CISOs have a tough job, perhaps nowhere more so than in healthcare. Data security, regulatory compliance, legacy infrastructure, IoT, and the high value of PHI place the CISO in the midst of a high stakes game of capture the flag, where the consequences can, at the extreme, mean life or death.