[David] Listeners, we’ve been talking a lot lately about some technical aspects, things, not so sexy per se, but man, they can get expensive. We don’t look at these things and pay attention to them. Recently, we talked about the anti-money laundering and the bank secrecy act. That was a podcast we just released. You go Lykken what’s going on with you. Your podcast fun. We’re going to have some fun today because we have joining us, Eric Hussey, who is someone is a bit of a celebrity in the space. He knows this space extremely well, and we’re talking about cybersecurity. Eric, so good to have you with us.
[Eric] Thank you, David. Great to be here.
[David] I appreciate the partnership we have with Finastra and specifically what you guys bring to our industry and there’s so much talent. We’ve had so many really good guests recently. Now, you have been working in this space for some period of time. You’re a Senior Vice President, Chief Information Security Officer at Finastra and I would like to have you start by sharing some of your background that got you to where you’re at as an SVP of security at a large, the number one FinTech company in the world, Finastra. How’d you get here?
[Eric] Fantastic. David, let me just go through that real quick, because I think that as anyone in their career journey, we all get to different places at different times by different life experiences that we go on, right? For me, it was a very unique circumstance for me when I came out and graduated from University in the dot com bust, right? That was when I entered the industry and I was fortunate enough to land with a company called Fiserv, as everybody in this space knows who Fiserv is and I spent 11 years there moving early in my career as spending a bit of time in development, moving on to infrastructure and then, maybe one or two years into my tenure there, I was tapped on the shoulder and said, Hey, you have some different skills that we don’t have today in the information security team because back then it was main framers and firewall people. They’re like, Hey, come help us and I’d be like absolutely. I can come help you since I was a contractor at the time, because it was so difficult to get full time employment after the bust I said, yes, I will absolutely be there early started my career in. I think that was a pivotal moment for me in my career to get that opportunity to work in cyber and I’ve been there every since for 24 years, but I spent 11 years there going from individual contributor levels to management levels. and then I hopped out into a completely different industry. It was a company called UNIFI. They are a now today, a 25 billion package consumer goods company and distributor there. It wasn’t as technology focused as FinTech was, but that is where I became a business executive. I say one thing to all the people in my organization says you’re a business executive first. You just happen to work in cyber security and that’s very important. I spent five years at Unifi. It was a great experience for me. Learning about the business and I had some great executive coaching there from the CEO, CFO, Chief Operating Officer, CIO who were very business focused executives and I still say this to this day. There’s no better place to learn about business than a high volume low margin business, right? So that’s great an intense operator there, but my calling was to get back into technology. So I went to a company called PTC, it was an amazing journey there. We went from perpetual to subscription and all the market valuation and technology transformation that came along with that was my first time actually getting some experience working in serving the aerospace and defense community as well and then prior to Finastra, I spent two years at a very large manufacturing and technology company called Aptiv. About 230,000 employees globally. I got a lot of scale there, it’s an amazing company to be with. But my heart really lies back in FinTech. When Finastra came looking for a new CISO, I certainly put my name in the hat and I’m fortunate to be here today.
[David] Yeah, it’s a great company. Really enjoyed the longstanding relationship we’ve had with Finastra. So anyway, you’re well established in this topic. So let’s start by talking about some of the current trends you’re seeing in cybersecurity, especially as it relates to FinTech.
[Eric] Yeah, I think that, when we look at sector by sector, I think that the most important thing to do when we look about industry and trends and challenges is let’s first buy, let’s start with understanding the business opportunity. All organizations, generally speaking, want the same set of outcomes. They want to move faster. They want to move at higher margin with less customer churn with the desired outcome of increasing shareholder value. I frame everything around cyber around that. We all dealing with the same set of challenges and opportunities at a global scale, no matter what sector. So, for me, when I think about those challenges, we all know now that every organization is trying to enable the most fruitful outcome through digital experiences that are relevant and if you want to be relevant, digital needs very quickly. If I think about trends and challenges. The biggest challenge I think we have in cyber security today is how do we move with velocity and agility to keep up with the business that is constantly trying to touch their consumer through almost real time digital experiences. For me, how do you do that in a way where you’re maintaining regulatory compliance, custodial contractual commitments, how are you doing that in a safe, secure, and trustworthy manner? because trust is very pivotal in being a trusted partner, right? and that plays a role in not only winning business today, but winning business in the future. Trust is at the center of everything so you have to have those capabilities to help you keep pace with that level of digital innovation at speed.
[David] It’s really true. And as cybersecurity has evolved, so have the threats. I would love to get your perspective and how those threats have evolved.
[Eric] Yeah, so that’s interesting. I would say the first impact from threats I saw was way way back in my career. And I seen a couple while I’ve been in the seat and where I have been not so much in the CSO seat. Generally speaking, a lot of the threats from 10, 15 years ago looked the same. They just evolved. And so what I think about is the reason we still have these impacts the way we do, because I think that we’ve made tremendous strides in our security journey as a society. Every company is at a different place, but we are far better today than we were five years ago. There’s no question about that. I think the challenge that we have, though, is the amount of what we need to protect from a digital ecosystem perspective. has grown exponentially. We see technologies, we see different types of, I would say development methodologies and different ways of execution where we might have released software 10, 15 years ago at once or twice a year. Now we’re releasing software on a continuous basis in some cases daily. How do you have that speed and agility to combat some of those classic threats from the past at the much wider digital ecosystem? and I think that things have changed as well. In terms of how we want to touch consumers from a digital consumer experience, we have to be more open. Which means we inherently need to be more secured by default. The more open we are, the more insecure we’re not, right? We absolutely make sure that we move at speed to enable all those great digital technologies that get us to the consumer real time to ultimately achieve our business objectives. So, for me, a lot of the threats are the same. It’s how they manifest themselves much more broadly across a growing ecosystem. As we move forward as an industry. We rely so much more on great risk management. We rely so much more on third party assurance to help us dial in with finite investment, what value we need to protect versus what other value may not be as sensitive to the organizations we work in.
[David] But there are unique challenges to financial institutions or any FinTech company out there that when it comes to cybersecurity, could you talk about some of those?
[Eric] Yeah, I think that if you’re thinking about FinTech, one of the big challenges that we have, particularly as a service provider is how do we deal with identity now that we’re essentially borderless and operating outside the four walls of many companies, that identity is a new and how do we actually interact with our customers who are then touching their customers in a seamless way. How do we get basic technologies like multi factor authentication in our solution pushed down to our customer then pushes it to their consumer in a frictionless way? The good news as a society we’re beginning to expect these types of technologies and capabilities to be there by default. The other great thing about these technologies is they’re coming down with regulatory enforcement and I think this is a good thing for the industry is that the technology ecosystem and the regulatory ecosystem are coming much more closely together and we’re doing that partnership. That’s absolutely crucial that we have a dependency on one another to do what’s best for society and ultimately the consumers of the financial institutions. Identity is crucial right now. A lot of the work that we’re focusing on is an identity. As a service provider, the other pieces of work that we’re focusing on is supply chain, particularly around software. We release lots of software on a day-to-day basis. That software is usually a collection of what we call open-source software. Lots of different components coming from all different sources globally with different authors. We want to make sure that when we produce that safe and trustworthy product, that is a clean digital product. So, it is not only secure, but also very safe to use as well. Trust is really at the forefront of what we’re trying to do from a supply chain perspective as well.
[David] And the challenges that have to come with that have got to be mind numbing and so I have such a great respect, that’s really interesting. You talk about all the cyber threats, how it’s evolving in that, but then you have the regulatory and compliance challenges to layer on top of all that and that starts just adding another level of complexity or annoyance, maybe what it is, but we’ve got to have regulatory oversight on what’s going on so how do evolving regulation such as GDPR and PCI and DSS impact cybersecurity strategies for fintech companies?
[Eric] Yeah, it’s a great question, David. And I think it’s one that we’re always grappling with. I think that in financial and FinTech, we’ve all been, I would say subject to variety of regulations over time, right? other sectors have actually followed with some of the same rigor or even more. I think for us as a fintech, it’s regulation we have today, but we also need to think about where we have regulation tomorrow and that’s one of the great things.
[David] Staying ahead of it. That’s good. Yeah.
[Eric] Finastra get a great perspective in the morning, I could be talking to a bank in the US, the afternoon, It could be talking to a bank in Vietnam, and the evening could be a bank in India.
[David] You guys are international largest Fintech company in the world. One thing is a deal with the US regulations or state regulation, but all the different countries are in it’s, that’s mind numbing.
[Eric] It is right. But it’s part of the fun of the job. But I think that it’s how you find it fun, how we solve for one regulatory requirement, how do we skip that for solving for all the others today, but more in the future. For me, I think very heavily about how do we technology enable our compliance requirements all the way down into code. As we start thinking about compliance as code, privacy as code, all these different new and emerging regulations, how do we get them quote unquote shift left? Like we talk about it in the industry as you shift left all the way to where we’re in the design phase, writing code, and ultimately getting that product all the way through. The product pipeline, which is no different than just a manufacturing line, because software is a very manufacturing type of process, or you want it to be there. A lot of it’s artisanal, but how do you make it industrial? The more you can make it industrial, the more easy it is to put in and embed privacy and regulatory requirements in that process so you’re always producing that, that compliant and highly regulated code that our customers expect of us.
[David] Yeah. So true and then there comes the balance between innovation and compliance and security. How do you straddle that balance?
[Eric] Yeah. It’s a tough one and that’s one of the things I really love working for that challenge. I love solving for that challenge, particularly in software companies, because I do believe it is, if you think about a software developer’s job it’s a blend between art and science, right? Piece of code that’s written is different between one developer and the other and how they approach it Intellectually before it gets physically typed on a keyboard. For me, how do we balance that one of the most important lessons? I learned early on in my career is have a lot of empathy for others that are doing their job? so what can I do? what can my team do to enable where value is being created in the company, how do we think about enabling them rather than just throwing the requirement over the fence, right? That’s crucial. In my organization today, particularly in our product security organization, we’re working hand in hand with all the different development teams spread across all of our different products to talk about the challenges today and what challenges may be coming in the future and most importantly, we’re solutioning to tackle them together. We eliminate much of the friction in our software development process because the last thing you want from a regulatory and security perspective is to have a lot of, that just slows everyone down. It slows innovation down. It causes a lot of frustration and ultimately it erodes value. So we focus really hard as a organization to have number one, the right mindset and number two, have a partner style engagement.
[David] Now, what you’re talking about here is collaboration. How do you work collaboration with regulators, especially when you’re enhancing security?
[Eric] I think one of the most important things when you go into any regulatory interaction is that just being keenly aware that we all have our blind spots in this industry. Right? There’s things that you know that I may not know. A lot of the regulatory interactions that we have at Finastra, myself, my team, my partners in the, second line and the third line, we’re approaching in a way that’s very collaborative. There’s some things that we do well today. There’s obviously things that we could do to optimize for the future. But going in with that, I would say, transparent conversation and just open dialogue brings both parties to the table. You go into the future together. I think it just starts with again, having empathy for one another and a mutual respect for the jobs that are there and being open, honest and communicate transparently to solution for the future, because that’s what we’re all here to do is the challenges that we have today we need to overcome. But surely there will be some in the future, so that’s the regulatory interactions is just. Have an open, honest conversation.
[David] It’s so good. And then playing into this is the whole SWOT analysis, which really gets into areas where I want to go is looking at what are some of the emerging threats as well as the opportunities or the solutions through technology. What are the emerging cyber threats in fintech that you’re seeing? If you give us some examples, especially when you think of cryptocurrency and decentralized finance. It’s not getting easier for you, Eric.
[David] Yeah, I mean you mentioned a good point when you talk about things like decentralized finance, right? It’s one of those types of technology evolutions where we’re becoming more and more borderless. What is the things that enable that borderless, I would say, ecosystem? It’s the use of more and more APIs. We have APIs all over the place now that enable us to send and receive information cross border. A lot of those APIs, there’s many of them, they’re no different than really keeping track of any other digital asset in your ecosystem. You have to manage it, you have to monitor them, you have to groom them. We constantly need to keep those up to date or like anything else, APIs will ultimately lead to API debt. You can have too many. You simply don’t know about. So that’s really important and right now we’re seeing, I would say, just an escalation in terms of the sophistication in which threats are being actioned on. I think that during COVID taught us a lot about how commodity threat actors and nation state threat actors work differently. They have different skill sets, but now some of that’s getting blurred, especially as you see geopolitical, I would say things go on in the global stage. How are these threat actors and nation states working together now. So you’re seeing a level of sophistication. I don’t think that we’ve seen in the past. And that’s also from a threat perspective, we now have AI behind a lot of these threats. If you think about..
[David] Talking about complexity, Oh my gosh,
[Eric] Think about something as simple as a phishing attack. There used to be the telltale signs where look for grammatical errors, look for things like that in your phishing examples. Generative AI is eliminated a lot of that as the things that we used to use in the past to be the telltale signs of phishing. Much, much harder to detect. So, the human weakness is I would say as susceptible now as it has ever been because of the advantages of generative AI used for good and bad.
[David] Yeah, it’s really amazing. Especially when you think of phishing and ransomware. We were out buying my wife a new Toyota and the whole Toyota system was down because of ransomware. They were hand filling out to order parts to do anything on there. The ransomware was such a severe attack to this company. That it just basically brought them back to the stone age. The old paper pencil, it was really extraordinary and so in defending against that, you talk about AI, but also AI and encryption is helping improve that. I would imagine. Talk about how AI is also working as a tool for you.
[Eric] Yeah. For us I think we see AI in a few different ways. Number one, how do we gain efficiencies through our internal operations? So right now, my team specifically is working very heavily on how do we enable the software development community? They create value in our organization that is key to make sure that they’re always enabled. How do we allow them to get through security issues in code much more seamlessly? How do we inject that into their day-to-day process? We’re looking at it from an internal efficiency perspective. How can we have developers be more effective and ultimately more efficient? and if we can make that happen, we get a better shot at making our products even more robust, not only from a security perspective, but we’re giving time back to developers so they can focus on the innovative features of our product, not just all the security things they need to do in day to day basis, right? We’re focusing a lot from an internal perspective, but then as a FinTech, you also have to think about how are we helping our customers, right? and I think that you’re going to see a lot from Finastra. In terms of how we’re leveraging AI to enable our customers to move even faster through existing product, but even more innovative product offerings that are coming in the future that I can’t necessarily talk about today, but we are leveraging AI quite heavily in the company to help our customers go through their digital enablement and transformation journeys. However, they take shape. I think AI is absolutely crucial. It’s one of the I would say technology evolutions. I think that or technology ideas. that I’ve seen in a very long time that has a lot of promise. I can tell you right now, David, that even in my day to day, and even in my team’s day to day, just simple tasks of having engineers in my department, write me an executive presentation that I need to groom less before it goes all the way up to the CEO, huge benefits. A lot of internal productivity and a lot of our customer, one of the things that our customer, that we sell to our customers is they’re going to be huge for them as well. There’s huge advances coming.
[David] Yeah. That’s encouraging. AI can be worth a double edged sword. It can work for us, can work against us. It’s good to see we’ve got to get ahead. I think people are afraid of AI are the ones that are going to be behind the curve in a lot of this. Now we’ve seen the role of multi factor authentication working, but you talked to me earlier, but we’re getting ready for this about zero trust architecture and how it’s playing a role. Explain what zero trust architecture is and in fact, how it is playing a role, at least at Finastra.
[Eric] Yeah. So I think generally speaking, all companies are beginning down their zero trust journey. That framework essentially states where no user or system is trusted by default, even if they’re in the internal network, every access request is verified and authenticated every single one. I think about zero trust, right? I think there’s a lot of talk in the industry in general right now about zero trust and one of the reasons for that is we’ve been talking about zero trust for a while, but President Biden put into effect Executive Order 14028, which talked about software supply chain. I would say integrity, right? This all stemmed from the solar winds incident, the JV foods. A lot of catastrophic events at a society level. That were realized in zero trust is now in that legislation as something companies need to do if you operate in as a critical industry sector in financial surely is a critical industry sector. So, we are taking, I would say, very proactive steps at this point to lean in more and more on making sure Finastra has enabled zero trust architectures. Based upon the industry standard frameworks that are put forth in the most sensitive critical parts of our business and when we do that allows our employees to work a heck of a lot more freely as well without the frictions of a lot of access control that we have to deal with on a day to day basis. We’ve really taken zero trust and really put it at the forefront as well as a huge productivity enabler with a lot of security benefits that we can surely get.
[David] And that hasn’t named hampered or inhibited your ability to innovate?
[Eric] Actually, it’s enabled our ability to innovate. If we think about classic access control techniques. that are more focused on an identity, right? Zero trust focus a lot about identity, and it focuses a lot on data. So back in the past, if you wanted access to data, you submit a service desk request. It goes through all the vetting and things of that nature. And two weeks later, you might have access to what you need to The Zero Trust really gives us that ability to move forward with more speed and agility and like I talked about before, where every request is being verified based upon whether you’re entitled. So, it’s not only access, but it’s also entitlements as well. And that’s baked right into the technology at its core for you to not have to go and do that access request. It’s granted to you based upon not only you as an individual in certain ways, but it’s baked into how you’re onboarded. If you’re a developer in the company, you’re expected to have access to these systems based upon your identity. That’s all built into the underlying framework and architecture of Zero Trust at heart.
[David] Then we have the complication and fintech of third party vendors and partners. That’s just another level and layer of complexity that’s got to be factored into it. How do you manage cybersecurity in light of the third-party vendors and partners that you do have?
[Eric] Yeah, that’s a great question and I actually just had a conversation with some other industry peers around third party risk management in general. One of the comments that came up on that forum was, is, what have we done over the last two years to think about third party risk management differently? and is it still effective? Is it diminishing returns? so, the jury is still out. But at Finastra we have a robust TPRM program. I think that what we need to define is what is a third party, right? And if I think about what we do at Finastra, we create digital products. I think about third parties, maybe much differently than let’s say a manufacturing firm, right? We create digital products. If I think about open source, Every open source library that we include in our software, to me, that’s a different author. That’s a different third party, right? I talked about software supply chain early on in that, if we think about how we go and develop our software, we might co source some development. Those are critical third parties that we need to watch very closely and vet very closely because they ultimately have access to develop code that ultimately sits in our products that get shipped to customers, right? I think with third party risk management, it is essential to understand and put everything within the lens of what is the value you’re trying to protect for your organization and focus on those third parties that are most meaningful to that value protection or enablement.
[David] It’s really important. Then comes the whole topic of how can leaders foster cyber security as a culture and not see it as an enemy. The whole topic of leadership, what are you finding out there as far as the financial institutions you work with about their leadership and their strategy in this area.
[Eric] Yeah. I think from an industry leadership perspective, there’s no shortage of bringing key topics front and center for conversation. That’s one of the things I absolutely love about cybersecurity is everyone’s willing to talk about the issues and everyone’s willing to help one another. So, industry is pretty fantastic. FSI, SAC, who we all know, particularly in the financial industry, Absolutely fantastic in terms of partnership and giving us the information that we need to be successful. But I think the successful outcomes that we’re all looking for in terms of cyber in Fintech, or financial, or any other industry is it starts with us as leaders. One of the things among many that I really love at Finastra is tone at the top is exceptionally good from the CEO down on cyber. We recognize the criticality of cyber. We recognize the importance of making sure that it’s done right for not only the sake of our customers, but for the sake of our organization. So, tone at the top is very good. But as you go from tone at the top, what are you doing bottoms up? and I think one of the most important things to see success in any organization is to enable what I call a control space culture, making sure we understand where our risks are to the value we create. Who is responsible for those key controls, the things that we do every day to make sure that risk is always kept in check, making sure they’re enabled through appropriate understanding of what they need to do, and the appropriate oversight of what they need to do, and making sure that information is bubbled to the right levels of the organization, to make sure that in cyber, we don’t do anything just once. It’s a sustainable practice, sustainable risk mitigation, and we need to have that control based culture in place to make sure that we’re doing the right thing all the time. And so I think that’s really essential and something that’s really overlooked sometimes in many organizations, but it’s particularly important. The larger the organization you are and the more complex the organization you are in which you work.
[David] Makes sense. Yeah, that really makes sense. And then there’s a whole topic of once a security breach has happened, what steps should a FinTech company take to quickly respond and be effective in their response to a security breach?
[Eric] Yeah, great question, David. I think a few things. Number one, a lot of the mistakes that are made in instant response are made in the first 30 minutes, right? Cortisol levels get high stresses and stresses there. So, we tend to make, I would say, whipsaw type of I would say decisions at that time. What’s really important for organizations to do is develop some muscle memory in these type of situations. So, when crisis does strike, we have had enough training where this becomes just part of how we respond, whether it’s real or whether it’s just an exercise. One of the things that we do at Finastra quite often is we do many tabletops throughout the year. I was actually reading a presentation that my team put together the other day in our incident response team, we’ve done to date 19 tabletop exercises in the company today to make sure that we develop that muscle memory. When a crisis does happen, we know how to respond. We know how to react. We have the right partners on standby with good ironclad contracts that make sure that we can get through this incident in the best interest of our customers and get them back to business as quickly as is possible. Of course, with confidence and future trust.
[David] That’s a whole big topic, right? There’s seminars just on how to handle a security breach and how to communicate on so much. Let’s shift over as we wrap this up into looking forward, looking to the future a little bit. What do you see as the future of cybersecurity in the FinTech area?
[Eric] I think David, there’s things that we know today and there’s things that we don’t know about the future. What do we know today? And if I think about this, the regulators are thinking about it too, is we have Q Day or post quantum encryption and what is going to be the impact of that on what I would call one of the key bedrocks of cybersecurity and information security is encryption. We all know that when quantum is here and it’s commercialized, it can fundamentally alter encryption today of the most sensitive data we have. We’re working actively at Finastra already to prepare for Q day, which who knows when it’s really going to be here. Industry excerpts say five to seven years, but AI is taking off, so maybe we’ll get here even quicker. What we’re doing right now is to get ahead of that in our products. We have a lot of products at Finastra. We want to make sure that they are future proof for when quantum computing becomes commercialized. I think quantum’s big. I also think that the other thing I talked about, If we think about threat actors and how they’re operating today, the blend between commodity and nation state threat actors, I think what we’re seeing now is more demand for more robust security solutions in the marketplace that the technology that we’ve had in the past, I think a lot of it is starting to live its life and we need to breathe new life into our technology stack and AI does a lot of that. But a lot of the technology we have today only has so much coverage for all the different parts of our ecosystem that we are responsible for as CISOs. So that said, I think that the migration from point solutions to platforms is here to stay. We don’t want too many products that we can manage. We want to focus on the output of those products. So, I think there’s going to be rapid technology information, Information security solutions that are on the future and I think also lastly, I think it’s talent. I’m a big believer in this. Some of the best teams that I’ve ever led had some of the best outcomes. We can’t underestimate brains and passion. One organization I worked for called it brains and passion are key. You have to be confident before you can be confident. And then you have to have a lot of passion for solving a lot of these really difficult challenges in cyber security is not an easy job, not only at my level, but all levels of the organization. Talent is really crucial. I think a big part of my job right now and has been for the last decade is how do we develop future leaders every day? I see it in a leadership role today, but three levels down in my organization, that person’s going to be a leader in 10, 15 years from now as well. What am I doing as a leader to make sure that happens successfully?
[David] That’s really good. What are some key areas of FinTech companies should focus on to stay ahead of this cyber criminals? They’re fast evolving. They get more and more sophisticated. How do we stay ahead of it?
[Eric] Yeah, I think it’s easier said than done. I think if you look a lot at the breach data historically over the last 10 years, breaches all manifest themselves in a lot of the same ways. So, for me, it’s do the common things and commonly well and the way you enable that is through a control space culture. I know it doesn’t sound super exciting, but doing the common things uncommonly well is exceptionally hard to do and that’s proven out time and time again. We have more frameworks. We have more regulation. We have hired more people in cyber. We spent more money on cyber, but we also have more breaches too. However, I think that what we’ve seen is the breaches that we had 10 years ago are not the breaches we have today. So we’ve gotten better, but I think what we need to think about as an industry is the breaches we have tomorrow, coupled with the innovation we have today, including AI might actually put us on par with threat actors or even ahead of them, right? So, I think if you look at breach data globally, the things that were happening in the US five years ago are no longer happening. They’re actually moved to other parts of the world, which is very interesting. So, what does that say about, what does it say?
[David] It’s worrisome, isn’t it? Isn’t it a little worrisome as well?
[Eric] It’s worrisome, but it also can play into the fact that it opens up interesting, I would say, perspectives on globally, where investment is actually happening. Are we investing more in the US versus other countries? Maybe not, right? But there’s a lot of data to suggest that. That we’re doing better in certain parts of the world than we’re doing in others. I think tech companies keep it simple, keep it basic. I’ve seen this in almost every company I’ve gone into is there is sometimes a lack of appreciation of going back to the basics and I know we’ve said this for 25 years of my career, but do the common things and commonly well build a strong foundation so the rest of the house will not fall. Those are very difficult things to do. And I think as an industry, we still struggle with them because the size of the scope of what we have to deal with on a day to day basis has exponentially increased.
[David] Yeah, boy, this is such a big topic. We could go on and on forever. As I listened to you talk, I can see why Finastra is the number one FinTech company in the world, the complexities that you deal with and the fact that you’re heading up that part of the company, it’s just all the things you deal with. It really comes down to, as you said earlier. Hiring the right talent and as it relates to what Finastra has done, they’ve clearly done that when they brought you on board, Eric. I want to say thank you so much for being here for those that want to reach out to you. What is the most effective way to do and folks, listen. Listeners, don’t barrage him. He’s a busy guy. You can imagine, but how can people reach out to you, connect with you and shoot you a question or a connection request?
[Eric] Yeah really simple. Just reach out to me on LinkedIn. It’s one of my favorite things to do is just to meet with new people in the industry, get their perspectives. And if there’s anything I can do to help, surely happy to do yeah.
[David] As soon as we hang up, I thought I was already connected to you. I noticed I’m not. So I’m going to be sending you the first LinkedIn connection request as a result of this interview. So. Eric, thanks so much for being here. Kudos to you and the success of your career. I’m so excited that you’re with Finastra. They’re very fortunate to have you friend. Appreciate it.
[Eric] Thank you, David.
Important Links
Eric has over 25 years of domestic and international cross sector enterprise and product cybersecurity Fortune 500 & 1000 experience including serving as CISO for Finastra, Aptiv, PTC, UNFI and cyber leadership positions at Fiserv. He also serves as a mentor for Cyversity, Adjunct Faculty for Eastern Connecticut State University and has held positions on several advisory boards including Rad Security, Immersive Labs and Revelstoke, and previous companies such as ObserveIT and Cylance who successfully exited. He has also advised with HIG Capital, Merlin Ventures and Bain Capital.
Eric earned a BA from Temple University, an MBA from Norwich University, and holds a CISSP and various other industry certifications.