Finastra: Delivering Frictionless Cybersecurity Services
Eric Hussey is Finastra’s recently appointed Senior Vice President and Chief Information Security Officer. Appointed in October 2023, Eric’s responsibilities encompass enterprise and product security engineering and architecture, identity and access management and cyber defence.
After all, Finastra is a digital company, its products are digital in their very nature. This means that not only does Eric’s work help secure security needs for Finastra, but cybersecurity solutions are also significant components of the products and services Finastra offers to its customers, which include 45 of the world’s top 50 banks.
“The Cyber Defence remit is crucial to protecting our customers and employees, it’s our eyes in the sky, if you like, continuously detecting and responding to threats on a 24x7 basis,” Eric says. “We partner with companies like BlueVoyant to help us do that, to augment our internal 24x7 detection and response capability. This joint capability is further augmented by dedicated engineering teams focused on automation, AI, Threat Intelligence and Vulnerability Management.”
The evolving importance of cyber defence
Cybersecurity is more important today than ever before. Nobody knows this more than Finastra’s CISO, who rightly says “things are much different” from when he first started out in the industry almost 25 years ago.
In fact, at the time Eric joined the working world, it couldn’t have been worse for a burgeoning technologist – graduating from university during the aftershock of the dot-com bust.
Nonetheless, he managed to secure a six-month contract position with Fiserv, where he leveraged his systems and software experience to understand and adapt to the fast-paced nature of a leading fintech organisation. His early success here allowed him a full-time opportunity with Fiserv’s cybersecurity team.
“This was back in 2001,” says Eric, “a time when security – from today’s perspective – would be considered very basic or even legacy. Back then you had a mainframe security team, a network security team and maybe a distributed systems security team– there wasn’t a prevalent conversation around software security at that time. However, that evolved rapidly; today we all know how reliant we are as a society on software and therefore we understand the importance of how resilient and secure that software is.
“I’ve been in cybersecurity for almost 25 years now, and I’ve been able to grow and evolve personally and professionally alongside the technology over those years. I have been fortunate to have such a very rewarding career,” says Eric.
Today, Eric’s position in cybersecurity is more than just a job. He sits on the Executive Cybersecurity Exchange, which drives industry collaboration and is a member of Cyversity (once known as ICMCP).
This gives Eric the chance to mentor underrepresented minorities in cyber and information security. “I was given an opportunity to work in the cybersecurity space, now it’s about giving back and helping others on their career path in the space,” Eric notes. “In Finastra, we frequently use the term ‘lift as you rise’ and it’s something that I believe all leaders should champion.”
Now at Finastra, Eric refers to himself as “ambitious business leader, passionate problem solver and team developer”. Indeed, the cybersecurity space is filled with challenges and it isn’t enough today to just be technically competent; you need to solve complex issues in alignment with protecting and enabling the business strategy on a daily basis.
“I see these challenges as opportunities,” Eric adds. “Not every set of circumstances is the same. New challenges represent new opportunities to enable business value which I am passionate about.”
Scaling cyber defence at a leading financial services software player
Joining Finastra represents a return to Eric’s roots, where he spent time in various other sectors too. At Finastra, Eric leads the cybersecurity initiatives across its core domains of Lending, Payments, Treasury and Capital Markets, and Universal (retail and digital) Banking.
“Finastra is a premium brand,” says Eric. “It was very exciting coming to the company and re-entering the fintech space, which sits at the intersection of regulatory requirements and rapid innovation.”
In his short time at the software company, continuously improving cybersecurity is something Eric and his team never cease to make great strides in.
Indeed, as a leading software company, Finastra already has a robust cybersecurity programme – industry regulations mean it must deliver safe and trustworthy products to its customers.
With threats ever evolving, however, cybersecurity is a continual journey, not a destination. And Eric has implemented a three-step plan to drive Finastra’s robust cybersecurity program towards the future.
“This includes strengthening our foundation, targeting risk reduction and differentiating our products in the marketplace,” says Eric.
He continues: “When I talk about strengthening our foundation, this is no different than what any other organisations must continually strive for – continuous improvement through constant iteration and innovation.”
Traditionally, Finastra, like many other software companies, began as a commercial off-the-shelf product-producing company, but has focused on evolving them to be consumed in a software-as-a-service (SaaS) model.
“This rapid evolution in product software delivery means as a service provider, it is required that our products must always be resilient, safe and secure. To accomplish this, many of our internal process required optimisation as well.”
“That is why strengthening our foundation remains important always because it must constantly be improved upon as we modernise and optimise for the future,” he adds.
Today, instances of fraud and cyber breaches across many industries are increasingly common. Risk reduction, as a result, has become more important for SaaS providers like Finastra - particularly as it serves the financial services industry.
Eric explains: “Given the continuous evolution in the cyber threat landscape, the challenge every cybersecurity professional faces is placing investments wisely and with aligned intention. Partnering with key stakeholders in the organisation is essential towards a one company approach in placing those investments appropriately. To help aid decision making, I like to bucket challenges into two main areas.
“The first is regulatory compliance. This encompasses the security controls you must have, and for us cybersecurity professionals, it’s about doing that as effectively and efficiently as possible.
“The second bucket is to incorporate the capabilities you need to target specific areas of risk. My team and I like to think like business executives, we just happen to work in cybersecurity.
“What I mean by this is that we must think about how our organisation creates value for our customers, and ask how we protect and enable that value today - and in the future.”
This, for Eric, leads to strategic differentiation – it’s about enabling value for Finastra’s clients. Of course, software today underpins our everyday life, but for Eric and his cybersecurity colleagues, it’s about understanding how cyber can help drive market differentiation within products and in comparison to the competition.
“With a business-first focus, my team and I must think about how the solutions we create drive value internally and externally. For example, internally, we are very focused on the developer experience and how the cyber team can enable faster, more secure software development - with the end goal of bringing safe, secure and resilient products to the market even faster.”
Leveraging tech for the future, intentionally
If one thing is clear for Eric, it’s that technology is a great enabler to solve specific business challenges. As technology advances at an increasingly rapid speed, this does not mean it should be implemented for the sake of it.
“Technology implementation should be a business decision and very intentional,” he says, “not purely an engineering decision. It must be done with a unified purpose. Without that unification, technology implementations often do not yield the return on investment that organisations hope they initially would.”
With that said, the arguments for not implementing AI are becoming all the more indefensible. The technology has proven its usefulness, and at Finastra, conversations are taking place over how best to adopt and implement it.
“We’re really starting to think about how AI can enable our functions, particularly in cybersecurity,” says Eric.
“I think of it as a copilot – it can be a great enabler for us. It will be another tool in the box that we can use for highly intentional purposes.”
One of the challenges of automating processes in cybersecurity is that there can be a lot of tech and process variety. Many routine tasks are already being automated with reasonable accuracy.
“We've had this with Robotic Process Automation (RPA) in the other functions we use,” says Eric. “Its application to cybersecurity, however, across any industry, is perhaps not where it could be...yet.
“The key is to iterate and test, iterate and test. I believe we will be leveraging automation more and more using AI. Early signs point to AI being a very effective enabler.
For cybersecurity organisations today, it is vital that resources are utilised to address the most important opportunities. “In many organisations, for this to become a reality, we need to free up resources that are stuck actioning low value but often very necessary activities. AI will be instrumental in helping us realise that opportunity,” Eric adds.
Scaling cyber defences with BlueVoyant
Leveraging technologies like AI can also support Finastra in creating additional value through its partnerships, particularly in cyberdefence practice. BlueVoyant is one partner that has worked closely with Finastra on cyberdefence for many years.
“It is essential that our key partners work to the same high standards that we set ourselves, to ensure that our products are not only safe, but they're secure,” Eric notes.
“BlueVoyant has an unwavering dedication to partnership through customer service and subject matter expertise. It has excellent resources for us to collaboratively work with. And, as we take advantage of technologies like AI and automation to work more efficiently and effectively, it assists us in that journey. It is a strong partnership.”
Finastra also partners with Microsoft today, for cloud and much of its technology suite. Most recently, the company participated in Microsoft’s Early Adopter programme for generative AI and launched a comprehensive skills programme for its entire global employee base.
“Microsoft and Finastra continues to be a powerful collaboration. It’s a strategic partnership, rather than a vendor relationship, and we work closely together and learn from each other.”
The future is Finastra
With the support of its partners, and an AI-led future incoming, Eric is excited by the future innovation his cybersecurity teams can drive.
“Effective cyber programmes are those that always possess an element of future-proofing,” he says. “The banking sector has been an early adopter of technology and is extremely innovative. That means that, in a financial services software company like Finastra, we are able to focus on solving industry challenges perhaps sooner than in other industries. We have a huge, and privileged, opportunity to shape the industry.”
For Finastra, the demand is there to deliver cybersecurity in an elegant way. “Customers want value faster and they want it delivered more securely – and we want the same,” he adds. “Being that trusted provider to our customers that delivers quickly and securely is crucial.”
“In a highly-regulated industry, compliance also plays a critical role in ensuring cyber resiliency. Cyber is a frequent and priority Boardroom conversation and an area of focus from a national security perspective. Regulation is essential to ensure we keep people, businesses and societies safe.”
“In a nutshell, our opportunity is to build, and help our customers build, secure, customer-centric and market-leading financial services products, more frequently and at greater velocity, while also adhering to regulatory requirements, which are continuously evolving.”
“That is top-of-mind for me. Each day I ask myself ‘how do I best position my team to serve Finastra effectively and efficiently, both internally and externally, in a way that is as frictionless as possible?’ That is what makes my job both exciting and rewarding.”
**************
Make sure you check out the latest edition of FinTech Magazine and also sign up to our global conference series - FinTech LIVE 2024
**************
FinTech Magazine is a BizClik brand