Interview with Christian Scott, Chief Operating Officer (COO) and Chief Information Security Officer (CISO), Gotham Security, an Abacus Group Company
Q: Can you share insights into your career journey and what propelled you into the cybersecurity field?
A: My journey into technology began at a very young age, fuelled by a blend of creative curiosity, a fascination with computer programming, and a love of creating video games. These interests steered me toward a career in computer networking and systems engineering, where I gained a knack for helping to build and manage data centres in the health information technology space.
My entrepreneurial spirit led me to help build and become a partner of GoVanguard, an IT managed services and cloud services provider, where I built a line of business around cybersecurity services with my business partner Blake Shalem. I’ve always found cybersecurity captivating – it was a field where learning never stops and where I could make a tangible difference by identifying and addressing security risks to protect businesses.
I also founded two non-profit organizations in the domain of cybersecurity: Enclave Regenerous and Cyber Judo, through which I’ve taken time to help create free cybersecurity content and upskill people in cybersecurity alongside my colleagues Blake Shalem and Travis DeForge.
Q: What’s a key piece of advice you would give someone aspiring to be in cybersecurity?
A: If you’re considering a career in cybersecurity, my top tip would be to begin by applying security principles to your own digital life, even from a young age. Begin by securing your personal life, your home network, personal devices, and online accounts. Learn the essentials of identifying phishing attempts and educate your family and friends on spotting scams and identify theft attacks.
This pragmatic approach not only deepens your understanding of cybersecurity in everyday contexts but also provides insight into the tactics used by cyber attackers, an aspect that is often challenging to learn solely from books. This hands-on experience can be invaluable in determining your passion for the field and in developing foundational cybersecurity skills that help set you up for your later career.
Q: Reflecting on your time with Gotham Security, what are the key milestones and achievements under your leadership?
A: Over the last few years, we’ve achieved significant growth and expanded our clientele to include numerous Fortune 1000 companies and financial institutions, setting a gold standard in cybersecurity services. While this has been under my leadership, I attribute our success to our entire hard-working team who collectively set the bar high when it comes to delivering quality cybersecurity services.
I also take particular pride in leading the development of our security lifecycle management platform, Panoptix, which has revolutionized our approach to assisting alternative investment firms with managing their cybersecurity programs. Panoptix offers a more cost-effective way to implement comprehensive security programs through enhanced risk management, compliance, and remediation tracking.
The evolution of Panoptix, shaped by our long-standing customers, has played a crucial role in our success, with their positive feedback being key to our ongoing growth and reputation in the industry.
Q: How does Gotham Security’s approach to cybersecurity differentiate itself in the highly competitive financial services sector?
A: At Gotham Security, we differentiate ourselves by offering an unparalleled customer cybersecurity experience in addition to our deep technical expertise. We approach our relationships with customers as a valued partnership by providing continuous insight, not just trying to check a checkbox. Our dedication to collaboration and delivering practical results has earned us a strong reputation, fostering client loyalty and fuelling our expansion in the financial sector through positive word-of-mouth.
Additionally, in 2023, Gotham Security became an Abacus Group company; Abacus Group is led by a team that collectively has over 100 years of experience in the alternative investment industry, and our ability to blend both the companies’ in-depth expertise and understanding enables us to enhance our offering to financial services firms.
Lastly, through the innovative solutions we create like Panoptix, we can deliver actionable cybersecurity insight faster, more thoroughly, and easier to understand, more than ever before.
Q: Looking at the current landscape, what new cybersecurity challenges are emerging for the financial services industry?
A: The barrier to entry for malicious actors to leverage ever more sophisticated techniques in their ransomware attacks through the use of generative AI is a fairly large challenge for firms. Beyond creating more convincing phishing emails, malicious actors can use widely available open-source solutions to create realistic audio and video that impersonates specific individuals. This means advanced social engineering attacks that blend the lines with reality will become more common, and things like wire fraud attacks will likely rise. There have already been instances of malicious actors compromising a firm during a large deal and, at the last moment all the bank account numbers being changed by a hacker to intercept the funds from the deal.
Firms also face another challenge with generative AI, which is the secure integration of generative AI technologies within the organization. Obviously, generative AI also has tremendous potential to streamline many aspects of businesses, including some elements of security operations like monitoring. However, firms must establish clear policies around issues like data privacy, intellectual property and data accuracy. As generative AI becomes more widely used, it could open new avenues for sophisticated attacks through jailbreaking and prompt injection, which involves manipulating a generative AI agent to do the bidding of a malicious actor.
Cybersecurity regulations continue to evolve too, with financial services firms having to ensure they are fully aligned with the Digital Operational Resilience Act (DORA) in the EU and additional security requirements from the Securities and Exchange Commission (SEC) in the US. These highlight a shift to more stringent cybersecurity regulations across the financial services sector. Complying with them will require finance firms to adopt a more proactive cybersecurity stance than they have done in the past.
Typically, that will involve firms embracing new cybersecurity services, including full lifecycle risk management and effective policy writing, ensuring that policies are not just on paper but are actionable and robust. Organizations should also look to ensure that they view the changes they make not just as a compliance measure but also as part of a larger strategy to enhance their operational resilience and cybersecurity posture.
Q: How do you envision the cybersecurity landscape evolving over the next five years, especially in relation to financial services:
A: In the next five years, the field of cybersecurity is set to evolve dramatically, with artificial intelligence and automation playing more pivotal roles. We’ll see generative AI become a common staple with automating routine security tasks and allowing cybersecurity professionals to concentrate on complex issues that need human insight and creativity. Specifically in financial sectors, AI will play a crucial role in managing risks across expanding digital landscapes.
Cybersecurity teams will shift their focus towards ongoing monitoring and evaluating AI-driven recommendations, alongside strategic planning based on the latest trends. Additionally, strengthening partnerships between governments, private entities, and researchers will be essential to address new cyber threats across the industry.
Q: With the increasing importance of cybersecurity, how can financial services firms ensure they remain protected against the latest threats?
A: To safeguard against evolving cybersecurity threats, financial services firms must adopt a comprehensive strategy that integrates human expertise, effective processes, and robust technology. It’s essential for these firms to invest heavily in cybersecurity training for their employees, fostering a culture of security awareness. They should also deploy adaptable governance frameworks and automated systems to quickly spot and address vulnerabilities, particularly in hybrid infrastructures.
Collaborating with managed security service providers can enhance their defences by offering round-the-clock monitoring, risk management, and swift incident response. Crucially, executive leadership should promote collaboration across security, risk management, compliance, and business divisions, ensuring cybersecurity is a central element of strategic planning and digital innovation.
Editor-in-Chief since 2011.