Brenda Ferraro: Enabling Betterments for Safe Cyber Spaces

Brenda Ferraro | Head of Technology Third Party Governance | Wells Fargo
Brenda Ferraro | Head of Technology Third Party Governance | Wells Fargo

Reliability is required for one to feel protected from every potential threat. It initially begins with parents and slowly, as it turns out, becomes essential in every instance – from consuming food to using technology.

While the present cuisines are traced and doubly layered at every step of the process to ensure safety, one may wonder about the elements that are ensuring consumer protection in the new age of the internet world. As per current statistics, the internet has become a vulnerable spot for everyone – from children to the elderly. Apart from its social repercussions, it hurts the global economy, too, costing the world around $10.4 trillion annually by 2025.

But global leaders are curating a durable, cost-effective, and stronger solution than the rising incidences of multiple types of cyber-attacks.

One such leader is Head of Technology Third Party Governance – Brenda Ferraro, who made a 360-degree turn in her career choices from first selecting arts to now managing complex third party programs. Marching forward with her passion in the field and resolving the ever-emerging technological challenges, she is fabricating an internet world that is secure for everyone.

This purpose is enhanced by her active role in Wells Fargo, a company that is providing its customers with secured financial services and simplifying lives with everyday checks. They aim to protect account holders from any kind of threat in the financial sector.

Let us dive to read more about how Brenda is leading change in this sector!

The Unfolding

Brenda’s journey as a business leader, throughout her career to the position at Wells Fargo, was not a traditional one. She had to face challenges as a female in a world where there are 15 percent or fewer female leaders; what she brought to the table was experience rather than a degree.

Talking about the process and subsequent accomplishments because of this approach, she shares, “Early on in my career, executives took notice of my ability to break down processes and reconstruct them by removing delay and waste. I was sent off to receive a process mastery certification which I leveraged to drive innovations and influence skills to enhance processes using cutting edge techniques to eliminate risk out of the third-party ecosystem.”

Over the years, Brenda learned how to properly navigate the cyber security world through tenacity and surrounding herself with people who thrived on making a difference, which helped turn her into a third-party risk and incident management strategic anomaly.

Embarking with a Mission

Wells Fargo’s Technology embodies a 6-S Strategy as their vision to foster paths of new frontiers, powered by a mission to deliver – stable, secure, scalable, and innovative services at speeds that delight and satisfy the customers and unleash the potential and skills of the employees.

She is influencing the Technology Third Party Governance modernization program as the new frontier for Third Party Governance. She believes that recognizing the current way of doing business worked well in the past, but it is also a ripe time for taking the process and workflow and transitioning to a more modern transformation.

While briefing about the company’s services, she says, “Our program functions and techniques are being refocused on how we partner with our Third Parties. The cutting edge, not best practice, builds in fundamentals of what we call – continuous evaluation and real time risk management.”

Because of this, she states, “Questionnaire and survey responses will be reduced, and questionnaire fatigue will be history due to a capability where  third party questionnaire responses can be harmonized with threat intelligence and other means to better understand third party risk assurance. As a part of governance, the machine learning and artificial intelligence reporting will be on steroids due to the Key Risk, Performance, and Control indicators captured for transparency in Metrics & Measures to heighten risk management awareness.”

Starting from Arts to Now in Cybersecurity – The Motivation Behind

Back when Brenda was attending high school into college, she did not have third-party risk management as her career of choice. She says, “I wanted to be a triple threat in the art of music, singing, and theater. The thought of cyber security, third party, incident management, and process management never once crossed my mind.”

She supposed that focusing on the arts provided her with the ability to think ahead, gave her the platform to speak in front of people, and learn about how to create grandiose things.

Throughout her career, she has had the pleasure to help define and design strategies at large and medium-sized companies of every sector. She started in the financial industry and found her way back to the industry but with a different twist towards banking. Sharing her moment of realization, she says, “I was caught off guard with the compliance and regulatory requirements that banks are subject to uphold. I quickly discovered how critical and important control management is for the banks. I found myself pulled back into the financial sector when I was asked to help Wells Fargo transform their Technology Third Party Governance program.”

For her, this is not a job; it is a love for creating something big, something different, something exciting and new. Even something that other third-party programs, industry agnostic, will want to use to help drive risk out of their ecosystem as well.

Cultivating/ Habituating to Dynamism with Values

Brenda thinks that transforming an organization from doing what they are used to for many decades to embarking on a future of cutting-edge techniques is a huge occasion for the organization as well as its employees.

For this, the key elements and strengths that she looks for in the people and culture are the ability to change, do things differently, and make a difference for not only themselves or their department but also for others outside their area of control. This, she thinks, should be supplemented with the values of sincerity, logic, trust, and the ability to get things done at a rapid pace without complaint.

She comments, “Time can be a transformation’s and a modernization’s worst enemy. It takes courage and the ability to see past the norm to create something that has not been done before. The strength to beat all odds seems so cliché; however, that is what is required to become better than the best and better than great.”

Knowing the Essentials to Deliver Beyond

Brenda opines that leveraging a give-me-what-you-got approach to third-party management will help to provide a broad spectrum of intelligence that can be formidable in making risk-based decisions.

She finds that many who try to accomplish proactive risk management do not get past the legacy techniques that have been used and that employees are used to. “Best practices are not best practices if everyone is using them”, comments Brenda. Her experience suggests that techniques need to be stretched far beyond what is thought to be possible, and only then can one break barriers making way for fundamentals that have not yet been discovered.

Every company where she had the opportunity to influence has received the recommendation to build a portal where information can be shared to combat the advisories and the attacks. She says, “It is not easy to manage a real-time bi-directional portal for your third parties. But your third parties and your internal stakeholders deserve automation that provides transparency of what risks are present or being remediated.”

Initiating an Advanced Era in Risk Management

Brenda observes that change for some people is not comfortable, so over-communication is the key. She further adds, “Keep in mind that transforming an organization and a program cannot be built using a platform or a software program. Platforms and software can be leveraged to implement automation where possible but cannot be used to define or design your techniques or talent.”

Every resource that works with her wants to provide them with the ability to succeed in their career. Brenda shares, “I would like to share, with each person I interact with, the ability to take what they learn and spread it globally. Specifically for the banking industry, I would like to see third party programs use continuous evaluations where questionnaires become a trend of the past.”

Continuing with these strings of thoughts, she says, “Something for the history books, of course, but something that we need to let go of – as we did with corded telephones, or cassette recorders, or VHS tapes. Yes, I just dated myself, but if you think about it, evolution is inevitable and why not be a part of how it is transformed to make your mark?”

Information gathering is not what one should be focused on for third-party risk management. Brenda is sure that the new age of risk management is a partnership and the ability to harmonize what the third party tells and what threat intelligence knows about their practices.

Targeting the Upcoming

The present becomes the past in seconds, so it is true for the future that turns into the present in no time; hence it requires leaders to be quick and already decide on what they foresee.

For Brenda, the next momentous change in the banking sector is migrating from reactive to proactive risk management. She asks, “Wouldn’t it be spectacular to have the ability to act on incidents with rapid response techniques that will inform the information security and technology space specifically what action needs to take place without having to request information from third-party business partners?”

She invokes each one to imagine the ability to be already informed about the impact a known third party will endure and to help them rather than polling these third parties to determine if an incident impacts them. Probing deeper, she questions, “Wouldn’t it be great if you could determine weak security domains with trending data to help to combat the vulnerabilities proactively as an ecosystem that thrives on making it difficult for the advisories?”

At Wells Fargo, they are preparing to be the first in the banking industry that will be the front runners in concert with their peers. The company’s new ways of business will foster the knowledge to know who is impacted by a vulnerability without having to ask and strengthen not only Wells Fargo and its Third Parties but also a fellow on a global front.

Curving with Ticking Time

The common question asked by an individual is about their future goals. In that long list, Brenda’s name is included too. So, sharing the details about how she envisions her future to be, she says, “My future goals at Wells Fargo are determined by where the company needs me. I am unwavering to help lead and influence those around me in a way that fits their desire to grow, their way of being valued, and their overall learning style.”

Adding on, she says, “I desire to fulfill the needs of the company and to make sure I am helping those working with me to succeed as a cohesive organization that creates a positive impact to any department internally and externally where we can.”

Bits and Bytes of Advice

Before motivating the young generation, she makes them realize an important fact. She says, “When I worked in the vendor space, which is not really the dark side as I learned so very quickly, I just didn’t realize how much I missed the corporate sector. Both types of industries are vastly different. Both demanding and of course both rewarding.”

Speaking from her ocean of experience so far, she conveys, “If you aspire to build a third-party risk management program or going into incident management, I recommend you take a good look at what your dreams are for your life and turn that dream into a reality. Never lose sight of focus towards the good that you should share with others.”

She thinks that Cyber Security and Information Security, as well as Incident Management, can be a thankless job. As a woman, or even non-gender specific, this career field changes constantly. It is not for the weak of heart. And, if one has the stamina and the drive to make a change in the world, then never give up because unchartered territory will not come easy, yet unchartered territory is extremely adventurous and exciting.

Lastly, she pens an essential and motivating thought where she says, “Each one of us has something special to bring to the table; make sure you bring that stellar capability to light.