers could focus on developing,” she says. With that information, she led the creation of a security data lake and leveraged it for a security analytics program. “We started pulling all of the scripts’ log files into the security data lake, so we’re ingesting all of this information, which told us which security goals we were meeting and where we ran into issues.” This analytics program helped HCSC prove the security compliance in the highly regulated organization.

After over a decade of maturing the security program at HCSC, Nigro had the opportunity to join the Home Access Health Corporation (HAHC), which was acquired by Everly Health, as Vice President, Information Technology and Security Officer after the organization suffered a ransomware incident. In 18 months, Nigro transformed the organization’s on-premises infrastructure to a mature, cloud-based cybersecurity function that achieved HITRUST certification in under two years, including a digital transformation. “The cool thing that I got to do was not only have fun with technology, but reengineer their entire technology stack, get it into the cloud and apply security controls at the same time. Within 18 months, I took them from a ransomware event to HITRUST compliance,” she says.

After her time at HAHC, Nigro moved into her current role as VP, Security at Medecision, a digital care management company. There, Nigro secures protected health information (PHI) and leads the organization through a period of digital enhancement, leveraging analytics & security automation across the digital platform. Nigro applies her “Bake it in, don’t bolt it on” methodology to security at Medecision by taking a risk-based, automated approach to cybersecurity. “I automate security as much as possible within the risk framework of the organization. You have to put in the guardrails and say, ‘If you go outside of these guardrails, only then will security will get engaged.” She says that approach has helped her become a trusted advisor and transformed the cybersecurity team into a business enabler, rather than a “No” function. “That’s really been the biggest transformation in terms of culture that I’ve been working on here at Medecision — being that partner, while still managing our risks and staying within the compliance posture that’s needed from a regulatory perspective.”

In a sector as interconnected and regulated as healthcare, she says that information sharing plays a pivotal role in maintaining strong security controls within and across organizations. “No one person is an island, and no one person is going to think of everything, everywhere. You have to develop a level of collaboration where, if you get stuck, you could reach out to peers and bounce ideas around and talk through different challenges,” she says.

As Chair of the ISACA Board of Directors, Nigro now plays a large role in the information sharing practices of cybersecurity professionals around the globe. The importance of networking and sharing intelligence and best practices with other cybersecurity leaders has helped her throughout her career. “When your head is down and you’re fighting a fire, it’s important to reach out for help and share your story,” she says.

She notes that it’s also critical to share successes, so industry professionals can apply successful frameworks in their own organizations. After she developed the DevSecOps & security analytics program at HCSC, Nigro built a model to share with other industry leaders that she took to various industry conferences. “After the conferences, people reached out and had me meet with their teams and talk through it so that they could build on their ideas and determine how they could apply the model in their environment,” she says. Seeing her work positively impact the cybersecurity defenses of other organizations was a highlight of her career, says Nigro.

Nigro’s information sharing and networking efforts also extend to leadership and management advice. She started a women’s forum in Chicago for cybersecurity, risk and governance professionals to share ideas and discuss challenges at work. The forum’s first meeting was “one of those ‘You’re not alone’ moments,” says Nigro. “It’s changing, but it’s still the case for many individuals that when they sit down at the table, they’re the only woman. When I started mentoring and talking with women and leading the women’s forum, I felt that bond that there are other women out here doing what we’re doing. It was really impactful to be there.”

Nigro says the varied opportunities she’s earned throughout her cybersecurity career have helped develop her into a stronger cybersecurity professional and business partner. “If you look at my career, it’s not linear. I didn’t go from point A to where I am now. There were detours, and those all presented me with other opportunities,” she says. The adaptability she has grown throughout her career is reflected in her cybersecurity leadership style. “In a way, it goes back to my ‘bake it in’ model — make cyber your partner. Being adaptable helps make you a trusted adviser so that you’re there at the table with business leaders, helping them make secure decisions.”

KEYWORDS: Chief Information Security Officer (CISO) cyber security leadership IT risk management security partners Women in Security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Madeline Lauver is a former Editor in Chief at Security magazine. Within her role at Security, Lauver focused on news articles, web exclusives, features and several departments for Security’s monthly digital edition, as well as managing social media and multimedia content.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Zongo

    Phillimon Zongo - Top Cybersecurity Leaders 2023

    See More
  • Edgar

    James Edgar - Top Cybersecurity Leaders 2023

    See More
  • Holden

    Alex Holden - Top Cybersecurity Leaders 2023

    See More

Related Products

See More Products
  • A Leaders Guide Book Cover_Nicholson_29Sept2023.jpg

    A Leader’s Guide to Evaluating an Executive Protection Program

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing