Credit Union Information Security Podcast

Interview with Howie Wu, VP Virtual Banking, Boeing Employees Credit Union Increasingly, consumers long for a simple payment solution that allows them to send money to family and friends via email or text message. Boeing Employees Credit Union (BECU), Washington's largest credit union, is at the forefront of the person-to-person (P2P) payments revolution. And in an exclusive interview, Howie Wu, VP of Virtual Banking, at BECU, discusses: How BECU's Popmoney initiative was deployed; Security challenges that had to be addressed; Tips for other institutions looking to offer P2P payments. Wu has over 10 years experience in the financial services and information technology industries and has been with BECU since 2003. In his role as the Vice President of Virtual Banking, he is responsible for leading BECU's strategy as it relates to all remote delivery channels. He has played a major role in defining and implementing changes that impact the member experience within the ATM, online, telephone and mobile chann

Interview with Prof. Sree Sreenivasan of the Columbia Graduate School of Journalism Social media aren't just coming - they're here. And senior leaders need to understand how to maximize Facebook, LinkedIn, Twitter and other popular sites, as well as how to protect their organizations from very real security risks. In an exclusive interview, Prof. Sree Sreenivasan, Dean of Student Affairs at the Columbia Graduate School of Journalism, discusses: What's most misunderstood about social media; How organizations can benefit most; Ways senior leaders can improve their own professional lives. Sreenivasan is a technology expert and dean of student affairs at the Journalism School, where he teaches in the digital journalism program. He specializes in explaining technology to consumers/readers/viewers/users. For more than eight years, he served as technology reporter for WABC-TV and WNBC-TV in NYC and now occasionally appears on various TV shows to talk tech. For more than six years, he wrote a Web Tips column fo

Genie Laborde and Robert Nolan on How to Help Prevent First Party Fraud Want to know if a prospective loan customer is lying? Watch their eyes. And their breathing. And especially whether they move their lower lip. These are the tips from Robert Nolan, a former mortgage banker, and Genie Laborde, an author and speaker, who have teamed up to offer training for banking institutions looking to reduce first party fraud. In an exclusive interview, Laborde and Nolan discuss: Trends in first party fraud; Why facial expressions are key; What organizations can do now to reduce fraud. Laborde is the author of several books, Influencing with Integrity: Management Skills for Communication and Negotiation(170,000 sold); the follow-up book, Fine Tune Your Brain: When Everything's Going Right and What To Do When It Isn't, and the workbook 90 Days to Communication Excellence. Influencing with Integrity has been translated into French, Spanish, German, and Polish. Her latest is Influencing with Integrity on the Internet

Payment cards and ACH fraud have dominated the headlines, but mortgage fraud remains a very real threat to banking institutions and consumers alike. In an exclusive interview, Leigh Williams, BITS President at the Financial Services Roundtable, discusses: Mortgage fraud trends of top concern; Risks to banking institutions and consumers; Immediate steps to take to reduce mortgage fraud. Williams was appointed President of BITS in April 2007. Previously, Leigh was a Senior Fellow at the Kennedy School of Government at Harvard University, in the Mossavar-Rahmani Center for Business and Government. While at Harvard, his research focused on public and private sector collaboration in the governance of privacy and security. Prior to joining the Kennedy School, Leigh worked for many years at Fidelity Investments in various risk management, security and privacy roles, including Chief Risk Officer and Chief Privacy Officer. His most recent position at Fidelity was Senior Vice President, Public Policy. While with Fid

Interview with Gartner's Roberta Witty Organizations have made strides in business continuity/disaster recovery (BC/DR) planning. But BC/DR professionals need to sharpen their business skills to truly protect their organizations. This is the stance taken by Roberta Witty, research VP at Gartner. In an exclusive interview, Witty offers candid insight on: Today's top BC/DR challenges; Where organizations are most vulnerable; What BC/DR professionals need to do to be more effective. Witty is part of the Compliance, Risk and Leadership group within Gartner. Her primary area of focus is business continuity management and disaster recovery. She is the role specialty lead for the Gartner for IT Leaders (GITL) business continuity manager role. She is also a GITL Premier coach for Security and Risk. Prior to joining Gartner, Witty managed the global technology risk management function for the corporate trust business of The Chase Manhattan Bank. In this role, she was responsible for awareness, advisory and compli

Interview with H. Peet Rapp of ISACA's Cloud Work Group Everyone is talking about cloud computing these days - but are they having the right conversations? H. Peet Rapp is an information security auditor who sits on ISACA's Cloud Computing Work Group, and he's co-author of the white paper Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives. In an exclusive interview, Rapp discusses: Cloud computing trends; What's most misunderstood about the cloud; How organizations should proceed with their own cloud deployments. Rapp entered the IT audit/compliance profession in 2003, after publishing the widely read paper "An IT Executive's Overview of the Sarbanes-Oxley Act of 2002." With his firm, Rapp Consulting, he has audited, provided risk assessments and developed IT control frameworks for more than 70 organizations and developed a reduced IT control set for non-accelerated filers.

Interview with Tom Smedinghoff of Wildman Harrold The topic has been discussed for years, but now truly is the time for organizations to invest in federated identity management. So says Tom Smedinghoff, partner at Chicago-based law firm Wildman Harrold. In an exclusive interview, Smedinghoff discusses: What's new about federated ID management; Challenged to implementing a federated strategy; How to build a solid business case for deployment. Smedinghoff is a partner at Wildman Harrold, where his practice focuses on the new legal issues relating to the developing field of information law and electronic business activities. He is internationally recognized for his leadership in addressing emerging legal issues regarding electronic transactions, information security, and digital signature authentication issues from both a transactional and public policy perspective. He has been retained to structure and implement e-commerce, identity management and information security legal infrastructures for the federal g

Interview with Adrian Davis of the Information Security Forum In terms of payments, privacy and third-party relationships, U.S. security leaders have much to learn from - and share with - their peers in the U.K. and elsewhere in the world. This is the perspective of Adrian Davis, a senior research consultant with the UK-based Information Security Forum. In an exclusive interview, Davis discusses: Top threats to public and private organizations; Insights on payments, privacy and vendor management; Advice to organizations looking to improve information security globally. Davis heads the Leadership and Management group within the Research and Services Team of the Information Security Forum, responsible for delivering client-facing projects. His team covers topics such as the role and effectiveness of information security; the role and skills of information security professionals from junior analyst to the Chief Information Security Officer and Chief Security Officer; managing and assessing information secu

Interview with Mike Urban, Sr. Director, FICO Financial institutions and their customers are experiencing a frightening range of fraud scams. Where are their greatest risks? Mike Urban, Senior Director of Global Fraud Solutions at FICO, discusses: Today's top trends; Where organizations are most vulnerable; Steps to take to reduce fraud risk. Urban has 15 years experience in fraud management. He currently serves as senior director, Fraud Solutions, for FICO. He analyzes fraud issues and trends to provide continuous improvements in fraud detection technology. He also regularly works with law enforcement to help prosecute criminals and has been responsible for uncovering several crime rings in the US. As a renowned industry expert, Urban regularly speaks about fraud trends, best practices and solutions to industry groups. He has been quoted in numerous publications including the New York Times, MSNBC, Computer World, American Banker and ATM & Debit News. He has also written articles that have appeared in

Interview with Peter Spier of Fortrex Technologies Over the past year or so, since the Heartland Payment Systems breach, we've heard a lot about the Payment Card Industry Data Security Standard (PCI DSS). What does 'PCI compliant' mean? Can a PCI compliant organization be breached? What's the role of the Qualified Security Assessor (QSA)? Peter Spier, Senior Risk Management Consultant with Fortrex Technologies, has written a recent guest blog on PCI compliance, and in an exclusive interview offers insight on: The QSA's role; What's most misunderstood about PCI compliance; How organizations can maximize their compliance efforts. Spier is President of the ISACA Western New York Chapter and a Senior Risk Management Consultant at Fortrex Technologies based in Frederick, Maryland. Peter attained his graduate degree from Syracuse University's School of Information Studies and over the course of 12 years of experience, has earned Certified Information Security Manager (CISM), Certified Information Systems S

When it comes to data loss prevention (DLP), what are the major challenges facing financial institutions and other organizations? And how can these challenges be overcome? In this exclusive interview, Jason Vander Meer of RealTick discusses his organization's DLP strategy, and the solution he deployed from Code Green Networks. Additionally, Dan Udoutch of Code Green Networks offers advice for organizations faced with similar DLP challenges. Vander Meer is currently responsible for Information Security and IT Infrastructure Project Management at RealTick®, the electronic trading industry's premier global, multi-broker, broker neutral, cross-asset Execution Management System (EMS). He joined RealTick in 2005, and has since been the lead of managing Information Security risk assessment and mitigation. Vander Meer has a MS degree in Information Technology and Information Assurance from DePaul University in Chicago. Udoutch is the President and CEO of Code Green Networks. As a 25+ year Sales, Market

Interview with Dawn Cappelli of Carnegie Mellon University's Software Engineering Institute Insider crimes are among the biggest threats to public and private sector organizations. And yet too many groups continue to struggle to prevent or even detect these crimes. In an exclusive interview, Dawn Cappelli of Carnegie Mellon University's Software Engineering Institute, discusses: Insider threat trends; Biggest challenges for organizations looking to prevent crimes; Steps organizations can take to reduce risk. Cappelli is Technical Manager for the Threat and Incident Management Team of the CERT Technical Staff at Carnegie Mellon University's Software Engineering Institute (SEI). She has over 25 years experience in software engineering, including programming, technical project management, information security, and research. She is technical lead of CERT's insider threat research, a CyLab-funded project including the Insider Threat Study conducted jointly by the U.S. Secret Service and CERT. Before joinin

We've emerged from a global financial crisis, and now regulatory reform is coming to financial services. What do these events mean for the financial regulatory agencies - especially in terms of securing access to sensitive data? John Bordwine, Public Sector CTO at Symantec, tackles this question, discussing: The critical need to secure access to sensitive data; The business benefits of enhancing security; Key takeaways for non-financial organizations. As the Symantec Public Sector CTO, Bordwine currently serves as a trusted advisor, providing guidance on the development of products and solutions that meet government requirements and certifications specifically focused on the Public Sector markets. His responsibilities also include all technical activities related to Public Sector customers, which includes federal, state, and local government agencies, and education industries. In addition to these responsibilities, he also provides guidance to other Symantec business units around specific requireme

Steve Elefant, CIO, Heartland Payment Systems One theme repeated by every major Obama administration officials speaking RSA Conference 2010, the IT security conference held in early March in San Francisco, was the need for the government and business to work together to protect the nation's critical IT systems. Among those listening to these officials was Steve Elefant, chief information officer of payment processor Heartland Payment Systems, a victim of a 2009 breach considered the largest criminal breach of card data ever, exposing information on upward of 100 million cards. In an interview with Information Security Media Group Executive Editor Eric Chabrow, Elefant discusses the impact of the breach on Heartland's relationship with the government and other financial institutions to secure critical IT systems operated by the private sector.

Interview with Terry Austin, CEO of Guardian Analytics Recent ACH fraud schemes aren't just siphoning money from business banking accounts - they're eroding the trust relationship between small-to-midsize businesses and their banking institutions. This is the main finding of the new 2010 Business Banking Trust Study conducted by Guardian Analytics and the Ponemon Institute. In an exclusive interview, Terry Austin, CEO of Guardian Analytics, discusses: Headlines from the new study; The message from businesses to banks; How banking institutions should respond. Prior to joining Guardian Analytics, Austin served as CEO and president of MarketLive, a leading provider of eCommerce platform solutions, where he created a scalable business strategy, assembled a world-class executive team and led successful fundraising efforts. He was previously president of worldwide marketing and sales at Good Technology, a provider of mobile computing solutions, where he spearheaded the company's rapid growth from 10,000

C. Warren Axelrod is a veteran banking/security executive and thought-leader, and in an exclusive interview at the RSA Conference 2010 he discusses top security trends and threats, including: Insider fraud; Application security; Cloud computing. Axelrod is currently executive advisor for the Financial Services Technology Consortium. Previously, he was a director of Pershing LLC, a BNY Securities Group Co., where he was responsible for global information security. He has been a senior information technology manager on Wall Street for more than 25 years, has contributed to numerous conferences and seminars, and has published extensively. He holds a Ph.D. in managerial economics from Cornell University, and a B.Sc. in electrical engineering and an M.A. in economics and statistics from Glasgow University. He is certified as a CISSP and CISM.

What are the key banking/security topics on the minds of leaders of the nation's largest banks? At the RSA Conference 2010, Paul Smocer of BITS and the Financial Services Roundtable discusses: The Roundtable's information security priorities; How regulatory reform may impact security organizations; The future of the Shared Assessments Program - in banking and beyond. Smocer, VP of Security at BITS, a division of the Financial Services Roundtable, leads the group's security program. Smocer has over 30 years' experience in security and control functions, most recently focusing on technology risk management at The Bank of New York Mellon and leading information security at the former Mellon Financial. While at Bank of New York Mellon and at Mellon, Smocer was actively engaged with BITS as a member of its Vendor Management Working Group, as 2005 Chair of its Security Steering Committee, and as 2004 Chair of its Operational Risk Committee.

Education and training are two of the key priorities of information security professionals and organizations in 2010. And professional certifications are at the heart of that training. What's new in information security certifications? In an exclusive interview at RSA Conference 2010, W. Hord Tipton, Executive Director of (ISC)², discusses: Training trends; What's new from (ISC)2; Insight into new research on the profession. Tipton is the executive director for (ISC)², the global leader in educating and certifying information security professionals throughout their careers. Tipton previously served as president and chief executive officer of Ironman Technologies, where his clients included IBM, Perot Systems, EDS, Booz Allen Hamilton, ESRI, and Symantec. Before founding his own business, he served for five years as Chief Information Officer for the U.S. Department of the Interior.

From RSA 2010: Interview with Bob Russo, GM of the PCI Security Standards Council How will the Payment Card Industry Data Security Standard (PCI DSS) be amended, and when? These are the key questions in payments security, and Bob Russo, GM of the PCI Security Standards Council, is prepared to start answering them. In an exclusive interview conducted at RSA Conference 2010, Russo discusses: Key questions about PCI; Potential solutions to enhance payments security; Timeline for the release of the next PCI standard. Russo brings more than 25 years of high-tech business management, operations and security experience to his role as the general manager of the PCI Security Standards Council. Russo guides the organization through its crucial charter, which is focused on improving data security standards for merchants, banks and other key stakeholders involved in the global payment card transaction process. To fulfill this role, Russo works with representatives from American Express, Discover Financial, JCB, Mas

When it comes to protecting your organization and your customers from a data breach, what is considered "reasonable security?" This question is at the center of several ongoing lawsuits, and how the courts answer it may be one of the biggest stories of 2010. Shedding light on this hot topic is David Navetta, founding partner of the Information Law Group and co-chair of the American Bar Association's Information Security Committee. In an exclusive interview, Navetta discusses: Current regulatory trends, including the HITECH Act; Legal issues surrounding "reasonable security;" How to use existing standards to establish "reasonable security." Prior to co-founding the Information Law Group, Navetta established InfoSecCompliance LLC ("ISC"), a law firm focusing on information technology-related law. ISC successfully served a wide assortment of U.S. and foreign clients from Fortune 500 companies to small start-ups and service providers. He previously worked for over three years in New York as assistant gener