










Nothing is ever truly free. The internet might seem to be a
free service, but the cost of scrolling the net without paying a cent is you. Every platform we sign up for requires an email account and agreement to their privacy terms, a seemingly harmless request that has resulted in potentially serious concerns for not only individuals but also democracies of the world.
The internet has become a necessity of life in modern society. For the average user, the cost of trading themselves and their data to be able to use the net might not seem like a fair trade, but alternatives have hardly existed till now.
It is an open secret that user data is being sold on the black market and is being used to manipulate people and societies. The Cambridge Analytica scandal and other such incidents have played an eye-opening role in the critical damage user tracking can do. Events such as these have perhaps highlighted the importance of tackling data privacy not only at the individual and organizational level but also lawfully and governmentally.
Consequently, the biggest tech companies with the most browser usage statics, Google and Apple, have made changes to their privacy terms. Numerous regulatory bodies have also stepped in, increasingly requiring websites to be more transparent in what data they are collecting and to whom they are sharing with.
Undoubtedly, there has been pushback. Companies like Facebook and Twitter rely on advertising and user data for the majority of their revenue. Others have presented valid arguments that
shutting out other companies from tracking user data would result in a Google, Apple, and Microsoft monopoly because they still track users who use their browsers. There are also startups that have come up with alternative models that hope to strike a balance between the user and advertiser.
As the debate on privacy and security rages on, we at CIOLook decided to launch the '10 Most Influential Leaders in Cybersecurity, 2022.' In this edition, we approached various leaders in cybersecurity to get a diverse perspective on the happenings of the cyber world and its impact on organizations and societies.
Sa ks h i Sh r iv a s ta v a
Senior Editor Alan Swann Executive Editors Abhishek Joshi DESIGN Visualizer Dave Bates
Art & Design Director Revati Badkas Associate Designer Sandeep Tikode SALES
FOLLOW US ON www.facebook.com/ciolook www.twitter.com/ciolook
WE ARE ALSO AVAILABLE ON
SME-SMO Research Analyst Eric Smith SEO Executive Ravindra Kadam
Jones Editor-in-Chief sales@ciolook.com
CONTACT US ON
Email info@ciolook.com For Subscription www.ciolook.com
Vice President Operations Kshitij S. Senior Sales Manager Prathamesh Tate Sales Executives Rohit, John TECHNICAL Technical Head Amar Sawant Technical Consultant Victor Collins November, 2022
Copyright © 2022 CIOLOOK, All rights reserved. The content and images used in this magazine should not be reproduced or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission from CIOLOOK. Reprint rights remain solely with CIOLOOK.
ShellieAkinlawon Babajide Fayokun Ethical Hacker
Ben Rothke
Senior Information Security Manager
Bobbie Stempfley Vice President
Brenda Ferraro Head of Technology Third Party Governance
Brenden Smith CISO
Chris Leigh, CISO
George Eapen Group CIO
Boch Systems West Africa bochsystems.net
Tapad tapad.com
CERT Division at the Software Engineering Institute dell.com/en-in
Wells Fargo wellsfargo.com
Boch Systems West Africa provides customized solutions dealing with data security, data misuse, web attacks, and digital forensics.
Tapad Graph is evolving with the changes to privacy regulation and data deprecation across our customer's most essential touch points with consumers to support their efforts without disruption.
The CERT Division is a leader in cybersecurity.
Wells Fargo’s vision is to satisfy its customers’ financial needs and help them succeed financially.
FirstBank efirstbank.com
Eversource, eversource.com
Petrofac petrofac.com
Marissa Reese Wood, Executive Director
Mark Alvarado, Director of Cyber Security & IT Compliance
Priyanka Jayakumar, Cybersecurity Blogger
JP Morgan jpmorganchase.com
FirstBank offers banking solutions for businesses and consumers including loans, mortgages, checking and savings accounts, online and mobile banking.
Eversource is a business & residential energy provider in CT. Access information about your residential account, outages, programs, safety tips and more.
Petrofac Limited is an international energy services company that designs, builds, manages and maintains oil, gas, refining, petrochemicals and renewable energy infrastructure.
J.P. Morgan is a global leader in financial services offering solutions to the world's most important corporations, governments and institutions.
Academy offers the best brands under one roof — curated to make the most of every budget. academy academy.com
Cybertronium cybertronium.com
Cybertronium is a Cybersecurity Product, Services and Training company that provides highly focused skills training with 100% hands-on practical experience.
Brenda Ferraro Head of Technology Third Party Governance Wells FargoI was sent off to receive a process mastery certification which I leveraged to drive innovations and influence to enhance processes using innovative techniques to eliminate risk out of the third-party ecosystem.
Reliability is required for one to feel protected
from every potential threat. It initially begins with parents and slowly, as it turns out, becomes essential in every instance – from consuming food to using technology.
While the present cuisines are traced and doubly layered at every step of the process to ensure safety, one may wonder about the elements that are ensuring consumer protection in the new age of the internet world. As per current statistics, the internet has become a vulnerable spot for everyone – from children to the elderly. Apart from its social repercussions, it hurts the global economy, too, costing the world around $10.4 trillion annually by 2025.
But global leaders are curating a durable, cost-effective, and stronger solution than the rising incidences of multiple types of cyber-attacks.
One such leader is Head of Technology Third Party Governance – Brenda Ferraro , who made a 360-degree turn in her career choices from first selecting arts to now managing complexthird party programs. Marching forward with her passion in the field and resolving the ever-emerging technological challenges, she is fabricating an internet world that is secure for everyone.
This purpose is enhanced by her active role in Wells Fargo , a company that is providing its customers with secured financial services and simplifying lives with everyday checks. They aim to protect account holders from any kind of threat in the financial sector. Let us dive to read more about how Brenda is leading change in this sector!
Brenda's journey as a business leader, throughout her career to the position at Wells Fargo, was not a traditional one. She had to face challenges as a female in a world where there are 15 percent or fewer female leaders; what she brought to the table was experience rather than a degree.
Talking about the process and subsequent accomplishments because of this approach, she shares, "Early on in my career, executives took notice of my ability to break down processes and reconstruct them by removing delay and waste. I was sent off to receive a process mastery
certification which I leveraged to drive innovations and influence skills to enhance processes using cutting edge techniques to eliminate risk out of the third-party ecosystem.”
Over the years, Brenda learned how to properly navigate the cyber security world through tenacity and surrounding herself with people who thrived on making a difference, which helped turn her into a third-party risk and incident management strategic anomaly.
Wells Fargo's Technology embodies a 6-S Strategy as their vision to foster paths of new frontiers, powered by a mission to deliver – stable, secure, scalable, and innovative services at speeds that delight and satisfy the customers and unleash the potential and skills of the employees.
She is influencing the Technology Third Party Governance modernization program as the new frontier for Third Party Governance. She believes that recognizing the current way of doing business worked well in the past, but it is also a ripe time for taking the process and workflow and transitioning to a more modern transformation.
I found myself pulled back into the financial sector when I was asked to help Wells Fargo transform their Technology Third Party Governance program.
While briefing about the company's services, she says, "Our program functions and techniques are being refocused on how we partner with our Third Parties. The cutting edge, not best practice, builds in fundamentals of what we call –continuous evaluation and real time risk management."
Because of this, she states, "Questionnaire and survey responses will be reduced, and questionnaire fatigue will be history due to a capability where third party questionnaire responses can be harmonized with threat intelligence and other means to better understand third party risk assurance. As a part of governance, the machine learning and artificial intelligence reporting will be on steroids due to the Key Risk, Performance, and Control indicators captured for transparency in Metrics & Measures to heighten risk management awareness.”
Back when Brenda was attending high school into college, she did not have third-party risk management as her career of choice. She says, "I wanted to be a triple threat in the art of music, singing, and theater. The thought of cyber security, third party, incident management, and process management never once crossed my mind."
She supposed that focusing on the arts provided her with the ability to think ahead, gave her the platform to speak in front of people, and learn about how to create grandiose things.
Throughout her career, she has had the pleasure to help define and design strategies at large and medium-sized companies of every sector. She started in the financial industry and found her way back to the industry but with a different twist towards banking. Sharing her moment of realization, she says, "I was caught off guard with the compliance and regulatory requirements that banks are subject to uphold. I quickly discovered how critical and important control management is for the banks. I found myself pulled back into the financial sector when I was asked to help Wells Fargo transform their Technology Third Party Governance program."
For her, this is not a job; it is a love for creating something big, something different, something exciting and new. Even something that other third-party programs, industry agnostic, will want to use to help drive risk out of their ecosystem as well.
Brenda thinks that transforming an organization from doing what they are used to for many decades to embarking on a future of cutting-edge techniques is a huge occasion for the organization as well as its employees.
For this, the key elements and strengths that she looks for in the people and culture are the ability to change, do things differently, and make a difference for not only themselves or their department but also for others outside their area of control. This, she thinks, should be supplemented with the values of sincerity, logic, trust, and the ability to get things done at a rapid pace without complaint.
She comments, "Time can be a transformation's and a modernization's worst enemy. It takes courage and the ability to see past the norm to create something that has not been done before. The strength to beat all odds seems so cliché; however, that is what is required to become better than the best and better than great.”
Brenda opines that leveraging a give-me-what-you-got approach to third-party management will help to provide a broad spectrum of intelligence that can be formidable in making risk-based decisions.
She finds that many who try to accomplish proactive risk management do not get past the legacy techniques that have been used and that employees are used to. "Best practices are not best practices if everyone is using them" , comments Brenda. Her experience suggests that techniques need to be stretched far beyond what is thought to be possible, and only then can one break barriers making way for fundamentals that have not yet been discovered.
Every company where she had the opportunity to influence has received the recommendation to build a portal where information can be shared to combat the advisories and the attacks. She says, "It is not easy to manage a real-time bi-directional portal for your third parties. But your third parties and your internal stakeholders deserve automation that provides transparency of what risks are present or being remediated.”
Brenda observes that change for some people is not comfortable, so over-communication is the key. She further adds, "Keep in mind that transforming an organization and a program cannot be built using a platform or a software program. Platforms and software can be leveraged to implement automation where possible but cannot be used to define or design your techniques or talent.”
Every resource that works with her wants to provide them with the ability to succeed in their career. Brenda shares, "I would like to share, with each person I interact with, the ability to take what they learn and spread it globally. Specifically for the banking industry, I would like to see third party programs use continuous evaluations where questionnaires become a trend of the past."
Continuing with these strings of thoughts, she says, "Something for the history books, of course, but something that we need to let go of – as we did with corded telephones, or cassette recorders, or VHS tapes. Yes, I just dated myself, but if you think about it, evolution is inevitable and why not be a part of how it is transformed to make your mark?”
Information gathering is not what one should be focused on for third-party risk management. Brenda is sure that the new age of risk management is a partnership and the ability to harmonize what the third party tells and what threat intelligence knows about their practices.
The present becomes the past in seconds, so it is true for the future that turns into the present in no time; hence it requires leaders to be quick and already decide on what they foresee.
For Brenda, the next momentous change in the banking sector is migrating from reactive to proactive risk management. She asks, "Wouldn't it be spectacular to have the ability to act on incidents with rapid response techniques that will inform the information security and technology space specifically what action needs to take place without having to request information from thirdparty business partners?"
She invokes each one to imagine the ability to be already informed about the impact a known third party
Our program functions and techniques are being refocused on how we partner with our Third Parties. The cutting edge, not best practice, is building in fundamentals of what we call – continuous evaluation and risk management.
will endure and to help them rather than polling these third parties to determine if an incident impacts them. Probing deeper, she questions , "Wouldn't it be great if you could determine weak security domains with trending data to help to combat the vulnerabilities proactively as an ecosystem that thrives on making it difficult for the advisories?”
At Wells Fargo, they are preparing to be the first in the banking industry that will be the front runners in concert with their peers. The company's new ways of business will foster the knowledge to know who is impacted by a vulnerability without having to ask and strengthen not only Wells Fargo and its Third Parties but also a fellow on a global front.
The common question asked by an individual is about their future goals. In that long list, Brenda's name is included too. So, sharing the details about how she envisions her future to be, she says, "My future goals at Wells Fargo are determined by where the company needs me. I am unwavering to help lead and influence those around me in a way that fits their desire to grow, their way of being valued, and their overall learning style."
Adding on, she says, "I desire to fulfill the needs of the company and to make sure I am helping those working with me to succeed as a cohesive organization that creates a positive impact to any department internally and externally where we can.”
Before motivating the young generation, she makes them realize an important fact. She says, "When I worked in the vendor space, which is not really the dark side as I learned so very quickly, I just didn't realize how much I missed the corporate sector. Both types of industries are vastly different. Both demanding and of course both rewarding.”
Speaking from her ocean of experience so far, she conveys, "If you aspire to build a third-party risk management program or going into incident management, I recommend you take a good look at what your dreams are for your life and turn that dream into a reality. Never lose sight of focus towards the good that you should share with others.”
She thinks that Cyber Security and Information
Security, as well as Incident Management, can be a thankless job. As a woman, or even non-gender specific, this career field changes constantly. It is not for the weak of heart. And, if one has the stamina and the drive to make a change in the world, then never give up because unchartered territory will not come easy, yet unchartered territory is extremely adventurous and exciting.
Lastly, she pens an essential and motivating thought where she says, "Each one of us has something special to bring to the table; make sure you bring that stellar capability to light. Make a mark on the world, on a person, on a process. Do not just make a legacy; become the legacy.”
I desire to fulfill the needs of the company and to make sure I am helping those working with me to succeed as a cohesive organization that creates a positive impact to any department internally and externally where we can.