“If you can use signal to noise to tell stories of winning, you make the job easier.”
Signal to Noise: An Interview with Jeannine, CISO at HealthEdge
In this edition of Signal to Noise, I sat down with Jeannine, Chief Information Security Officer at HealthEdge. Jeannine’s story starts far from the CISO suite, rooted in help desk tickets, network cables, and long nights keeping small businesses online. That practitioner’s background still shapes how she thinks about leadership, visibility, and what really counts as signal in a noisy world.
Our conversation covered her early career, her view on actionable visibility, the realities of AI hype, and how she prioritizes her time and investments as a modern security leader.
From Help Desk to the CISO Office
Jeannine started out on a help desk at a company small enough that everyone wore multiple hats. She spent those early years as a systems, network, and telco engineer, back when security was still a bolt-on.
Her turning point came with the “ILOVEYOU” virus outbreak. “It was a VBS script that took businesses offline for days. And back then, unless you unplugged from the internet, there was nothing you could do.”
That moment shaped her view of defense as both technical and personal. “I was always a defensive player. I was a goalie in soccer, a catcher in softball. I think that mindset carried over naturally.”
From there, she moved through architecture roles, public companies, and even the Department of Defense, helping manage Air Force Gateways at scale. But she credits that first help desk role as the most formative.
“It drilled customer service into the back of my head. That instinct serves you well as a CISO. People forget that security is a human-facing job as much as it is technical.”
For Jeannine, security’s dynamism is what keeps her in it. “Monotony is the kiss of death. There’s no monotony here. Everyone’s passionate. When your work itself becomes a galvanizer for the team, it’s the gift that keeps on giving.”
On Signal to Noise: Actionability Above All
When I asked how she defines signal to noise, Jeannine didn’t hesitate. “It means actionability,” she said.
While she’s ambivalent about the phrase “you don’t know what you don’t know,” she admits it’s a constant truth in security. “You’ll never know what you miss. And visibility is expensive. Comprehensive visibility costs a lot, and you never have a blank check.”
For her, signal to noise isn’t just a SOC metric. It’s a storytelling tool. “We’re a cost center. Nobody knows when we win. They only know when we lose. If you can use signal to noise to tell stories of winning, you make the job easier.”
That combination of precision, visibility, and communication is what separates good security programs from noisy ones. “I want all the things: anomalous activity, contextual alerts, but not at the expense of chasing noise. It’s about surgical precision, not nebulous volume.”
On Operating Models: Fighting the Reactive Reflex
Jeannine has seen security teams evolve through every operational maturity phase.
“Cyber defense is inherently a reactive undertaking. The asymmetrical challenge of being 100% successful vs your adversaries winning only once is daunting. I’ve always embraced the concept of lean-forward security, incorporating capabilities that reduce reactive actioning and increase proactive detection can give us that necessary edge.”
She describes it as the constant hum in the back of her mind: that nagging thought of what might be hiding between detections. “We aspire to have attack detection at full coverage, but you just never know. Ambiguity isn’t the right word, but it’s close. You’re always wondering what you can’t see.”
That realism doesn’t discourage her team, it keeps them sharp. Awareness of the gaps is what fuels continuous improvement.
For New CISOs: Visibility, Identity, and Device Trust
When I asked what a new or seasoned CISO should tackle first, Jeannine’s answer was clear and pragmatic.
“Visibility,” she said. “Start with attack detection. Then do a gap analysis. That’s the precursor to everything.”
But her focus quickly shifts to first principles. “At its core, cybersecurity is access control. Preventing unauthorized access. That means protecting identities and protecting systems.”
She’s bullish on FIDO2 authentication and device trust as foundational moves. “There’s no panacea, but FIDO2 is a game changer. Device trust is another powerful layer. If an attacker compromises an identity, they still can’t use their own device to authenticate to your IDP.”
She sees those controls as not just technical measures, but organizational leverage. “Do certificate management on your devices, use FIDO2, and you’ve already got a leg up.”
On AI Hype vs. Reality
When it comes to AI, Jeannine is refreshingly matter of fact. “Talk about signal to noise, the AI hype is noisy to me right now,” she said. “Marketing teams seem to think they need to put AI in their collateral, even if they make widgets.”
That said, she sees one meaningful application: decision support. “That’s where AI really adds value. If you’re running lean, you need to empower your analysts with faster, better context. That’s where AI can help.”
But she’s quick to draw the line. “We’re nowhere near handing everything over to machines. I don’t see a path to that, candidly. You don’t want an optimistic in CISO. You want a realistic one.”
On Prioritization: It Takes a Village
Jeannine’s leadership philosophy is rooted in people. “It takes a village. And we are the weakest link.”
For her, security awareness isn’t a compliance exercise, it’s storytelling. “No employee wants to be the person who unintentionally causes harm. If they understood what you and I know about how fragile things are, we wouldn’t need transformational conversations. They’d already be armed with suspicious minds.”
Her goal is empowerment. “Help people recognize what a threat looks like, and make sure they know what to do next. Education, engagement, and storytelling are what move the needle.”
On Vendors: Be Succinct, Transparent, and Real
Jeannine has strong opinions on how vendors can add value. “Be succinct. Don’t be hand-wavy. I want to know the what and the how.”
If a product requires massive coordination to implement, it’s a non-starter. “If the ‘how’ means I need fifteen teams outside my influence to make it work, next. That’s not feasible.”
Transparency, she says, is table stakes. “If I detect any talk that’s vague or evasive, next. And start with cost transparency. Don’t show me a Lamborghini if my budget’s for a Subaru. Help me know upfront if this even fits my world.”
Finding Signal
Jeannine’s story is one of clarity through experience. From the help desk to the boardroom, her philosophy has stayed consistent: action over theory, realism over hype, people over polish.
Whether she’s talking about visibility, identity protection, or AI, her message is simple. “If you can tell stories of winning, that’s signal. Everything else is noise.”
Stay secure, and stay curious, my friends.
Damien