Ahsan Sheikh, SVP/CISO, Israel Discount Bank. PHOTO: Cybercrime Magazine.

How To Become A Global 2000 CISO, One Layer At A Time

Chief Information Security Officer at Israel Discount Bank recounts his rise in the field 

Steven T. Kroll

Northport, N.Y. – Aug. 1, 2019

Building pyramids requires extensive planning, years of painstaking labor and carefully adding layers all the way up to the capstone.

Ahsan Sheikh, senior vice president and chief information security officer at Israel Discount Bank in New York City, visualizes his cybersecurity career in this way. That’s because he’s done a little bit of everything in the field, gaining experience step by step, on his trek to head of cybersecurity at a large organization.

“The first line of defense is responsibility within IT,” says Sheikh. “The second line is the CISO and the risk group. The third is internal audit. And external audit is the fourth line of defense. If you see the career from that aspect, I have covered the pyramid completely from different angles.”

Studying accounting at the University of Punjab in Pakistan, Sheikh didn’t have plans to go into information security, though he recalls always tinkering with computers, automobiles and electronics as a kid simply because he liked learning about the engineering side of things.



His degree program offered some courses in technology that focused on protecting data such as financial statements. These classes reignited his interest in engineering, and that’s when he decided to develop a niche for himself by combining the accounting profession with a cybersecurity focus.

New York City has always been a passion of Sheikh’s, so he moved there to continue his education at the City University of New York (CUNY).

“I selected CUNY because they had an accounting program that gave me good exposure to technology and security courses,” says Sheikh, “yet at the same time provided the opportunity to work as a security analyst on a part-time basis in corporate America.”

This part-time job was not simply for experience, as he used it to support himself through college. He learned application and database security, and blending multiple other aspects together, while becoming a hybrid professional who understands both business and technology. Sheikh ultimately received an MBA in information systems from Pace University.

Running cybersecurity at financial institutions has similar fundamentals to other industries, but there are some challenges that differ such as the regulatory and compliance requirements. In addition, the key risks are cyber money heists, customer and corporate data and insider threats. While Sheikh uses technology to secure these areas, he adopts security awareness training to fortify his employees as another layer of defense.

“We are not only giving cybersecurity awareness training at the bank wide level, but also started training at the targeted level —  cybersecurity personnel, specialists, IT administrators and senior management,” says Sheikh.

His passion for cybersecurity and New York City come together through his involvement with a new initiative.

The New York City Economic Development Corporation recently launched Cyber NYC, a multi-pronged, $100 million public-private investment to make New York City a global leader in cybersecurity and create 10,000 good jobs, according to the website.

Sheikh is excited about the opportunities this will create for closing the employment gap, as well as making the city a “Cyber Silicon Valley” in a few years. “We are looking into how we can contribute towards this effort,” says Sheikh.

What’s the best way to build a pyramid? Learn from someone who has the blueprints.

Sheikh offers advice to the aspiring CISO. Take a bottom-up approach. Study the basics before you move onto more advanced skills. Then, learn the business and how to translate security risks to senior management.

Steven T. Kroll is a former public relations specialist and staff writer at Cybercrime Magazine.

Ask The CISO Archives


SPONSORED BY FORTINET

From the start, the Fortinet vision has been to deliver broad, truly integrated, high-performance security across the IT infrastructure.

We provide top-rated network and content security, as well as secure access products that share intelligence and work together to form a cooperative fabric. Our unique security fabric combines Security Processors, an intuitive operating system, and applied threat intelligence to give you proven security, exceptional performance, and better visibility and control–while providing easier administration.

Our flagship enterprise firewall platform, FortiGate, is available in a wide range of sizes and form factors to fit any environment and provides a broad array of next-generation security and networking functions.

The Fortinet corporate brochure explains how we deliver comprehensive network, endpoint, application, and access security.

Learn more at Fortinet.com.