Banking Information Security Podcast

Career Insights from Srinvivas Mukkamala of New Mexico Tech. Education, skills, experience - what exactly does it take to make it in an information security career today? Srinivas Mukkamala, an educator and practitioner, offers unique insight on: The necessary mindset for an information security professional; What are the baseline skills? How to keep skills sharp. Mukkamala, one of CAaNES' owners and its interim-Director of Operations, is a senior research scientist with ICASA (Institute for Complex Additive Systems Analysis, a statutory research division of New Mexico Tech performing work on information technology, information assurance, and analysis and protection of critical infrastructures as complex interdependent systems) and Adjunct Faculty of the Computer Science Department of New Mexico Tech. He leads a team of information assurance (IA) "first responders" who are deployed at the request of various government agencies and financial institutions around the state of New Mexico to perform vulnerab

What's one of the biggest threats to Florida banking institutions? Regulatory reform, according to Alex Sanchez, head of the Florida Bankers Association. "We're easy targets," says Sanchez, who fears Main Street institutions will take it on the chin from legislators for economic mistakes made by Wall Street and non-banking firms. In an interview on the state of banking in Florida, Sanchez discusses: Top banking challenges; Biggest security threats; The potential impact of regulatory reform. Sanchez serves as President and Chief Executive Officer of the Florida Bankers Association (FBA). Founded in 1888, and located in Tallahassee, the FBA is the leading voice for Florida's banking industry. Sanchez' responsibilities include representing and advocating for Florida's banking industry before all legislative and regulatory bodies in Tallahassee and in Washington. Before joining the FBA, he was an attorney at Sinclair Louis, a Miami based law firm, specializing in business law; Consolidated Bank, Assistan

With Howard Schmidt's appointment as national cybersecurity coordinator, his role as president of the Information Systems Security Association (ISSA) has been filled by Kevin Richards, a risk management advisor with Crowe Horwath. In an exclusive interview, Richards discusses: Top agenda items for ISSA in 2010; Biggest information security threats; Best opportunities for information security professionals. Richards has served on the ISSA International Board since 2003, initially in a global chapter relations capacity and then as the international vice president since 2007. A past president of the Chicago ISSA Chapter, Richards is an information security and risk management advisor for Crowe Horwath with more than 18 years of experience in information security, business continuity and enterprise risk management. His expertise ranges from risk analysis and program design to information security and business continuity program development and leading practices.

Risk management today - it's less about pure technology, more about business acumen and pure communication skills. This is the position of Kenneth Newman, VP & Information Security Manager at Central Pacific Bank. In an interview about top risk management trends, Newman discusses: Scope of the risk management job in banking institutions today; Biggest challenges to getting the job done right; Necessarily skills for successful risk managers. Newman joined Central Pacific Bank as Vice President & Information Security Manager in February 2009. He oversees the bank's information security program and the protection of its information assets. Prior to joining CPB, Mr. Newman served as First Vice President & Online Risk Manager for Washington Mutual (WaMu) and has managed various global and regional security and risk functions for Deutsche Bank and Citigroup in New York. Central Pacific Bank is the main subsidiary of Central Pacific Financial Corp., a Hawaii based financial institution with $5.2 billion in ass

What's the cost of a data breach? The Ponemon Institute is out with its 5th annual "Cost of a Data Breach" study, and in an exclusive interview Dr. Larry Ponemon discusses: The current cost of a data breach - and how it's risen since 2009; Data breach trends across industry; What organizations should do to respond to or prevent breaches. Ponemon is the Chairman and Founder of the Ponemon Institute, a research "think tank" dedicated to advancing privacy and data protection practices. Dr. Ponemon is considered a pioneer in privacy auditing and the Responsible Information Management or RIM framework. Ponemon Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a various industries. In addition to Institute activities, Dr. Ponemon is an adjunct professor for ethics and privacy at Carnegie Mellon University's CIO Institute. He is a Fellow of the Center for Government Innovation of the Unisys Co

President Obama this past week made strong remarks to spur Congress and populist support toward banking regulatory reform. But what's likely to happen? And when? "There might be stronger regulatory reform than people thought six months ago," says Christie Sciacca, formerly with the Federal Deposit Insurance Corporation, currently a director with LECG in Washington, D.C.. In an exclusive interview, Sciacca discusses: The substance of Obama's proposals; What's likely to occur in regulatory reform; Whether reform will occur in 2010. Sciacca spent 13 years at the FDIC, where he led examination, supervisory and bank rescue transaction projects in Detroit, New York, and Washington DC. From 1983-1986, Sciacca was Assistant to the Chairman, representing the Chairman on interagency matters, at bank trade association meetings and on all operational and policy matters. Sciacca served as the FDIC's representative on the Vice President's Task Group on the Regulation of Financial Services. In 1996, he returned to t

Credit reports, social networks and international background checks - these are three of the hottest topics in employment background screening, according to Employment Screening Resources (ESR), a CA-based firm. In an exclusive interview, Lester Rosen, President and CEO of ESR, discusses: The top 10 trends in background screening in 2010; Specific challenges for information security leaders; How to improve your organization's background screening process. Rosen, a retired attorney, founded ESR in 1996. In 2003, that firm was rated as the top screening firm in the US in the first independent study of the industry in research report prepared by the Intellectual Capital Group, a division of HR.com. He is a consultant, writer and frequent presenter nationwide on pre-employment screening and safe hiring issues. His speaking appearances have included numerous national and statewide conferences. He has qualified and testified in the California, Florida and Arkansas Superior Court as an employment screening e

Interview with Lydia Parnes, Former Director of the FTC's Bureau of Consumer Protection Privacy, data security and consumer protection - three of the top concerns to organizations everywhere. And they are three of the topics nearest and dearest to Lydia Parnes, former director of the Federal Trade Commission's (FTC) Bureau of Consumer Protection. Now a partner in the Washington, D.C. office of Wilson Sonsini Goodrich & Rosati, Parnes works with organizations to ensure their privacy and security policies. In an exclusive interview, Parnes discusses: Current trends in privacy, data security and consumer protection; The greatest challenges to organizations entrusted with ensuring these protective measures; How the public and private sectors are likely to work together to tackle these challenges this year. Parnes' current practice focuses on privacy, data security, Internet advertising, and general advertising and marketing practices. The former director of the Bureau of Consumer Protection (BCP) at the

Interview with Brian Hurdis, EVP Technology Services, FIS Third-party service providers are a staple of banking services in the information era. How can banking institutions get the most from these relationships? Brian Hurdis, executive vice president of technology services at FIS, discusses: The biggest information security challenges facing banking institutions in 2010; Solutions to help overcome these challenges; How institutions and service providers can collaborate to get the most out of the vendor relationship. Hurdis joined FIS in October 2009 with the company's acquisition of Metavante Corporation. Previously, Hurdis served as senior executive vice president of operations and service delivery and chief information officer for Metavante, a position to which he was appointed in July 2008. In this role, Hurdis was responsible for service delivery, development operations, project management, call center and item processing operations. He was also a member of the company's Executive Committee. Hurd

What are the key risk management challenges for the nation's credit unions, and how can they best meet them? Wendy Angus, Director of Risk Management at the National Credit Union Administration (NCUA), discusses: The biggest risk management issues facing credit unions today; How credit unions can overcome these challenges; Advice to institutions looking to improve their approach to risk management. Prior to joining NCUA in 1996, Angus worked as an examiner with the Office of Thrift Supervision and an auditor in the securitization and asset sale operation at the Resolution Trust Corporation. During her 13 years at NCUA, she has played many roles within the agency. Beginning December 14, 2009, she became the Director of Risk Management in the Office of Examination and Insurance. In this position, she serves as the primary caretaker of the National Credit Union Share Insurance Fund, oversees administrative action nationwide, quarterly call report data collection and analyses, and works with the regional

What are the new year's top trends in banking, payments and security? Javelin Strategy & Research has just released its Top 10 Trends report for 2010. James Van Dyke, president of Javelin, discusses: Top headlines from the new report; Biggest threats to banks, payments and security; The "next big thing" in banking. Van Dyke is founder and president of Javelin Strategy & Research. Javelin is the leading provider of independent, quantitative and qualitative research for payments, multi-channel financial services, security and fraud initiatives. Javelin's clients include the largest financial institutions, card issuers and technology vendors in the industry.

Information security is the hot career option for professionals in 2010 and beyond. This is the prediction of David Foote of Foote Partners, the FL-based consultancy that tracks IT skills and competencies. In a look ahead at 2010 and beyond, Foote discusses: the security careers "bubble" and how it began; the wave that has driven the surge in security jobs; predictions for 2010-2012. Foote has long been one of the nation's leading industry analysts tracking, analyzing and reporting on IT workforce management and compensation practices, trends and issues. His columns, articles and contributions appear regularly in dozens of publications. As Foote Partners' CEO and Chief Research Officer since 1997, David leads a senior team of experienced former McKinsey & Company, Gartner, META Group, and Towers Perrin analysts and consultants, and former HR, IT, and business executives, in advising governments and corporations worldwide on increasing performance and managing IT's impact on their businesses and custome

Malware is increasingly sophisticated, and social media are the common new venues for attacks. These are the headlines from the latest Cisco Annual Security Report. Patrick Peterson, Cisco senior fellow, offers highlights of the report, discussing: Top trends and threats; The risks to specific vertical industries and government agencies; The message to information security professionals looking to stay ahead of the threats. Peterson, Chief Security Researcher, is also a Cisco Fellow -- a position that is reserved for individuals whose technical contribution has made a material impact not only within Cisco, but also in the industry as a whole. As a security technology evangelist, Peterson leads research projects to understand cutting-edge criminal attacks and business models and developing the technologies to combat them. Peterson chairs the technical committee for the Messaging Anti-Abuse Working Group (MAAWG) and the authentication committee for the Authentication and Online Trust Alliance. He is a frequ

In the fall of 2008, we first spoke with Mike Jacobson, chair of the Nebraska Bankers Association, asking him about the state of customer confidence on Main St., vs. on Wall Street. One year later, we reconnect with Jacobson to discuss: The state of banking in Nebraska now; How community banks have been hurt by Heartland and other fraud incidents; The major challenges for banking institutions in 2010. Jacobson, a lifelong resident of Nebraska, is chairman, president, and CEO at NebraskaLand National Bank in North Platte, and he currently is serving out a term as chair of the Nebraska Bankers Association.

The Advanced Persistent Threat - what exactly is it, and how are organizations vulnerable? Ron Gula, CEO of Tenable Network Security, explains the threat and the challenges to mitigating it. In an exclusive interview, Gula discusses: Why some organizations are especially vulnerable; Strategies and solutions that are most effective against the threat; Where to start if you feel your organization is exposed.

It's been over one year now since banking regulators began examining institutions for compliance with the Identity Theft Red Flags Rule. What have been the common deficiencies, and what will examiners be expecting in year two? Jeff Kopchik, senior policy analyst with the Federal Deposit Insurance Corporation (FDIC), discusses: The three key deficiencies of Red Flags compliance; How examiners will approach Red Flags exams in 2010; Ways institutions can improve their Red Flags compliance. Kopchik was the Team Leader of the FDIC's 2004 study "Putting an End to Account-Hijacking Identity Theft." He was the FDIC's primary representative on the FFIEC staff working group that drafted the 2005 guidance on Authentication in an Internet Banking Environment. Kopchik was also involved in interagency rulemaking efforts to comply with the Fair and Accurate Credit Transactions (FACT) Act, and was involved in the creation and implementation of the Gramm-Leach-Bliley Act (GLBA) interagency information security guidelines

Marcus Ranum has a unique take on the biggest information security threats to organizations and individuals. A renowned expert in secure systems and design, Ranum, currently the CSO of Tenable Network Security, offers a new look at topics such as the risks of cloud computing and what he calls the myth of cyber warfare. In an exclusive interview, Ranum discusses: The biggest security concerns of 2010; Which threats get the least attention; Why penetration testing is often a waste. Ranum, since the late 1980s, has designed a number of groundbreaking security products including the DEC SEAL, the TIS firewall toolkit, the Gauntlet firewall and NFR's Network Flight Recorder intrusion detection system. He has been involved in every level of operations of a security product business, from developer, to founder and CEO of NFR. Marcus has served as a consultant to many FORTUNE 500 firms and national governments, as well as serving as a guest lecturer and instructor at numerous high-tech conferences. In 2001, h

Interview with Jay Foley of the Identity Theft Resource Financial scams and incidents of medical identity theft are on the rise - and they're among the main threats to business and consumers in 2010. This is the warning from Jay Foley, executive director of the Identity Theft Resource Center. In an exclusive interview, Foley discusses: The major ID theft threats and trends for 2010; The industries most at risk; What information security professionals can do to help prevent ID theft. Responding to an explosive rise in identity theft crimes, Jay and Linda Foley established the Identity Theft Resource Center (ITRC) in 1999 in order to provide education and victim assistance to consumers and businesses. As Executive Director of the ITRC, Jay is today recognized nationally as an expert on identity theft issues. Frequently addressing national, state and community organizations, Jay travels throughout the United States providing training for businesses, consumers and law enforcement. He has appeared befo

Interview with Wade Baker and Alex Hutton of Verizon Business Earlier this year, Verizon Business unveiled its much-heralded 2009 Data Breach Investigations Report. Now, the company has just released its 2009 Supplemental Data Breach Report, which reveals the 15 most common attacks against organizations. In an exclusive interview, Wade Baker and Alex Hutton of Verizon Business discuss: The trends uncovered in the supplemental report; How the threat landscape varies by industry; What organizations and individuals can do to better protect themselves. Baker, research and intelligence principal with Verizon Business, has more than 10 years of IT and security experience. His background spans the technical-managerial spectrum from system administration and web development to data analysis and risk management. He is one of the primary authors of the groundbreaking Verizon Business Data Breach Investigations Report. Hutton, research and intelligence principal with Verizon Business, has served as a consult

What's ahead for information security professionals in 2010? Barbara Massa, VP of Global Talent Acquisition at McAfee, Inc. speaks to the results of the new Information Security Today Career Trends Survey, discussing: How the results speak to the maturity of the information security profession; The survey's message to CISOs; The value of recruitment and retention in the year ahead. Massa joined McAfee in June, 2009. For the 10 years prior to joining McAfee, Barbara led the Talent Acquisition function at EMC and Documentum respectively (Documentum was acquired by EMC in December of 2003.) Barbara's prior work includes leadership positions in the recruiting organization at Cadence Design Systems and at an external recruiting firm.