Cybersecurity threats to an institution are no longer limited to the organization themselves, as threat actors launch attacks across the entire supply chain in hopes of disrupting the financial services sector. Managing supply chain risk is top of mind for Ariel Weintraub, Chief Information Security Officer, Aon, who emphasizes that cybersecurity is not a competition, but an opportunity to share best practices and timely information to maintain the resilience of the global financial sector....
Jun 10, 2025•17 min•Ep. 31
The quantum revolution is coming to the financial sector. Debbie Janeczek, Global Chief Information Security Officer, ING, is preparing for it and says the rest of the sector should, too. She suggests starting with building leadership’s awareness of quantum risks, inventorying algorithms, and developing the skill sets needed for post quantum cryptography. Those moves, among others, will help financial firms be ready when the quantum revolution arrives — and it’s getting closer every day.
Jun 10, 2025•13 min•Ep. 30
The goal of information security is to not react to the change. It's to learn about change in advance. That’s one of the many lessons Meg Anderson, former CISO, Principal Financial Group, has learned after 40 years in cybersecurity. It’s a lesson she’s instilled in her teams, along with the power of saying no, the vital importance of developing a pipeline, and why cyber leaders need business leaders’ trust. Those lessons will help CISOs succeed, even as the cyber landscape changes.
Jun 10, 2025•21 min•Ep. 29
Fraud is one of the sector's biggest concerns, but passwords aren’t much of an obstacle to today’s innovative cybercriminals. Biometrics are the next frontier, but how do you get customers to accept the pivot? Susan Koski, Chief Information Security Officer, PNC, has been examining the challenge and recommends managing by facts and known risks, understanding fraud prevention as a cross-sector problem, and remembering that the customer experience has to be central to the post-password cyber lands...
Jun 10, 2025•16 min•Ep. 28
Financial services cybersecurity has its challenges – but it’s also interesting, varied, and just plain fun, says Jochen Friedemann, Chief Information Security Officer at Talanx, the Hanover-based insurance/re-insurance firm. Cybersecurity is also more impactful than it’s ever been, thanks to cyber’s importance to senior management, with more educational and career opportunities than ever before. So though the responsibility is heavy, if you’re thinking about joining InfoSec, this is a great tim...
Jun 09, 2025•16 min•Ep. 27
Many financial services firms have such vast hoards of data – much of it unclassified legacy data – that owning it causes more data governance challenges than the information is worth. Olivier Nautet, Group CISO at BNP Paribas , says that firms suffering “infobesity” must approach the challenge cross-functionally, with a view to operational resilience and compliance. Here’s what he says about slimming down safely, effectively, and within regulation. Data decisions: Amassing data – especially inf...
Mar 20, 2025•21 min•Ep. 26
Data security regulation is accelerating many firms’ data protection processes, says Karl Schimmeck, Executive Vice President and CISO of Northern Trust . However, complying with multiple jurisdictions’ reporting regimes around privacy, incident disclosures, and decision process documentation can be tough. Rigorous incident management plans and structures simplify things but it’s important to remember compliance isn’t about checking boxes. It’s about reducing risk. Regulation drives data protect...
Mar 20, 2025•24 min•Ep. 25
Identifying and managing risk is fundamental to good governance, says Claus Norup, Managing Director and Group CISO, Euroclear , but that’s only part of the job. Success in a CISO role depends on leadership’s buy-in, the ability to translate information to its audience, and the degree to which the function is embedded in overall governance, among other factors. Still, Norup says that in the end, successful governance comes down to the person in the role. Should you take the CISO job? If offered ...
Mar 20, 2025•25 min•Ep. 24
Where cybersecurity and operations converge – as they increasingly do -- financial services firms must view cyber risks as operational risks. That integration is a sign of cyber maturity, says Matt Harper, Aflac’s Vice President and Global Practice Lead, Product Security, and Program Strategy , but it affects the practice of risk management. He advises financial services cybersecurity leaders to learn about the business side and map security processes toward it to the benefit of the overall inst...
Mar 20, 2025•19 min•Ep. 23
There used to be weeks between the announcement of a zero-day vulnerability and the next exploit. Now we have days or hours to patch the vulnerability, says Carsten Fischer, Deputy Chief Security Officer at Deutsche Bank. Sometimes threat actors are in the machine even as the patch is being tested. With such a small window of reaction time, mitigation must be faster. Prevention vs. Detection We can’t prevent every threat, but we don’t always have time to patch detected vulnerabilities before adv...
Oct 31, 2024•16 min•Ep. 22
Stephen Sparkes has over 30 years of experience in leadership roles across the financial services tech spectrum and is currently Scotiabank’s EVP, Chief Information Security Officer and Enterprise Platforms, and member of the FS-ISAC Board of Directors. Over the years, he says, cyber has become the dominant operational risk, giving CISOs a more prominent leadership role. That role – and the skills CISOs need to succeed – will continue to expand as the threat and business environment evolves. Epi...
Sep 20, 2024•19 min•Ep. 21
A financial services CISO’s job is to secure the organization of today and tomorrow. Lindsey Bateman, Chief Information Security Officer at M&G plc, a UK Savings and Investments company, recommends instituting a Security by Default culture to reduce the risks and increase the resilience of financial services institutions today, while keeping an eye on the horizon for emerging threats – and quantum computing is at the top of the list. Episode Notes Future Risks: Quantum Computing The progress...
Jul 18, 2024•20 min•Ep. 20
Third-party providers are often crucial to financial service operations – and a serious cyber risk. For that reason, EU regulators are taking a close look at the digital supply chain. Here, BISO (Business Information Security Officer) at ICE Trading and Clearing, and Chair of FS-ISAC’s UK Strategic Subsidiary Board, Burim Bivolaku talks about the biggest challenges in third-party risk management, how to effectively address them, and why FS-ISAC’s UK Strategic Subsidiary Board helps its governanc...
May 14, 2024•19 min•Ep. 19
It’s difficult to quantify risk – some CISOs say it can’t be done – but there is a business case to be made for cybersecurity measures and controls (information sharing helps). Beate Zwijnenberg, ING CISO and member of FS-ISAC’s Global and European Boards, explains her approach to quantifying risk and communicating metrics relevant to senior management priorities. And she explains why DORA’s pillars may increase the sector’s resiliency as it matures the supply chain’s cyber defenses. Quantifying...
Mar 05, 2024•17 min•Ep. 18
The Cyber Risk Institute has developed a cybersecurity framework for the financial sector that is based on globally recognized standards. Josh Magri, CRI President & CEO, talks about the genesis of this framework and how it can help bridge the gap between self-assessment and regulatory compliance, even for financial firms that have operations around the globe. Notes from our Discussion with Josh CRI Profile The profile is the Rosetta Stone between cybersecurity frameworks, standards, and reg...
Feb 20, 2024•33 min•Ep. 17
Generative AI (GenAI) is changing the cybersecurity landscape at a phenomenal pace, creating both new challenges and opportunities. As cyber attacks become increasingly sophisticated, preventing them requires information sharing. Ann Barron-DiCamillo, Managing Director and Global Head of Cyber Operations at Citi, talks about the difference between traditional attacks and AI-powered threats. Ann, also the current Chair of FS-ISAC's Board, discusses supply chain risks, the importance of informatio...
Nov 21, 2023•28 min•Ep. 16
Episode Notes Jayaraj Puthanveedu - MD, Global Head of Resilience, Cyber, and Digital Fraud of BNP Paribas - dives into fraud, what the landscape looks like for financial firms, its impact on customer trust, tips on customer awareness, and much more. Notes from Our Discussion with Jayaraj Fraud Landscape for the Customer Fraud is of utmost importance for the financial sector. It is increasing in both complexity and magnitude. Only about 20% of fraud is reported, making it more difficult to measu...
Oct 24, 2023•38 min•Ep. 15
Episode Notes With over 20 years of experience as a CISO, Phil Venables, Chief Information Security Officer at Google Cloud, talks about creating an AI framework, key use cases for AI in cyber, Google Cloud joining FS-ISAC's Critical Providers Program, how he approaches operational resilience, and gives advice on how CISOs can maintain work-life balance. Notes from our Discussion with Phil Google Cloud’s Security AI Framework AI has presented new risks and very specific types of threats. The obj...
Oct 13, 2023•38 min•Ep. 14
Episode Notes Daniel Barriuso, Global Chief Transformation Officer at Santander and Chairman of the FS-ISAC Europe Board of Directors, talks about the importance of addressing cybersecurity globally and holistically, while also taking regional differences into account. He draws on his experience as Global Chief Information Security Officer (CISO) at Santander and his current role to discuss how bigger organizations can collaborate with startups to fight cybercrime. Notes from Our Discussion with...
Sep 26, 2023•29 min•Ep. 13
While the Board sets up broad policies and priorities for companies, there’s a whole cyber universe that Board members may not fully understand. Jerry Perullo draws on more than two decades of experience, including as CISO at Intercontinental Exchange/New York Stock Exchange (ICE/NYSE), and recently as interim CISO at Silicon Valley Bank, to explain his framework for presenting cybersecurity risks and solutions to the Board. Notes from Our Discussion with Jerry (3:03) - CISOs as Board members CI...
Jul 27, 2023•27 min•Ep. 12
With a barrage of upcoming cyber regulations, financial firms will need to integrate some of the new requirements into their cyber and resilience programs. Erez Liebermann, Partner at law firm Debevoise & Plimpton, clarifies the key points of relevant cyber regulations that financial firm CISOs should know about. Highlights (1:11) Key trends of the recent cyber regulations (4:26) Pertinent details on the main upcoming cyber regulations for financial firms (12:27) If the four day incident rep...
Jul 12, 2023•45 min•Ep. 11
The scope of the great cybersecurity talent shortage is real. Kristopher Fador, CISO at Bank of America details where the greatest concentration of the shortage is, how to build a good cybersecurity talent pipeline for financial firms of all sizes, and how he views retention and attrition. Highlights (3:44) – The dangers of a lack of mid to senior level talent (7:09) – How Bank of America builds a good cyber talent pipeline (10:10) – Suggestions for smaller firms on building a pipeline of cyber ...
Jun 13, 2023•18 min•Ep. 10
With the help of Chat GPT and other AI tools, financial institutions can make decisions more quickly and with greater precision, but how crucial will human oversight be in the future of financial sector cybersecurity? Bashar Abouseido, MD, Chief Information Security Officer at Charles Schwab talks about the benefits and risks of using ChatGPT and other artificial intelligence in cybersecurity. Highlights (3:11) - How Chat GPT and other AI helps financial institutions leverage data to stay ahead ...
May 23, 2023•34 min•Ep. 9
Tabletop exercises are a crucial component for enhancing threat and vulnerability management plans in fintech. Paige Johnson, Executive Director and Head of Americas Firmwide Simulation Utility at JP Morgan Bank, discusses the origin and development of these exercises. Highlights How exercise scenarios are chosen (7:46) Have exercises turned into reality (10:20) The range of tabletop exercises in use today (12:42) The best ways to engage senior leadership in exercises (17:57) How to start an exe...
May 09, 2023•41 min•Ep. 8
As the global financial sector prepares for the advent of quantum computing, security professionals are at the forefront of developing protocols for post-quantum computing (PQC). George Webster, Chief Security Architect at HSBC, and Peter Bordow, Distinguished Engineer and Chief Architect of Post Quantum Cryptography and Quantum Systems, and Emerging Technology for Information and Cybersecurity at Wells Fargo, discuss the impact quantum computing will have on the financial services industry and ...
Apr 18, 2023•40 min•Ep. 7
Laura Deaner, CISO at Northwestern Mutual, shares her advice for mid-senior professionals who want to become a CISO, the best practices for incorporating artificial intelligence like ChatGPT into the corporate ecosystem, the business case for more diversity in cybersecurity, and more including: (00:52) - The advantages of having the CISO manage both cybersecurity and IT risk management. (04:21) - The importance of being able to translate technical information into the non-technical for an organi...
Apr 04, 2023•34 min•Ep. 6
Dr Boaz Gelbord, Senior Vice President and Chief Security Officer of Akamai, discusses the changing role of the CISO in the advent of new tools that are changing the cybersecurity landscape, why security is becoming a big data problem, and more including: The CISO role is now more integrated with business operations (03:30) How the evolving Internet ecosystem is impacting cyber security (13:20) On the security threats being posed by ChatGPT (15:36) The impact of fraud’s convergence with cyber on...
Mar 08, 2023•40 min•Ep. 5
Meg Anderson, the Chief Information Security Officer (CISO) at Principal Financial Group, talks about the CISO's role in helping a large, multi-national company stay flexible by making sure security controls are in place and managing risks. She also covers: Centralization versus decentralization of cybersecurity controls in a large corporation: (2:10) How to keep a large number of employees up to date on cyber hygiene and awareness: (3:29) Thoughts on whether a security team should be remote: (1...
Feb 21, 2023•34 min•Ep. 4
Ariel Weintraub, CISO & Head of Enterprise Security at MassMutual, discusses the spectrum of her cybersecurity responsibilities, including employee diversity and retention, managing an evolving threat landscape, and incentivizing staff to be more aware of their role in attack prevention. How to address new initiatives and evolving priorities while managing ongoing cyber threats. (25:38 – 26:21) Why an increase in incident knowledge and contingency plans can help business resiliency. (29:04 –...
Feb 07, 2023•55 min•Ep. 3
Jenny Menna, Vice President, Threat Management and Response at Humana, and Member of the FS-IAC Board of Directors discusses the active threats to the insurance and healthcare sectors, including: Which two ongoing threats the insurance and healthcare sectors are monitoring, and how those threats continue to evolve (7:35 – 8:30). The importance of forming a strategy around employee education (11:04 – 12:18). The key to forming relationships that help stakeholders come together when a unified defe...
Jan 24, 2023•38 min•Ep. 2
