Brenden Smith: Enhancing the Fintech World, Securely

Brenden Smith | CISO | Firstbank
Brenden Smith | CISO | Firstbank

The financial service organizations and the public companies working in this sector deal with sort of sensitive information related to transaction details and essential data connected with banks and accounts.

The Fintech Industry has information like people spending data on which category with instruments like a Credit card, or Net banking. And so, cybersecurity must be strengthened. The organizations that are dealing with such data must ensure fundamental reliability empowered with secure data handling.

In the dynamic Fintech industry, global data breaches are some of the biggest challenges that companies must overcome. Moreover, these companies have a crucial need to stay updated with the latest security systems to protect the client’s data. When a data breach occurs, it breaks trust and raises questions about the security systems of Fintech players.

Considering all these challenges and the utmost need to empower good cybersecurity services, Brenden Smith is coherently working on the foundational principles that ensure safe digital security systems. Working as the Chief Information Security Officer with FirstBank, Brenden focuses on creating a safe and stable environment for the business to grow and for its customers to be secure. 

In an interview with CIOLook, Brenden Smith shared valuable facts that signify his role as CISO, along with his expert opinions of the industry scenario.

Below are the excerpts from the interview:

Please enlighten our readers about your professional tenure so far as a cybersecurity expert in the Fintech sector.

I started my journey in 2005 in a technical support role at Circuit City, responding to malware. After graduating college in the middle of the Great Recession, I felt incredibly fortunate to get an entry-level position in a cybersecurity role with FirstBank.

From there, I had the opportunity to take on increasingly challenging technical roles as an individual contributor. When my boss and mentor moved on to a different position, I took the opportunity to take on a management role.

Moving from a technical role to becoming CISO has been full of challenges. Making a transition from individual contributor to finding job satisfaction in the success of your employees can be an interesting and sometimes difficult process.

I’ve been fortunate to have excellent bosses who provided honest and direct feedback when I needed it most. As a result of the amazing people I’ve been working with for the last 12 years, I was leading the Security Department at FirstBank and was promoted to be our first CISO in 2017.

Tell us more about FirstBank and how it is currently positioned as one of the leading organizations in the modern industry.

FirstBank is a community-focused bank that can be summarized by the phrase “Banking for Good.” As an organization, we look to do the right things for those in our communities.

In 2021 FirstBank was recognized by Colorado’s Governor Jared Polis for delivering 20,000+ Payroll Protection Program loans to help our local economies and small businesses. You can also see the effects of “Banking for Good” through our partnership with Colorado Gives Day, which raised $54.4 million for nonprofits in 2021.

Our culture can indeed be summarized by focusing on “Banking for Good.” Security’s role within the company is to provide safety and stability for our customers in their day-to-day lives.

We take that same approach to help FirstBank achieve its objectives as well. I believe security teams should be an enabler of opportunities within their organizations. We focus on creating a safe and stable environment for our business to grow and for our customers to be secure.

As an industry expert, please tell us about your vision and contribution in enabling advancements and ensuring reliability in the Fintech sector.

My goals in this field really haven’t changed in the 17 years I’ve been doing it. I love taking on unique challenges in a field that changes on a day-to-day basis. I’m also really starting to enjoy playing a larger role in the community as a whole, and I hope to do more of that.

I look forward to spend some more time sharing the lessons that we’ve learned and keep learning new and exciting ways of defending environments from others.

In my time in this field, I’ve alternated between making technical contributions and community-focused ones. Earlier in my career, I spent a lot of time doing Dark Web research and partnering with law enforcement to try to help breached companies and enable betterments in the identification of threat actors.

As I’ve moved out of technical roles, I switched gears to focus on advising and mentoring small businesses. Meaning providing education and guidance proactively and in times of crisis.

Finally, I’ve worked with local law enforcement to create working groups comprised of practitioners and law enforcement to foster more collaboration in our community.

How is FirstBank leveraging the emerging trends of the modern industry to enhance its operations eventually?

We’ve always believed in pursuing the most effective technological controls we could. For 7+ years, we have used Application Control in full high enforcement to only permit approved binaries to run in our environment. While somewhat painful to administer, this technology has been a significant differentiator for us for years.

It substantially increases the difficulty a threat actor has in establishing a foothold on our endpoints. We also believe in engaging the most sophisticated Red Teams so we can assess our program’s strength. This has meant successfully defending against Red Teams, up to and including the use of real Zero Day exploits.

I believe the next significant change in the security space will be the increasing role Insurance plays. In the last five years, the requirements to obtain coverage for cybersecurity events have evolved significantly. In combination, the appetite for organizations to go without that coverage is declining, especially considering ransomware trends.

We are watching this space closely and working with our Broker to better anticipate how the industry is changing and what we need to do to maintain coverage. Insurance is a giant in the space, and its actions and requirements have huge potential to shape what the industry does long term.

Considering all the innovations and technological advancements in the modern industry, what do you think about the future of this sector for budding aspirants?

I’d like to see the industry evolve to continue to develop stronger pathways for entry levels of people to get started in the field. Today there are still so many barriers to entry, even for entry-level candidates, which has a long-term negative impact on the industry’s ability to hire and recruit talent.

What would you like to advise the budding aspirants willing to venture into the Fintech sector and envision enabling betterments in its cybersecurity space? 

For entrepreneurs who aspire to work in this field, there is no shortage of opportunities.

Don’t pigeonhole yourself into what you think will make you the most money or the biggest return.

Cybersecurity has tremendous needs for both generalists and specialists. Find what excites you, and focus on that; there will always be customer demand for almost anything you choose to specialize in.