As our reliance on technology deepens, cybersecurity is no longer a niche concern — it’s a global priority. Through the lens of healthcare, it takes on a life-saving dimension. Zach Zenner, a Fall 2017 graduate of the University of Wisconsin-Milwaukee’s School of Information Studies BSIST program, prioritizes patient safety.
Zach is currently a Security Architect at Aledade, a physician-enablement company that supports primary care organizations so they can succeed in value-based care. Aledade supports more than 2,400 primary care organizations and serves nearly 3 million patients. As a security architect, Zach’s goal is to make sure all security controls are in place, close any potential gaps, and continuously improve the systems that secure and protect the personal information of patients across the country.
This interview has been edited for length and clarity.
What are some of the most challenging aspects of your role?
As a security professional, you want everything to be, well, secure. The downside to that is, the way to make something secure is not allowing anyone to touch it. You lock it down, nobody can get in, nobody can get out, you just have this locked up box. That doesn’t work in a model where you have customers. People have to use those systems every day. That’s kind of where engineer velocity comes in. People have to build quickly, and they need to be able to do so and safely. That’s a challenging balance, where you have to talk yourself down from saying “We absolutely have to do it this way,” and be more open to saying “Hey, we know you have to build this fast, let’s nudge it in this direction so we can do it safely.”
What are some essential tools or skills that you use regularly?
There are plenty of things we rely on in a general cybersecurity sense: intrusion detection systems, central ingestion systems for logs, EDR systems. For what I do specifically, it’s a lot of research. I research the various bits of how security might be done at other providers like Amazon Web Services or Google Cloud Platform, so we can apply that information to something that we’re building.
What do you find most rewarding about your role?
Seeing the impact. It’s amazing to know that you are actively protecting people’s information. My goal is really pointing out where we can continuously improve our security and better our systems to ultimately protect the customer. It’s deeply rewarding even outside of that perspective. Figuring out a problem is just the coolest thing, especially in cybersecurity where it’s always difficult webs to unweave, it’s like a massive puzzle that you are always building off of. It’s just so much fun to figure it out.
“There’s always so much to learn, but that’s where a lot of the fun is. A problem might be tedious, but at the end of the day, you gain so much insight that you can then bring to another problem, which creates this cascading level of knowledge that you can not only better yourself with but also share with others.”
Was there something that sparked your interest in cybersecurity?
Doing IT technician work with UW-Milwaukee’s Tech Repair department was what sparked my interest. We didn’t just take apart computers; we chose the tools used to remediate issues like malware and viruses. This took research, and sometimes those tools didn’t take care of the issue, so we had to actually go in and figure out where the virus could be and manually get rid of it ourselves. This can be scary, you know, for a student who got struck with ransomware and is afraid of losing their research paper. So, it allowed a bunch of creative and critical thinking. But that was definitely my beginning stage into cybersecurity and then really finding my foothold in where I wanted to go with my career.
What brought you to the School of Information Studies?
I think this goes for a lot of students, but I started as a film major, which is not technology-related. I was very interested in computer graphics, so I was working heavily with computers. That’s when I started to explore the Information Science and Technology degree. I found it to be a lot more fitting for me. I learned so many skills from different areas like database administration, networking and cybersecurity. Those cybersecurity classes along with my job on campus really got me interested in the realm I wanted to focus on. Initially, everyone wants to be a hacker, but protecting is just as important.
In what ways has your experience at the School of Information Studies had an impact on your career and who you are today?
In the School of Information Studies, the instructors themselves are extremely passionate about what they are teaching. I felt like I could always have open conversations with them, as well as other students, about challenging situations. For example, if a student had a differing opinion on how to secure a system, that instructor would engage in a two-way conversation to dig deeper and flesh out those thoughts, like, maybe there are alternate ways to do this, let’s talk about it. To add to that, UW-Milwaukee really seems to value its students and what they contribute back to the community. There was a focus on both ethics and student leadership that set me up for success and solidified what I truly wanted to get out of my work.
How do you see cybersecurity roles evolving and changing over the next decade?
I anticipate we will start to see more types of positions that are larger in scope. For example, as a security architect, I think there will be larger-scope architects that then work with a bunch of other more domain-specific architects like identity and access management and product security so that you can drive a cohesive architectural vision. I also anticipate that keeping technical will continue to be a trend. There’s no role that doesn’t benefit from having a very technical mindset, but you must be able to know your audience and communicate that technical aspect properly.
Do you have any advice for current students pursuing a career in cybersecurity?
Cybersecurity is certainly in demand but it can be a challenge to get into. If you want to get into cybersecurity, you have to do your best to set yourself up for success. Focus on things like going to hacking conventions, where you can network with others within the community. Open yourself up to risk, like, I’m going to jump into this and figure it out. Putting yourself out there can lead to so many opportunities. But you have to be passionate about it. There’s a learning curve, but that’s the magic of it. There’s always so much to learn, but that’s where a lot of the fun is. A problem might be tedious, but at the end of the day, you gain so much insight that you can then bring to another problem, which creates this cascading level of knowledge that you can not only better yourself with but also share with others. Make mistakes, learn from them, and challenge yourself.