Karen Habercross
VP, Chief Information Security and Privacy Officer
UChicago Medicine
As the chief privacy and information security officer for UChicago Medicine, Karen is responsible for the enterprise multiyear strategy and day-to-day operations of the university's health system privacy program for a workforce of more than 20,000 staff, physicians, faculty, students and volunteers, encompassing an academic medical center, a community health and hospital division, off-site ambulatory clinics, faculty and affiliated physician practices, a medical school, human subjects research and portions of the university supporting healthcare functions. She has Master’s Degrees in both Business Administration and Clinical Social Work.
A fun fact about Karen: A walk with her dog Max plus morning-and-evening meditation keeps her balanced in a high-stakes field. (Max is a great listener)
Learn more about the Chicago CISO community here.
Give us a brief overview of the path that led to your current role.
Before cybersecurity, I was a licensed clinical social worker. The counseling skills I honed – active listening, 360-degree perspective-taking, rapid adaptation – now power my privacy-security leadership every day.
What is one of your guiding leadership principles?
“Start with the business goals, map the gaps, then clear the path so your team can shine.” I focus on empowering talent, securing resources, removing roadblocks, and offering support when it’s needed most.
What is the greatest challenge CISOs face today, and how are you addressing it?
As privacy and security teams contend with escalating regulatory demands and evolving threats, the ability to adapt and collaborate becomes increasingly indispensable.
Proactive communication with leadership is a cornerstone of her approach, particularly when presenting risks and recommendations. “The objective is to equip decision-makers with the necessary information to evaluate risks and make informed decisions. Trade-offs are inevitable, and my role involves ensuring that our strategies align with the institution’s vision while mitigating potential risks,” she stated.
Habercoss articulated her guiding philosophy: “Ultimately, our mission is to protect what matters most—our patients, data, and institution. Success in this endeavor demands that we listen, learn, and lead with unity.”
What is the key to success for someone just starting out as a CISO?
- Learn what your business peers are driving toward and align security to those outcomes.
- Build authentic relationships and always deliver on your promises, credibility is your currency.
- Cultivate sponsors who will champion your ideas when you’re not in the room.
How do you measure success as a leader?
My approach to leadership places a strong emphasis on strategic alignment and influence. While titles confer authority, the ability to create value and align initiatives with institutional priorities is far more consequential.
I stress the importance of comprehending an organization’s strategic priorities—be it growth, risk mitigation, or other imperatives—and tailoring privacy and security strategies to support these aims. Achieving objectives often involves presenting options that balance institutional risk tolerance with viable outcomes.
Trust is integral to cultivating productive relationships with leadership. Delivering consistent results and maintaining transparency regarding challenges are key factors in earning trust. Over time, these efforts establish a solid foundation for collaboration,” she asserted.
Gartner C-level Communities Governing Body members share their insights and leadership perspectives to shape the agendas and topics that address the top priorities impacting business leaders today.
By CISOs, For CISOs®
Join the conversation with peers in your local CISO community.