HOME | COUNTRIES | CITIES | COMPANIES | SPORTS | CARS
news videos images websites



Welcome everybody it's Georgia from cybercrime magazine and we're here for our first ask the seaso event it's December 13th 2018 and. I'm here interviewing. Jason woody welcome thank you very much thanks for coming down here today Jason you're the Eevee executive vice president and CEO for US Bancorp. Correct that's right how long have you been with the US Bancorp it's coming up on right around seven years okay so how long have you been in cybersecurity about 25 years and 19 of that in the banking or financial services sector before that it was in aerospace okay so we're talking to a lot. Of other CISOs tonight on camera and this interview won't be seen by a lot of CISOs around the world what is it that you'd like to tell them. First and foremost I feel your pain how we're all in this together obviously there's there's been a lot that's been changing on the internet on the population of devices that are being. Connected the type of devices being connected all of that is sort of a a large amount of stuff that we would have. To deal with and then we have a an even more rapid pace of change of technology innovation that's happening that we're also having to deal with so it's. It's constantly wearing multiple hats and yeah that makes it pretty challenging pretty challenging but also really interesting and exciting so how do you go about finding the best professionals to work for you in this. Climate yeah I think that's one of the biggest problems also SAP is just there is a shortage of talent and there's been different. Studies that have been out there you know I've seen numbers. Like globally by 2020 we'll have a shorter just six million you know positions. We're predicting 3.5 million unfilled by 2021 yeah so there you go so there's there's different numbers that are published on that but the the net-net of it is that there is a supply. And demand problem right now all of us are implementing some kind of a strategy for how to handle that we've implemented sort of a almost like a Disney branding type strategy where sort of when you think about Disney you don't think about you know immediately if I said the word Disney you you don't think Mickey Mouse think Mickey Mouse. And then you think in the Mickey ears and the ears you see on stuff and then the theme parks and the cursive sort of Disney word. And so it's a multitude of things it's not one thing they did so for us for example we. Were always attending conferences on purpose looking for talent we're very specific about which conferences we want to go to we. Are always looking for people and interviewing people even though we don't have positions open or even when we don't have positions open we've also partnered with universities and there's four universities every year that we do. Scholarships for for people that gives us 16 people per year that were sort of watching from a pipeline standpoint we pipeline those people into our internship programs so that helps sort of try before you buy gives them an. Opportunity to see corporate sort of corporate life gives us the ability to see how they're gonna operate in it we also partner with military or one of the largest iron of military leaders in banking that's fantastic we've gotten a few wards for that but it's it's doing all of those things and then we're always looking for more ways. That we could also fill a pipeline whether it's participating in women in technology whether it's targeting girls who code right we've just been in that we actually just did a cyber badge for the Girl Scouts that was really cool and you know the CEO of the Girl Scouts will be here tonight that's fantastic I. Have to talk to her she's uh Sylvia Acevedo she we better leave her we nominated her cybersecurity person of 2018 because nice so I didn't realize that you were also involved yeah yeah yeah so we did that in Cincinnati Market which is. Pretty huge for US bank and yeah one over really really well so you agree that there's a little bit of a PR problem or branding problem with. Cybersecurity as a career. I wouldn't say that I think it's a new field it's an immature field you know you can argue that cybersecurity has existed since the 1950s but even as late as 1990 when you thought. About information security you probably thought firewalls and maybe a little bit of monitoring and probably access control not a whole lot more than. That and it's just it's changed so dramatically that there are you need so many different simultaneous skill sets or to specialize so highly in order to be super good at one information security vertical that it's just finding those specialties and finding the people that thought about. Getting into a stem type process in the first place who then got interested in the computer side of that who then figured out oh wow securing those computers is quite lucrative and or you. Know interesting and important essential sure absolutely so cyber security is changing a lot I know we. Were talking earlier about a shift in internet security to Internet safety can you elaborate a little bit about that yeah so I did I mentioned the multiple hats thing previously that's one of the toughest jobs the toughest aspects of the job of being a CSO is you have to be a. Business leader first you have to be a risk manager you have to be a compliance manager you have. To understand the compliance regime that your company fits in but you also have to be somewhat technical and in order to understand the nuances and you have to be somewhat policy and in in order to understand the implications. Of those nuances on broader topics and then you layer onto that the technology environment itself has been explosively growing but is now even more explosively growing with the Internet of Things with artificial intelligence machine learning with a lot of these newer digital cloud you know. Technologies continuous integration continuous delivery type of modern software development so with all those things happening there's just a tremendous amount that's going on and then you also have to speak Klingon all day and speak English to the board and all these other things that increasingly is important as it business leader there's. A translation issue I'm sure between technology people and business people for sure and the CISOs help kind of bridge that gap quite a bit absolutely we want to thank all of the CISOs who are participating in the Eska season series for that tell me a little. Bit about this Internet of Things problem I mean what. Are some of the. Issues that we're going to see moving up as far as these safety concerns so it's it's. Really interesting when I talk publicly about information security I usually preface by saying that I'm here to educate you not to scare you because we as information security people see what would scare normal people like we see that all the time right it's just not scary that there's some new malware. That's jumping from computer your computer it's always happening right but there are some things that truly are changing the game that are coming up right self-driving cars. That is a complete game changer if you design that for failure first that can actually save tens of thousands of lives per month when you take out the human error factor right so I'm personally I I think self-driving car is a really good idea I do think that you have. To design for failure right you have to seek out people who are gonna try and break your stuff on purpose get them the responsibility to disclose it try and design it right from. The first place but recognize you won't always compartmentalize your design so why do the brakes need to talk to the radio and needs to talk to the internet right that type of thing but done well we can we. Can manage those types of risk but the more of those types of things that happen that aren't done well society's going to struggle with the life safety issues that come with the Internet of Things and when you have pacemakers with bluetooth and you have defibrillators that are connected to the network and you've got you. Know the morning probably virus shut down something like 65 UK hospitals last year right I mean that's like real one and and they weren't even being targeted that was just those sort of accidental hit the whole internet but you know that that I think is going to be one. Of those game-changing things when you've got artificial intelligence that's actually operating to break into your network and if you're not thinking about how you have defense in an artificial intelligence world that's game-changing right there was some really interesting research that a couple of researchers did and then they had a TED talk it's about eight minutes phenomenal it's deep. Fakes and if you saw that it is fascinating they. Basically took a series of google images of president obama and then a series of youtube videos that he had recorded and they fed all of that into an artificial intelligence machine learning engine and built a 3d model just off of the images of President Obama's face and mouth and jaw and from. Every angle and then they took all of the audio and they chunked all that up into syllables and every intonation and every word made it look like a real video did nine of them you can't even tell that they're not the speed that that. Was not an actual speech beginning so you know we talked about ransomware we talked about business email compromise right business email compromise imagine how crazy that would be if it looks like your boss maybe your boss was FaceTime exactly yeah or skyping you or whatever whatever and like. You know telling you hey I'm gonna do this thing send some money. To China you know so it that's what keeps it interesting that's what keeps it exciting it can be definitely exhausting as well so you're saying that as these inventions and Internet of Things devices. Come out even if its operational technology or a smart driving car or whatever. You need to be aware in the supply chain that every little piece could be a vulnerability absolutely and you have to treat it that. It's going to be part of a hostile environment and design accordingly right how many employees do you have who work in cyber security for the US Bancorp for us it's about 700 okay and then how many employees overall 70 2007 issue yeah um yeah I wrote it down 72 470 do you think thank. You um I couldn't just look down at my paper so how do you train all of these employees to be aware that there could be business email compromised or there could be you know. Or ransomware attack or you know a phishing scam or any kind of thing like that I mean how do you go about a training for that yeah a large amount of people it's. Again back to the Disney analogy it's it's multiple things at the same time we have all financial institutions have mandatory training requirements on certain types of things information security happens to be one of them AML oh fak lots of other stuff too but everybody's gonna have some baseline of information security training it's. Mandated above that we focus on employee behavior and trying to make sure that we are detecting if there's sort of massively wrong behavior or you know someone's got a virus on a computer or something like that but also trying to shape the behavior in a. Positive direction so phishing testing is extremely educational when you have that teachable moment like a big US bank logo. This was a tests. You failed you know this was real your computer be being rebuilt right now you probably don't want that pain I've been through it you know be more careful with. What you click on so we do that we do a lot of webinars. And that sort of thing as well we have poster campaigns we do every quarter we have the benefit that our CEO is is really quite focused on ensuring that the management of the company is all sort of rowing in the same direction it's a one u.s. bank thought process we all know what the goals are and one of. The routines for that is is that there's a monthly call with most of the leaders on in the organization and so we're also able to get security messaging out that way and then you've also obviously got things like board you know education and senior leader education. And that sort of. Thing so for us risk is really at the core of our DNA just being able to manage risk it's just quarter what we do so then fitting information security into that overall risk message is a lot easier I. Mean a lot of CISOs say the same thing no matter what vertical they work in whether it's healthcare finance or anything else for that matter entertainment but do. You think that there is anything that differentiates the financial sector or the banking sector as a CSO and your and your job other challenges that you face that are unique yeah I would definitely say there are I mean the first one is we're going to be attacked a lot with. Very seriously funded adversaries who were trying to get money right so that's where we are where the money is that that that's gonna be different the other thing. I would say is that because of safety and soundness and the fact that no Bank competes on safety and soundness we all share information with each other very openly when it comes to attacks whether it's physical attacks or or cyber attacks so the the amount of knowledge that we all have collectively around. What's going on in the financial services sector is just incredible I think you know I'm the chairman of the financial services information sharing and analysis Center at Messiah sack is that that's. Based in New York it's actually based in DC but a lot of members are in New York but that organization if you were to print the amount of intelligence that's being shared bank to bank and in targeted government products law enforcement publication to you know that are to the financial services sector you printed all that it before reams. Of paper per day so it's it's quite a lot of volume and how we're all sharing you know what subject lines are we seeing or what you know bad hashes of the day are or IP addresses that are trying to break in or you know that type of thing so the private sector is helping. The government as well when it comes to that stuff yeah it's definitely a partnership and the whole idea. Of the ice axe is that there's sharing within a sector and then they're sharing between the sector and the government and then they're sharing between the government and the sector so what technology business drivers and strategies are you working with right. Now to affect the security yeah I'd say the the whole financial services industry is going through a digitalization sort of revolution is probably not the right word but it's explosively growing how much. We're digit digitizing and along. With that comes a lot of newer technologies like continuous integration. Continuous development type modern software application development cloud technologies most of the find large financials are experimenting with artificial intelligence machine learning right now we have been since 2015 got a couple of things that are. Really cool they're going that I can't talk about blockchain is another one that's a game-changer if you got blockchain right for a community blockchain for different types of banking information that could be absolutely game-changing and in terms of no Bank having to do settlement anymore that would just be huge. I mean you've got thousands of persons teams doing a settlement that you know that type of. Thing is really promising and then you've got things like everyone opening up automated programming interfaces so that your app can go find all the ATMs without actually having to log into something and go find the ATMs right you've already pre authenticated that information and. Made it available right so that then enriches the different types of things you can do app to app or cloud. To cloud or bank to bank or customer to bank it's it's really all of that is sort of revolutionising the payments process in the future super interesting and I guess are there going to be a lot more laws and regulations and audit processes around these things where is it pretty much free right now to experiment with. These technologies yeah that's almost a comical question so banking and that's one of the other different shares is were one of the highest regulated yeah yeah but what about these people what about you know like an access control system or an app or something that opens like a bank door or. Anything like that or ATM vestibule or. Anything that is a vulnerability to physical vulnerability. So we're what I would the way. I'd answer that is we are already highly regulated for anything and any type of big change has to go through a change management process which has to have you know multiple types of reviews associated with it and. It's that part of your role as a C so absolutely yeah absolutely and any of the large financial institutions will have teams that do pretty much nothing but evaluate business change risk and figure out if. It's within risk appetite or not what I think's really game-changing though with these newer technologies is is that we we have the ability for the first time to not have all the legacy processes and the legacy systems and all that we actually have an opportunity to build a virtual data. Center from scratch from the ground up in the cloud while still securing the data doing things like utilizing tokenization to pull the real data out so that you just have a token that you're using in the cloud or you know encrypting the data with keys that the provider doesn't. Have access to you keep those on on-premise there's a lot of cool things that you can do where you bake the security and from the ground up and then automate it and have those controls continuously available and continuously evidenced as well so there's you have to do it right you. Have to be very thoughtful about how you. Apply those sorts of things but if you think back 10 years ago security people are all freaked out about Wi-Fi sure and the cloud right yeah and now it's it's becoming securable it's becoming safe it requires that you're very deliberate but there are certainly ways of doing. It to enable the business to move a lot faster and make decisions a lot faster in the space Jason this has been really interesting I really appreciate you coming down tonight for our ask the seaso series absolutely it's sponsored by Ford Annette and they are. Also sponsoring our event tonight which I hope. You'll stay for is there anything that you wanted our readers to know that you're particularly excited about before we go I'm excited for the next two years I expect to be such a high pace of change that it's that that pace is going to eclipse the last 20 years in information. Security Wow there's just that much new stuff happening and that's really exciting.

 


US Bancorp Company News

Wed, 17 Apr 2019 07:00:00 GMT
Can U.S. Bancorp make its digital cross-selling strategy work? - American Banker
<ol><li> Can U.S. Bancorp make its digital cross-selling strategy work? American Banker</font></li><li><a href="/url/?u=https://www.wsj.com/articles/u-s-bancorp-posts-higher-profit-driven-by-net-interest-income-increase-11555499842" target="_blank">U.S. Bancorp Plans to Cut Branches by 10% to 15% Wall Street Journal</font></li><li><a href="/url/?u=https://www.bizjournals.com/twincities/news/2019/04/17/u-s-bancorp-could-close-up-to-450-branches.html" target="_blank">U.S. Bancorp could close up to 450 branches systemwide Minneapolis / St. Paul Business Journal</font></li><li><a href="/url/?u=https://www.thestreet.com/investing/earnings/us-bancorp-earnings-in-line-with-analysts-forecasts-14929731" target="_blank">U.S. Bancorp Posts Earnings in Line With Analysts' Forecasts TheStreet.com</font></li><li><a href="/url/?u=https://www.fool.com/earnings/call-transcripts/2019/04/17/us-bancorp-usb-q1-2019-earnings-call-transcript.aspx" target="_blank">US BANCORP (USB) Q1 2019 Earnings Call Transcript The Motley Fool</font></li><li><strong><a href="/url/?u=https://news.google.com/stories/CAAqOQgKIjNDQklTSURvSmMzUnZjbmt0TXpZd1NoTUtFUWpBOTZmcWpZQU1FUlAxWHl1d01WMzFLQUFQAQ?oc=5" target="_blank">View full coverage on Google News</a></strong></li></ol>
Thu, 09 May 2019 20:00:00 GMT
Should Investors Still Care About U.S. Bancorp (USB), Canadian Natural Resources Limited (CNQ)? - Post Analyst
Should Investors Still Care About U.S. Bancorp (USB), Canadian Natural Resources Limited (CNQ)? Post Analyst U.S. Bancorp (NYSE:USB) recently ticked lower on weak volume. About 4130389 contracts were traded on 08-May-19 compared to daily average volume of ...
Wed, 17 Apr 2019 07:00:00 GMT
U.S. Bancorp (USB) Q1 Earnings Meet Estimates, Revenues Up - Nasdaq
U.S. Bancorp (USB) Q1 Earnings Meet Estimates, Revenues Up Nasdaq Riding on higher revenues, U.S. Bancorp 's USB first-quarter 2019 earnings per share of $1.00 came in line with the Zacks Consensus Estimate. Also,.
Wed, 24 Apr 2019 07:00:00 GMT
U.S. Bancorp Doing Fine And Ready To Start Making Some Moves - Seeking Alpha
U.S. Bancorp Doing Fine And Ready To Start Making Some Moves Seeking Alpha U.S. Bancorp had a very ordinary quarter, with no major surprises and healthy commercial loan growth. With the rate cycle largely played out, internal drivers w.
Thu, 09 May 2019 11:10:19 GMT
Is It Right Time to Be Bearish on Flex Ltd. (FLEX), US Bancorp (USB)? - Financial Mercury
Is It Right Time to Be Bearish on Flex Ltd. (FLEX), US Bancorp (USB)? Financial Mercury The shares of Flex Ltd. (NASDAQ:FLEX) has been pegged with a rating of Neutral by JP Morgan in its latest research note that was published on January 2nd, ...
Thu, 09 May 2019 13:57:00 GMT
Quality, Value, And A Little Bit Of Growth - Bank Of America Seems To Offer Quite A Bit - Seeking Alpha
Quality, Value, And A Little Bit Of Growth - Bank Of America Seems To Offer Quite A Bit Seeking Alpha Bank of America seems to offer an attractive trade-off of quality, value, and some growth potential at this point in the bank cycle. Bank of America has a well-
Thu, 18 Apr 2019 07:00:00 GMT
U.S. Bank plans to close hundreds of branches in the next 2 years - Bring Me The News
U.S. Bank plans to close hundreds of branches in the next 2 years Bring Me The News U.S. Bancorp is planning to close hundreds of branches across the country over the next few years, amid a change in the way consumers are accessing banking ...
Thu, 09 May 2019 11:16:00 GMT
Hot Stock Roundup — US Bancorp (USB) - Stock News Stop
Hot Stock Roundup — US Bancorp (USB) Stock News Stop U.S. Bancorp (USB) lost -0.65% with the finishing price of $52.22 in Wednesday Trading Session. The stock price showed -6.00% downward in value from one ...
Wed, 17 Apr 2019 07:00:00 GMT
U.S. Bank execs see economy chugging along, as current expansion nears record - Star Tribune
U.S. Bank execs see economy chugging along, as current expansion nears record Star Tribune U.S. Bancorp leaders on Wednesday joined the parade of top bank executives with an upbeat outlook for the U.S. economy just as it's on the verge of the longest ...
Thu, 09 May 2019 19:23:00 GMT
Trump Housing Watchdog Moves to Ease Fines He Helped Banks Fight - Bloomberg
Trump Housing Watchdog Moves to Ease Fines He Helped Banks Fight Bloomberg Brian Montgomery spent years helping lenders fight fines for faulty mortgage underwriting before President Donald Trump nominated him to run a key housing ...