The Irish fintech’s CISO talks about the security trends she’s most excited about and the importance of a ‘nature and nurture’ approach to security culture.
Niamh Vianney Muldoon is an information security thought leader and Guinness World Record holder with extensive expertise in creating and leading global security and trust initiatives across multiple industries.
Muldoon was recently appointed as chief information security officer of Irish fintech unicorn Fenergo, which announced 100 new jobs globally at the beginning of the year and acquired Dutch compliance tech company Sentinels in April.
Based at Fenergo’s global headquarters in Dublin, Muldoon heads up all things information security-related for the company. This includes driving sales, engineering and customer service activities across its global operations.
‘What you can’t measure, you can’t monitor’
– NIAMH VIANNEY MULDOON
What are some of the biggest challenges you’re facing in the current IT landscape?
The biggest challenge I see is that many firms are beginning to realise that security isn’t just a technology problem and security teams reporting directly into the technology organisation may hinder success in creating, fostering and growing a culture of security throughout the organisation. It’s important that an organisation’s culture and security work hand in hand.
A security ‘nature and nurture’ approach is needed. Enterprises should focus on their security culture, setting the tone from the top of the enterprise. Build highly performing teams which include having the security voice and input at the design and architecture stages.
Measuring, monitoring and rewarding teams for implementing security requirements throughout project development lifecycles and who are recognised as having ‘security conscious’ mindsets.
Always remember our employees are our greatest asset. We need to nurture our trust and security relationship with them daily. Open and honest communications from leadership across all areas of the business, including information security training, awareness and threats your organisation faces is what is needed.
This includes educating employees on the consequences to them and the organisation of being involved and participating in insider threat activity. It is only through security awareness training that employees will be prepared to face them as they come and know how to report the threat, and to whom.
At Fenergo, we operate to ‘security first’. Security is engrained in our people, processes and technologies, and therefore is evident in our product and service offerings.
We also believe what you can’t measure, you can’t monitor, so therefore all our employees have a security-first objective part of their annual performance objectives/goals with set key performance indicators. This provides our CEO and his executive leadership team with assurance that we are continuing to align to global industry best practice for how we operate security.
What are your thoughts on digital transformation?
IT leaders working with businesses of all sizes, across all industries and geographical regions, are going through digital transformation programmes to deliver quality business services at any time, from any location and from any device. These programmes have accelerated at times of uncertainty and businesses are having to meet employee expectations of ‘work from anywhere’.
The biggest threat to their business model is not taking the time to define a strategy for this digital transformation. A strategy that focuses on operational excellence.
Migration to the cloud is the foundation of many digital transformations and training is core to equipping people with being able to adapt effectively to support the business delivering to operational excellence.
There are five topics I recommend covering for IT leaders and organisations to be successful with digital transformation and the move to the cloud. These topics will allow an IT professional to tailor their approach to deal with daily operational items.
- Operational excellence: This is defined as delivering quality services while balancing cost and risk. So understanding, categorising and classifying your cloud applications and platforms. Defining service-level agreements and key performance indicators. Reporting on these leadership on a monthly cadence.
- Single business view: Having a single view of their business from a cloud technology and data asset perspective reduces cyberthreats and risk significantly. What you cannot measure, you cannot manage.
- Single data and technology view: Having a single view of our cloud applications and platforms. Streaming access to one platform.
- Streamline access control security monitoring: Having a single source of truth for access control for all cloud applications and platforms supports the cybersecurity and security operations team, identify potential threats quickly and respond accordingly to reduce business impact and consequence.
- Protecting access to data: With the increase in global regulations associated with data it’s important that all IT professionals are trained and made aware of them.
How can sustainability be addressed from an IT perspective?
Like with trust and security, sustainability is a huge business differentiator. From what I see, sustainability from an IT perspective is about building and measuring carbon footprint per technology service offering.
It’s also about making purposeful decisions on key performance indicators to reduce and/or improve these ratings and communicating key performance indicators in a transparent fashion to all stakeholders.
What big tech trends do you believe are changing the world?
The dark web operates as its own economy with the same basic economic principles as the legal/mainstream economy of supply and demand. Individuals are identified, targeted and recruited into the dark web economy.
The growth and diversity of specialised attack services such as phishing, spear phishing, smishing, ransomware, denial of service, identity theft, money laundering and payment fraud has led to malicious attackers seeking expertise to support the execution of these services.
Cybercrime has no geographical boundaries and the more we can collaborate on both legal and global task forces, the more impactful we will be in our fight against cybercrime.
I am most excited about real-time transactional monitoring advancement and how this is enabling financial institutions to better understand client behaviours and detect and prevent fraud and financial crime.
Not only does it allow the financial institution to meet regulatory obligations, but it also makes it harder for criminals to launder proceeds in the financial system.
How can we address the security challenges currently facing your industry?
According to a recent Fortune Business Insights report, the global cybersecurity market value is projected to reach $281.74bn by 2027. However, many organisations are struggling to hire appropriate skilled talent. In fact, according to a survey by the Centre for Cyber Safety and Education, unfilled cybersecurity jobs are expected to reach 1.8m by 2022.
I believe strong leadership in the information security field is needed, to nurture talent and protect and grow businesses. A leader that cares about their biggest information asset – their people.
Leaders put their people and their best interests first. Sponsorship over mentorship is the second biggest quality for an outstanding leader. Sponsorship being the person has enough faith in you that they are willing to put their own career on the line, backing you with opportunities
I urge all technology and business leaders to sit down with their security teams on a regular basis to ensure they continue to feel supported.
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.