Navigating the Future of Cybersecurity: Insights from Three Leading CISOs in the Payment Industry

CISO Conversations: Three Leading CISOs From the Payment Industry

Becoming a CISO

Senior CISOs in the payments industry have taken varied paths to their current positions. Many started their careers in different fields and transitioned into cybersecurity later on. This untraditional career path reflects the evolving nature of cybersecurity and the need for professionals to adapt and learn as the industry changes.

One example is Matthew Donnelly, Head of Global Compliance and Security at FreedomPay. Donnelly originally studied political science but became interested in business. He gradually took on IT roles and expanded his knowledge through night school and self-study. Eventually, Donnelly joined FreedomPay and worked his way up to the position of CISO.

Rinki Sethi, CISO at Bill.com, had an early encounter with cybersecurity when her father placed a keylogger on her computer as a teenager. She objected and removed it, eventually developing a script to remove the malware automatically. Sethi studied computer science engineering in college and started her cybersecurity career in the role of Information Protection. She then gained leadership positions at prominent tech companies before becoming a CISO.

Al Berg, CISO at Tassat, started his career as a network engineer and transitioned to cybersecurity as the internet evolved. He attended hacker conventions and learned through self-study, eventually becoming the “security guy” in his company. Berg held leadership positions at the New York Stock Exchange, Liquidnet, and Endava before joining Tassat and exploring the field of blockchain.

Are Leaders Born or Made?

The paths taken by these CISOs suggest that leadership is a combination of innate qualities and learned skills. Berg initially believed that management was for those who couldn’t do the real work, but he eventually realized the skill and importance of leading. Good leaders learn to delegate, avoid micromanaging, and cultivate a supportive environment for their team. Sethi also recognized her initial shortcomings as a leader and focused on being a good manager and empathetic supporter of her team.

While some leaders may possess innate qualities that make them well-suited for leadership roles, anyone can develop leadership skills with the right mindset and willingness to learn. A successful CISO must possess technical expertise but also have the ability to lead and inspire their team.

Building and Maintaining the Security Team

Gaining Talent

One of the biggest challenges for CISOs is finding and recruiting cybersecurity talent. There is a shortage of skilled professionals, and the ideal candidate should have both experience and qualifications. However, gaining experience and obtaining qualifications can be mutually exclusive, especially for newcomers.

Rinki Sethi emphasizes the importance of a precise specification when seeking talent. It is essential to question whether specific qualifications or years of experience are truly necessary, as too strict requirements can limit the talent pool. Additionally, she believes that building a strategy focused on innovation and leveraging automation can help attract and retain talent in a competitive field.

Matthew Donnelly emphasizes the importance of relevant experience in candidates but avoids poaching employees from other companies. He utilizes both external and internal recruiters and actively searches for individuals with availability and relevant backgrounds.

Al Berg suggests exploring underutilized sources of cybersecurity talent, such as veterans. Military veterans often possess diverse skills, exceptional training, and a strong work ethic.

The Need for Certifications

The importance of cybersecurity certifications varies among CISOs. Donnelly views certifications as essential, as they demonstrate an individual’s willingness to go the extra mile and learn about cybersecurity. Berg encourages his team to obtain certifications as a baseline of knowledge and a tool for career advancement. However, he prioritizes potential and the ability to learn in the initial selection process.

Embracing Diversity

Diversity within the security team is crucial for different perspectives and problem-solving approaches. All three CISOs recognize the importance of diversity in their teams. Sethi believes that diversity in the team reflects the real world and can lead to creative solutions. Berg acknowledges the tech industry’s lack of diversity and emphasizes the need to actively seek a diverse workforce. Donnelly highlights the value of neurodiverse candidates, as they can bring unique perspectives and out-of-the-box thinking to the team.

However, achieving diversity can be challenging for smaller companies with limited security teams. It requires conscious efforts to build a diverse candidate pipeline and may require candidates from minorities to work harder to gain the necessary certificates and qualifications.

Retaining Talent

Preventing Staff Churn

A vital aspect of a CISO‘s role is retaining talented cybersecurity staff. The two main reasons for staff turnover are better opportunities elsewhere and burnout. To prevent employees from leaving for greener pastures, CISOs can focus on making current positions comfortable and fulfilling. Additionally, fostering good relationships and ensuring communication within the team can reduce turnover.

Good relationships also play a crucial role in preventing burnout. CISOs must provide interesting tasks, avoid micromanaging, and ensure their team members feel supported. Recognizing the signs of overwork, especially in remote working environments, is particularly important. CISOs should actively engage with their team members and encourage breaks and self-care.

Encouraging Career Growth

CISOs should strive to create a career path within the organization for their team members, involving both remuneration and position growth. This can help retain talent and provide a sense of progress and accomplishment. Celebrating individual achievements and allowing team members to contribute to the organization’s success can foster a strong team spirit.

Future Threats

Challenges in Cybersecurity

CISOs face challenges related to the rapidly evolving cybersecurity landscape. Rinki Sethi believes that the industry is struggling to keep up with the latest threats due to a lack of innovation and a shortage of skilled professionals. The cybersecurity space needs to find ways to attract and grow the talent pool to meet industry demands.

Matthew Donnelly and Al Berg express concerns about social engineering. Donnelly worries about external threats arising from geopolitical tensions that can disrupt global payments. He also emphasizes the importance of addressing social engineering attacks targeting the workforce. Berg shares similar concerns and believes that as technology improves, attackers become more adept at psychological manipulation. The rise of artificial intelligence may further facilitate social engineering attacks, including deepfake voice phishing and fraud campaigns.

Conclusion

The insights from these leading CISOs in the payments industry demonstrate the diverse paths people can take to become successful security leaders. Their experiences emphasize the importance of seizing opportunities, continuous learning, and embracing change. Building and maintaining a talented security team require openness to different backgrounds, skills, and experiences.

CISOs must find innovative ways to attract and retain talent and foster a supportive and fulfilling work environment. Preventing burnout and supporting employees’ career growth are crucial for maintaining a motivated and skilled cybersecurity team.

Looking ahead, CISOs must stay vigilant against emerging threats, address the industry’s talent shortage, and continuously adapt to the evolving cybersecurity landscape. By prioritizing innovation, diversity, and effective leadership, CISOs can navigate the challenges and ensure the security and resilience of organizations in the face of future threats.