Protiviti Managing Director Andrew Retrum is attending the Financial Services Information Exchange and Analysis Center (FS-ISAC) Annual Summit this week in Orlando. In this podcast, he shares some of the notable trends he’s hearing at the event.
Kevin Donahue: Hello. This is Kevin Donahue, senior director with the Marketing group of Protiviti. I’m pleased to be talking today with Andrew Retrum, our managing director with Protiviti. Andy is a leader with our Technology Consulting and Financial Services Industry practice, and this week he’s attending the FS-ISAC Annual Summit in Florida, and I wanted to talk to him briefly about some of the key trends and things he’s learning about at the event.
Andy, thanks for joining me.
Andrew Retrum: Thanks for having me, Kevin.
Kevin Donahue: Andy, you’re at the conference. I know you’re interacting with a lot of different individuals and leaders there. What are some of the different trends and such that you’re hearing from attendees at the event, and which things are on their minds, and on organizations’ minds, today?
Andrew Retrum: Sure. It’s great to be down here in Orlando. It’s actually a big year for FS-ISAC, which is the Financial Services Information Sharing and Analysis Center. It’s the 20th anniversary of FS-ISAC. They were formed in 1999 — really, ahead of their time in terms of an industry-led organization to disseminate and foster the sharing of relevant and actionable information within the financial sector and around cybersecurity — so, 20 years.
It was great to see some of the folks that have been involved since the start up on stage this morning to kick things off. It has been really interesting to see the evolution of FS-ISAC really nearing the cybersecurity sector on the whole. Twenty years ago, the discussion was very technical — how you configure firewalls and servers and things like that. It was an IT discussion, and these days, it’s very different. It’s a board-level discussion, security. The protection of customer information is a top risk for almost all firms within the financial sector, so it’s great to see how things have evolved.
Things got started this morning with the keynote speaker, Brad Meltzer, who’s a New York Times award-winning novelist. He also has a show on the History Channel. He shared a few personal anecdotes, funny anecdotes, which is always welcome to start the day out, but then really focused in on key figures throughout history that demonstrated leadership and collaboration, attributes that really align with the FS-ISAC’s objective. It’s a good way to start the day and I think really set the tone for the rest of the discussions that we had.
Kevin, you had asked about some themes throughout the day, and there were a couple that I think are consistent with what we’ve heard the last couple years at FS-ISAC and similar conferences, highlighting some of the struggles within the industry. Of course, there continue to be evolving threats to the environment. That’s not going to change anytime soon, and one of the big struggles that the sector has is the talent shortage with regard to capable security resources on these teams.
There was a gentleman on stage this morning — he mentioned that there are 313,000 open security positions today within the industry, and, again, that’s not going to change anytime soon, so there was a lot of discussion both in the sessions and in the hallways throughout on how to address that, how to address that near term, how to bring in resources for my team and other areas and get them smart on security, and how to address it long-term as well, how to get out on campus and identify and foster that next generation of security resources that will be helping guide those evolving threats.
Kevin Donahue: Andy, I was curious if this has come up at all: Is there a sense among FS-ISAC members, or among the organization or attendees of the event, that there’s a larger threat today around these for-profit hacktivists, if you will, versus nation-states, or is it just a myriad of threats that are out in the market right now?
Andrew Retrum: Yes. There are a few different threat actors out there. You mentioned a couple, and there are certainly different approaches — preventative approaches — and response and monitoring activities that go along with them. Frankly, there has been a lot of talk on the enemy within — insider threats — whether they be intentional or accidental; understanding what your workforce is, including your suppliers and third parties; and how you’re making sure that there isn’t that risk with regard to those individuals being managed just like you’d manage risk from nation-states, for-profit hackers and others out there on the internet.
Kevin Donahue: Andy, thanks very much for joining me today. I appreciate you calling in. I know it’s busy at the event. I invite our audience to visit our website, Protiviti.com. We’ve written a wealth of different pieces and conducted a research study on the security and cybersecurity threats that organizations face today, and we’ll be having more discussions with our Protiviti attendees who are at the event later this week.
Andrew Retrum: Thanks, Kevin, for having me.