The big banks’ cybersecurity chiefs are not the average techies, traders or salespeople you generally meet in finance.
The chief risk officers to whom they sometimes report often come from a quantitative background, because their role, driven to seniority by the financial crisis, has been to ensure the complex financial risks banks run are managed in a way the regulators are happy with. But the security guys do not need to understand derivatives calculus, they need to understand how criminals and hostile states think and act.
|
“We hire people from the security services and from law enforcement because they can give you a realistic, granular view,” says one bank’s C-suite member. “These are real hands-dirty people – they may have killed someone – and we combine them with commercial people, who know what can be done and what cannot be done.”
The trend is particularly pronounced at the large US banks, most of whom have picked super-senior ex-National Security Agency, Federal Bureau of Investigation, Department of Homeland Security, White House and Central Intelligence Agency operatives to fill the key cybersecurity jobs.
Tom Harrington was hired in 2012 and is a managing director and the chief information security officer (CISO) for Citi.