Gov Business Review Magazine

Huntington National Bank

Mark Gordon, Vice President of Cloud Security SME

Importance Of Integrating Cybersecurity In Every Nook And Corner Of The IT Infrastructure

However, the effectiveness of people using these security measures and basic attack techniques still isn’t assessed appropriately. They need to build a comprehensive understanding of about the evolving cyber threats so they can secure their defense and ensure that their threat detection and protection isn’t compromised.

Could you give me a brief overview of the journey that you have had in the industry before you became the senior cybersecurity and risk management expert at Huntington National Bank?

My expertise in the semiconductor industry paved the way for my journey through the aerospace sector first, from where I went to the automotive sector, and then the banking industry. Before Huntington National Bank, I was employed at Fiat Chrysler Automobiles (FCA) as the enterprise security architect for automobiles. My job was to aid them in understanding the best way to protect their vehicles from an IP perspective and prevent the connected vehicles from being compromised. I made recommendations on Trusted Platform Module (TPM) and worked with secure versions of operating systems—including MC Linux—from Google to help them set up a secure gateway.

What are some of the trends that you are noticing in terms of cloud adoption, and how are organizations handling their migration processes?

The adoption of cloud computing solutions has increased owing to their greater benefits when compared to on-premise solutions. From what I have seen, customers try to shift as much as they can off of their own books and onto the cloud providers’ books whether by embracing native services that have security baked in or reduce the attack surface and the number of misconfiguration possibilities. The cloud vendors will always try to make these things easy. But, it is not as easy as flipping a switch, even when you have skills in Terraform coding and Python. You need expertise around security requirements to make adjustments with quality and security.

Don’t try and change the whole corporation at once; pick a couple of projects that have some visibility and improve them

It also comes down to the management of the cloud. We will see a better adoption and acceptance once fundamental knowledge of what security services can do for all the areas is better understood. In particular, we will need to better educate executives and managers with approach rather than the technical know-how of how DevSecOps model works. It is a shared responsibility and can accommodate and implement the model. Don’t try and change the whole corporation at once; pick a couple of projects that have some visibility and improve them.

Can you shed light on some of the reasons why cloud adoption has increased after COVID-19?

There are several reasons and aspects surrounding the rise of cloud technology. During the pandemic, executives had to rethink how they could accomplish their goals remotely. They began adopting cloud technologies, but their concern for cybersecurity also increased. Organizations began investing millions in security products and incident response personnel to deal with the potential risks.

However, the effectiveness of people using these security measures and basic attack techniques still isn’t assessed appropriately. They need to build a comprehensive understanding of about the evolving cyber threats so they can secure their defense and ensure that their threat detection and protection isn’t compromised.

Having said that, many cloud providers are using latest security policies for monitoring customer data. So, that’s a silver lining of the accelerated cloud adoption after COVID-19.

What would be your piece of advice to your peers or the leaders in the cloud security space today?

Take the time for research and training to incorporate the basic concepts into different areas of your business. This reduces the problem of getting answers and managing teams that need solutions. If you are getting a consultant, understand that they will not have all the answers. I would recommend to peers that they attend at least one virtual conference a month, if not more, in multi-domain and multi-sector conferences to get their perspective and shift protocols or standards to best-known practices. Nowadays, hacking, phishing, and malware incidents are becoming significant sources of security breaches. Even more troublesome, the hacking attempts are, in a sense, the result of human error. Education and awareness are essential to combat cybercriminal activity and prevent security breaches.

The articles from these contributors are based on their personal expertise and viewpoints, and do not necessarily reflect the opinions of their employers or affiliated organizations.