Heather Costa

Director of Technology Resilience at Mayo Clinic

Hospital and Health Care

Education: University of Akron - Penn State University
Akron, OH, USA
INVITE TO SPEAK

Biography

Heather M. Costa, MPS, CBCP, is the Director of Technology Resilience at Mayo Clinic, the No. 1 ranked hospital by U.S. News and World Report and Newsweek. With a 73,000-person workforce, Mayo Clinic cares for more than 1.4 million people each year with serious or complex illnesses from all 50 U.S. states and 140 countries. In her capacity, Heather is responsible for the strategic direction, development, and implementation of an enterprise-wide program that ensures the recoverability of IT resources to safeguarding patient care in the event of a technology disruption (physical and/or cyber). Prior to joining Mayo Clinic, Heather was responsible for the cultivation and execution of the Business Resilience program at the No. 2 ranked hospital, the Cleveland Clinic. There she led a paradigm shift that improved the resilience of patient care by creating an innovative, fully integrated model for business continuity, disaster recovery and crisis management in healthcare.

Heather serves as Education Chair for WiCyS (Women in Cybersecurity) Healthcare Affiliate. She previously served as a member of the Operational Board of the Association of Healthcare Emergency Preparedness Professionals (AHEPP) and co-led the AHEPP Professional Standards Committee.

Heather earned her Bachelor of Science (BS) in Emergency Management and Homeland Security with a minor in Digital Forensics, summa cum laude, from the University of Akron, and her Master of Professional Studies (MPS) in Homeland Security - Information Security and Forensics from Penn State University. She is a Certified Business Continuity Professional (CBCP), and holds certifications in ITIL, Cybersecurity, and Emergency Management and Domestic Preparedness.

Passion

I am passionate about resilience - enterprise/operational resilience, cyber resilience, and personal resilience.

Best Story

My 3-year-old said to me “Mom did you know that the tardigrade, also known as the water bear, also known as the moss piglet is the most resilient animal in the world?” He goes on to tell me that they can survive lava, ice, and even outer space. After a quick search on Google, I learned that these fascinating creatures possessed at a cellular level an ability to survive and adapt to seemingly any environment. They had survived all five extinctions, existing for over 600 million years no matter what was thrown at them. My brilliant boy was right, this was resilience. And I knew that this was the future we should be driving towards.

Origin Story

In August of 2016, as a solo parent with one kid in college, one in high school and 2 in diapers, a full-time job, and a business on the side, I returned to school full-time to finish a bachelors degree I started 25 years prior. On Mother’s Day in 2018, I crossed the commencement stage, graduating Summa Cum Laude with a 4.0, while my children cheered me on. A week later a recruiter from the Cleveland Clinic reached out to see if I would be interested in an open position in Cybersecurity with the Business Continuity team, and four years later my new path led me to Mayo Clinic. So here I am. My personal journey taught me some important lessons along the way that have become the foundation of what I did to drive resilience first at the Cleveland Clinic and now at Mayo Clinic where I am the Director of Technology Resilience.

Example talks

Turtle to Tardigrade...A Future Towards Resilience

Are we returning back to normal or are we building something better? Heather shares a personal journey from surviving to thriving that created a paradigm shift at one of the top healthcare organizations in the country. Learn to define operational resilience as a path of continuous improvement towards something better - resilience - in a realm where disaster recovery alone is no longer enough.

Business Resilience is Cybersecurity

All too often, organizations measure success as stopping a disaster. Success is measured by preventing the boom, and we do not understand why we are met with “never-event” after “never-event”. We should not be lulled into a false sense of security that prevention measures or last lines of defense mean that cyber or other disruptions will be stopped. We cannot lose sight of the gray rhinos. Disasters, crisis, and disruptions happen. One of our most critical tools for success is integrated business resilience.

Featured Video

I am willing to travel

More than 100 miles

When it comes to payments

Everything is negotiable

Topics

business resilience business continuity disaster recovery cybersecurity women in cybersecurity wicys emergency management incident response governance risk and compliance strategic planning digital transformation healthcare healthcare it security personal resilience and wellness mentoring authentic leadership diversity and inclusion information technology operational resilience enterprise resilience enterprise risk management continuity of operations resilience disaster psychology disaster response personal growth strategic vision increasing diversity in cyber security cyber security women in it women in tech women in technology technology resilience crisis management homeland security and emergency management cyber resilience

Best Story

My 3-year-old said to me “Mom did you know that the tardigrade, also known as the water bear, also known as the moss piglet is the most resilient animal in the world?” He goes on to tell me that they can survive lava, ice, and even outer space. After a quick search on Google, I learned that these fascinating creatures possessed at a cellular level an ability to survive and adapt to seemingly any environment. They had survived all five extinctions, existing for over 600 million years no matter what was thrown at them. My brilliant boy was right, this was resilience. And I knew that this was the future we should be driving towards.

Origin Story

In August of 2016, as a solo parent with one kid in college, one in high school and 2 in diapers, a full-time job, and a business on the side, I returned to school full-time to finish a bachelors degree I started 25 years prior. On Mother’s Day in 2018, I crossed the commencement stage, graduating Summa Cum Laude with a 4.0, while my children cheered me on. A week later a recruiter from the Cleveland Clinic reached out to see if I would be interested in an open position in Cybersecurity with the Business Continuity team, and four years later my new path led me to Mayo Clinic. So here I am. My personal journey taught me some important lessons along the way that have become the foundation of what I did to drive resilience first at the Cleveland Clinic and now at Mayo Clinic where I am the Director of Technology Resilience.

Example talks

Turtle to Tardigrade...A Future Towards Resilience

Are we returning back to normal or are we building something better? Heather shares a personal journey from surviving to thriving that created a paradigm shift at one of the top healthcare organizations in the country. Learn to define operational resilience as a path of continuous improvement towards something better - resilience - in a realm where disaster recovery alone is no longer enough.

Business Resilience is Cybersecurity

All too often, organizations measure success as stopping a disaster. Success is measured by preventing the boom, and we do not understand why we are met with “never-event” after “never-event”. We should not be lulled into a false sense of security that prevention measures or last lines of defense mean that cyber or other disruptions will be stopped. We cannot lose sight of the gray rhinos. Disasters, crisis, and disruptions happen. One of our most critical tools for success is integrated business resilience.