In the urgent scramble to hire cyber security executives, some organizations appear to favor time spent within a business vertical such as healthcare -- often against the advice of competent counsel. They bypass stronger cyber security professionals who would need to learn the new business environment in favor of candidates who understand the industry but need to learn cyber security. Essentially these organizations try to turn healthcare executives into cyber security executives, a very risky idea indeed. It will take an organization about a year to figure out it hired the wrong person. During that time more damage and more atrophy will occur.