12 Nov The Cybersecurity Times Are A Changin’ For CISOs
State Street’s Adeel Saeed talks about the past, present, and future for security leaders
– Steve Morgan, Editor-in-Chief
Northport, N.Y. – Nov. 12, 2019
Cybercrime is no laughing matter. Especially not for banks and financial services firms, which are 300X more likely than other companies to be targeted by a cyberattack.
Adeel Saeed, senior vice president and global CISO (chief information security officer) at Boston, Mass.-based State Street Corporation — a financial services giant with more than 40,000 employees and the second oldest U.S. bank in continuous operation — barely cracks a smile when he talks about cybersecurity.
We caught up with Saeed in Gotham City last month. The lights were dim, and the spotlight shone on his face.
The man looks the part. Saeed appears to be in his early forties, fit, handsome and neatly groomed, and dons a dark suit and tie. He sounds it too — with a deep voice, and near-perfect articulation. And a deadpan delivery. If CSI ever needs a stand-in, then Saeed would be perfect.
Cybercrime Magazine’s guest host, Dr. Jay, senior vice president of cybersecurity technology for Mastercard, and former deputy CIO for the White House, lost the staring contest with Saeed in the first minute of the interview. Nonetheless, she conducted a most thorough interrogation.
It takes a financial services cyber chief to know one, and Dr. Jay wasted no time grilling Saeed — on his background, the size and scope of what he protects for State Street, his biggest challenges, and his greatest (cyber) fears.
Saeed was a bio-science major in college, when he wanted to become a doctor. “That never happened,” he explains. Then he switched to computer science in the early 1990s. The young man tinkered with hardware, got hooked on tech, and never looked back.
The overall posture of cybersecurity has changed over the two decades of Saeed’s career. He remembers a time when all you had to secure were PCs and networks. Now each person in an organization is carrying three or four devices. The inception of the Internet combined with the evolution of hardware has resulted in the explosion of data that we are seeing today.
On becoming the head honcho of security: “No one willingly becomes a CISO,” says Saeed. At least he didn’t. In the early days, you got moved into the position once you knew enough (about security) — and no one else did. That’s precisely what happened to him. Nowadays there’s stiff competition for high-paying CISO positions, especially in financial services, and many cybersecurity professionals angling for the opportunities.
There are CIOs (chief information officers), and then there are CISOs. Saeed is both, at least for now. He happens to carry the temporary title of CIO, and this gives him a unique perspective on how the two roles should interact. He doesn’t think the jobs should be merged, but the respective leaders do need to work very closely with each other.
If there’s a daunting challenge with no light at the end of the tunnel for a CISO, then it’s recruiting experienced people.
“There’s a zero percent unemployment rate if you’re a cybersecurity professional,” says Saeed. He believes in expanding the workforce by tapping into IT workers and crossing them over to cyber. That dovetails with a philosophy shared in a recent report from Cybersecurity Ventures which states that every IT position is also a cybersecurity position now. Every IT worker, every technology worker, needs to be involved with protecting and defending apps, data, devices, infrastructure, and people.
“We’re not defending borders anymore; we’re defending an invisible force,” says Saeed. He observes that everything is connected today. There’s no such thing as four walls.
The cloud is cloudy. But Saeed can see clearly. “The cloud is more secure in some instances, but less so in many others.” He wants us to understand that the cloud really isn’t the cloud. It’s still a data center, just someone else’s — where everyone’s data is merged together. He’s oversimplifying to drive home an important point. Moving to the cloud doesn’t mean that you forget about security.
“What keeps you up at night?” asks Dr. Jay. “Everything,” says Saeed. “Not being able to manage where the risk lies. Not being able to pinpoint what will happen tomorrow.” Saeed is pragmatic. “It’s not dark and gloomy and the world isn’t coming to an end, but the risk isn’t going away.” He understands that as CISO for such a large enterprise, it means practicing constant vigilance.
Saeed has a strong grip on what it takes to protect the front lines of the organization that he is charged with defending, namely its employees. “Security (awareness) training is the foundation for a secure workforce.” Considering that more than 90 percent of breaches involve phishing and social engineering (according to a myriad of sources), getting users up to snuff on detecting and properly reacting to nefarious cyber intruders is a mission-critical and ongoing project. “Do it (training) regularly. Test people. It’s not a once and done initiative.” Again, simple and to the point. Saeed doesn’t need to elaborate any more than that. He knows what needs to be done, and he executes.
To sum up his position in a few words, Saeed says that the job of a CISO is to manage risk and drive business.
If there’s one constant for Saeed, then it’s change — and he’s unmistakably prepared for it.
– Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.
Go here to read all of my blogs and articles covering cybersecurity. Go here to send me story tips, feedback and suggestions.
Ruth Bashinsky, Senior Editor at Cybercrime Magazine, contributed to this story.
SPONSORED BY FORTINET
From the start, the Fortinet vision has been to deliver broad, truly integrated, high-performance security across the IT infrastructure.
We provide top-rated network and content security, as well as secure access products that share intelligence and work together to form a cooperative fabric. Our unique security fabric combines Security Processors, an intuitive operating system, and applied threat intelligence to give you proven security, exceptional performance, and better visibility and control–while providing easier administration.
Our flagship enterprise firewall platform, FortiGate, is available in a wide range of sizes and form factors to fit any environment and provides a broad array of next-generation security and networking functions.
The Fortinet corporate brochure explains how we deliver comprehensive network, endpoint, application, and access security.
Learn more at Fortinet.com.
