Meet Lucy - Director, Consulting
Meet Lucy Liu, one of the Directors in our Consulting team focused on Cyber Security in our Health, Human Services and Life Sciences sector.
How did your passion for healthcare start and what was the motivation for pursuinga healthcare career?
Healthcare is one of the critical and foundational functions provided to the whole community, and cybersecurity is an intricate dependency and enabler, ensuring healthcare organisations can deliver services safely and efficiently.
What motivated you to pursue this specialisation over other fields within the healthcare industry?
I'm motivated to focus on cybersecurity in healthcare because the industry's cybersecurity maturity is generally considered lower compared to sectors like financial services and energy resources. When implemented correctly, cybersecurity enables healthcare organisations to deliver clinical services and patient care with confidence and efficiency.
Could you provide a brief overview of your professional journey leading up to your current role?
After graduating from university, I joined a boutique cybersecurity consulting company and have been in the cyber industry ever since, driven by a strong passion for its meaning and purpose. I worked at several mid-tier consulting firms before serving as a Senior Security Advisor at INPEX for 7.5 years, gaining valuable client-side insights. Following that, I spent 5 years at PwC before moving to Deloitte, where I have been for the past 3 years.
What skills and capability do you bring to transform health?
Through our work with health clients, I have gained valuable experience and a deep understanding of the sector's challenges and opportunities. Leveraging this knowledge, along with insights from other sectors, we aim to help healthcare organisations enhance their overall cyber maturity, thereby reducing their cyber risk to an acceptable level.
What can you tell us about your role at Deloitte and the work you're involved in?
As the Director at Deloitte, my role involves leading client engagements by advising on cyber risks and strategies, and developing comprehensive cyber programs using advanced tools and platforms. I ensure our clients are equipped to mitigate risks effectively and enhance their cybersecurity posture. Additionally, I support my team by providing guidance, fostering professional development, and building internal capabilities to better serve client needs, ensuring we deliver exceptional value and expertise.
What Health projects have you worked on at Deloitte, and can you tell us about some of the skills or experiences you've gained?
At Deloitte, I have worked on health projects that involve designing and developing cybersecurity strategies and operating models for some of our clients. These projects have provided deep insights into the complexity of organisational entities, governance structures, roles and responsibilities, and the intricate cyber ecosystem. Key skills gained include strategic planning, stakeholder engagement, and navigating complex communication channels. Additionally, I've learned effective methods for managing and mitigating cyber risks in multifaceted environments. These experiences have significantly enhanced my capabilities in delivering robust and tailored cybersecurity services for future clients.
What notable achievements or initiatives have you led that have had a significant impact on healthcare outcomes?
Over the years I have worked across multiple key engagements but one that stood out involved conducting a cyber incident simulation to stress test the organisation's response capability in a real-world cyber crisis. The results helped the client improve several areas, including internal and external communications, notifications to external authorities, social media response strategies, and health and well-being support for staff during heightened response periods to prevent burnout and mental health issues.
What impact are you looking to have on the sector and what is your vision for the future of healthcare?
I aim to make an impact in the healthcare industry by helping organisations protect their services and ensure a safe, secure environment. My goal is to safeguard both organisational and patient sensitive information through a sustained cyber strategy and achieving the right level of cyber maturity.
