Rocket Software Sponsor Spotlight

Bloomberg

Watch Rocket Software Sponsor Spotlight - Bloomberg on Dailymotion

Transcript

00:00So I'm here with Sean O'Kara, who is doing his part to keep our financial markets secure.

00:07So, Sean, tell us a lot more about yourself and your role at DTCC and also what DTCC does.

00:16That's a good question. Good question.

00:19So DTCC is a significantly important financial market utility,

00:25obviously a critical component for U.S. and world markets.

00:31My role there is I run the offensive cybersecurity team,

00:35which is comprised inside the Threat Management Center.

00:39That's run by our CISO.

00:42And we have the SOC, an operations center.

00:46We have kind of this red team, so it's kind of a blue team, red team, purple team.

00:50We have a separate team that monitors the content and controls for that blue team.

00:55And we spend our time trying to gain access, right?

01:00We're emulating nation state actors inside our environment

01:04and seeing how those threat chains play out.

01:11Wow. So it sounds like there's a lot of DTCC

01:15and it plays a very pivotal role in the financial industry,

01:19just like the volume of the data and the platforms and everything which you work with.

01:24Certainly. So there's many very sensitive segments inside the network,

01:29a lot of specialized technologies,

01:31but we're responsible for quadtrillions of transactions per year,

01:36millions of transactions a second.

01:38So, you know, obviously it's a very critical space.

01:42How do you pick in that space a partner to partner with?

01:47And what kind of activities and the criteria goes in in choosing a software partner or a hardware partner?

01:53So our pen test methodology is to emulate threat actors around the world, right?

02:02Incidents that we see take place in other financial companies and other tech companies around the world.

02:08So this program has been running for more than 10 years and our quest to find kind of the best of breed,

02:16the best testers to implement our team in these very specialized, restricted segments is really key.

02:25It's, you know, to form relationships with those guys and work with them year after year has certainly been a challenge.

02:33It takes us years to validate a vendor, to onboard a vendor,

02:39but moreover to build a relationship with them and understand what those testers,

02:44those employees, what their capabilities are.

02:47You've got to, you know, understand their limitations and be able to trust them in those environments.

02:53So if I, as we were talking about it in the backstage here, that Rocket Software,

02:58so we take pride in not being considered a software vendor, but a software partner.

03:04But we have over a longstanding relationship in the security.

03:09Certainly.

03:09So over a decade or so?

03:11Over a decade.

03:12Wow.

03:13So as we're talking about the innovation and modernization without disruption and how do you see the domain of cybersecurity

03:24and you've been in the offensive side of the cybersecurity and trying to prevent the threat actors and AI.

03:31Do they intersect?

03:32Do they not intersect?

03:33Or how does that look like in the financial markets?

03:37Yeah, so much, so much to talk about there.

03:39Yeah, so certainly I'm also the founder and chair for the Pentest Managers Group as part of FSISAC.

03:45And over the years, I've certainly seen, certainly financial companies,

03:50but other tech companies that have started independent Pentest groups inside their companies

03:54and have been very innovative in that space.

03:57So I see that more and more, I think, over the next couple of years.

03:59I think it's just going to be a standard, just like vulnerability management.

04:03But with AI, we don't have a ton of models inside DTCC.

04:09We have a ton of controls.

04:11It's something we're heavily, heavily looking at.

04:14We've certainly leveraged AI to do some components to our pentesting, certainly around surveillance and discovery.

04:22I would like to see, over the next couple of years, how AI is going to play a role in the defenses,

04:28like on the security operations side, as far as triggering alerts and processing logs.

04:33And that's going to be very interesting, how that plays out, much to my detriment, if this is going to hurt us.

04:40But certainly, and there's been some frameworks and some preliminary tools around testing of AI that we've seen,

04:48and we've done some of that in our environment.

04:50And it's an amazing story on what you have done at DTCC.

04:53And if I know your platform, you still have, you talk about modernization without disruption.

04:58You're doing all of the security platform on mainframes for this high transaction volume.

05:03That's amazing.

05:03Yeah, it's certainly hard to find.

05:05That's one of the hardest environments to find specialists in that actually are best of breed.

05:10So, I mean, I can't emphasize how good Rocket was in that space.

05:15Thank you so much.

05:16Thank you, Sean, for taking time with us.

05:17Thank you, everyone, for taking time with us.

05:19And, Sean, thank you for continuing to make our financial markets secure.

Category

Transcript

Be the first to comment

Recommended