Member Spotlight: Bobby Dominguez, CISO, SVP, City National Bank
Security Practitioner Talks APTs, UBA & More
CISO Bobby Dominguez is an accomplished, results-driven technology, security and risk executive with 35-plus years experience directing Information Technology operations, bootstrapping Internet and e-commerce startups and transitioning them into efficient and profitable organizations, and aligning privacy, risk and security initiatives with business goals to deliver innovative, competitive advantages. He researches security vulnerability and compromise trends and develops strategies to combat emerging threats.
Dominguez has strong communication and interpersonal skills that allow him to partner with multiple constituencies – business management and technical contributors – to deliver effective solutions. He has demonstrated success in strategic planning, program management and technology transformation with a proven ability to lead and motivate high-performance teams. He has a track record of delivering critical risk, compliance and security solutions that enable organizations to secure critical assets, meet compliance objectives, reduce costs and generate positive, multi-million-dollar impact to the bottom line.
Today, he took time to answer a few questions for the Cyber Security Hub's October “Member Spotlight” edition.
1) What’s the coolest thing you are working on right now?
The coolest thing is enabling a data-centric security strategy at one of Florida’s fastest growing banks. The highly regulated banking industry usually is reluctant to adopt cloud technologies or other modern methods of computing due to the risks. They usually prefer centralized data and in-house or limited outsourced services on private networks. My bank has some ambitious goals, so a new approach was required. To enable the bank’s strategy, my team is deploying the first phase of a data-centric strategy – one where you don’t necessarily worry about where your data resides (internal or external server, mobile, etc.). You concern yourself only with what you want to protect (data) and who is accessing it.
This project leverages behavioral analytics at the end-user and network layers – deep monitoring of all activity, AI and machine learning, ubiquitous encryption, and a combination of role- and attribute-based access controls. It’s a multi-year program, but it’s rewarding to bring these technologies together in such a way as to meet regulatory requirements and yet stay agile and flexible. My team is loving the project and the results we have seen so far have exceeded my expectations.
2) What is the greatest technology invented in the last 10 years, and why?
The whole integrated Internet. This is a technology that was initially used for communication. Then it evolved into a storefront environment with flat web pages, then to actual stores and a true e-commerce medium. What we have today is an ecosystem that drives innovation and disruption across all sorts of industries. Cloud services, integrated add-ons, and all of these social platforms permit the average person to provide services that were the realm of large corporations in the past. Look at the growing number of “self-employed” people who work remotely, or in other countries, and never go to an office. They do billing, payroll, marketing, customer service and all other functions through the many services available on the Internet. Look at LinkedIn, Slack, Github, Uber, Amazon and the thousands of other startups that make use of the Web 2.0 world. This current incarnation of the World Wide Web is truly amazing.
3) What is the most interesting thing you’ve read or seen this week?
Interesting? Hmm, non-partisan here… I guess that we haven’t reached the bottom of acceptable behavior for politicians and the media that covers them. I never cease to wonder at how low we sink as a country. When will we hit rock bottom?
4) What’s the most ‘useless’ fact you know?
The strongest muscle, relative to its size, is the tongue.
5) What is your favorite way to spend free time?
Free time where I am “connected” is devoted to exploring and playing on the web (and dark web). But I like to disconnect and enjoy sailing, scuba, yoga and mostly meditation on the beach. Sometimes meditation involves a good IPA, lots of surf and sun, and an umbrella shade on the beach.
6) What is your biggest fear?
My biggest fear is a sustained nation-state attack against critical infrastructure, similar to what Iran did to the financial services industry in 2012-2013. And that was an overt attack. Imagine a quiet attack where the hackers lie low, basically an APT (advanced persistent threat) scenario, but where the intent is not theft, but to erase or damage data. Recovering from something like that is difficult. Protection is not trivial either, because anything is hackable. All we can do is take appropriate steps to minimize impact, but there will always be some impact.
Be Sure To Check Out: Member Spotlight: Dennis Leber, CISO, CHFS - Kentucky