Profile: Barry Abramowitz, CIO, Liberty Bank
Published On: December 6, 2016
INFORMATION SECURITY TAKES CENTER STAGE
As CIO of Liberty Bank, Barry Abramowitz’s responsibilities cover the entirety of technology operations for the company, including security operations. Liberty Bank is the oldest mutual bank in Connecticut with more than $4.5 billion in assets and 56 banking offices throughout the central, eastern, and shoreline areas of the state. “My role has shifted from 80% technology innovation and 20% security, to 80% security and 20% technology innovation. It’s just the nature of business now; security is front and center,” said Abramowitz.
“The shift in my focus is a byproduct of our environment. In banking, internet services have really taken off in the past decade, with mobile apps and the Internet of Things leading the change. More systems are connected, more business is done over the internet, so this creates more security issues. Twenty years ago, security was about access and asset management, now security is about protecting your business from the world.”
As head of the technology and operations division, Abramowitz leads a team of security engineers who implement the organization’s security controls. He also partners closely with the bank’s Risk Management organization which is responsible for information security policy and procedure. Abramowitz said, “In business today, security is everybody’s job, but my role is to be one of the thought leaders for the bank as we address information security. I work closely with the head of the Risk Management team to implement the necessary controls.”
TECHNOLOGY STRATEGY REFLECTS CORPORATE GOALS
Abramowitz and his team create a technology strategy to mirror and support the bank’s overall goals. The bank clearly states their goal to maintain a positive reputation with customer service, even as they grow their digital services, expand their market position and evolve to support more non face-to-face transactions with customers. Other important aspects to the bank’s success include maintaining a well-trained and engaged workforce and being responsive to risk and compliance requirements. “Those are our top corporate strategies. Relating to what I do and how our group performs, I take the corporate plan and develop a technology strategic plan to support it,” commented Abramowitz.
The bank’s current technology plan is focused on customer and employee self-service and security of those systems. The technology team is also focused on managing data in an effort to make Big Data more available and easier to digest and understand, and more secure.
Abramowitz’s team selected the NIST Cybersecurity framework as a way to measure and manage security efforts as well. He stated, “Once we decided to work within the NIST framework, we had an independent assessment to help us baseline our maturity level. This really helped us understand where we are as an organization and where we need to go. It helped us prioritize our efforts and gave us a way to measure success. We over-laid our risk assessment process on top of NIST and we have a good roadmap for our security program. Now we report our progress against NIST to the Board on a regular basis."
Abramowitz reports directly into the CEO, who approves his plan and budget, along with the Board. “Our CEO and Board are very engaged in cybersecurity and they recognize the importance of it to our organization.” Abramowitz foster’s this interest through regular interactions with the Board. He provides monthly reports and presents to the Board in person every two-to-three months. In those presentations Abramowitz focuses on making cybersecurity relatable to his audience, through emphasizing business impact and drawing comparisons to issues they may recognize as general technology consumers. “We have also brought in third parties to give perspective on security to the Board. That format also works very well,” he said.
EVOLUTION IN THE INDUSTRY OVER 20 YEARS
A key evolution Abramowitz experienced during his long tenure as CIO is the bank’s approach to technology purchasing decisions. Abramowitz said the emergence of numerous technology startups with impressive and innovative solutions, particularly in IT security, has made the bank more willing to make investments in technology solutions from emerging companies. “Previously, we had a minimum requirement of a certain number of years in business in order for us to work with a technology provider, but the technology market is evolving so rapidly, we are moving away from that requirement. Especially in security, we need to be able to evaluate the most cutting edge solutions that address today’s concerns best,” said Abramowitz.
Abramowitz does caution other CIOs and CISOs to look carefully at their existing assets and infrastructure before making additional purchases. “You have to be very pragmatic and go back and revisit your tool sets from time to time. Can we improve our current processes with existing systems? Are there updates or enhancements to our existing solutions that will solve a new problem we have encountered?” said Abramowitz. He continued, “We do a good job of tracking enhancements with our core banking system, and we are working to extend this to all of our systems. When new releases come out, we track all of enhancements, even if we do not implement them. The worst thing you can do is bring in a new provider to solve a problem that an existing system could address easily and cost efficiently.”
LOOKING BEYOND BANKING FOR INNOVATIVE SOLUTIONS AND EXPERTISE
“I am a committed community banker. I have been in banking my entire career and have many peers in my industry that I rely on for expertise and shared insights. What I do now is take myself out of my comfort zone. I routinely attend functions with representatives from other industries – such as healthcare, pharmaceuticals, insurance and manufacturing. Sometimes I am the only banker in the room. Because industries sometimes march in line, the group can overlook other ways to address issues and approach opportunities. Speaking with peers in other industries exposes me to new solutions,” said Abramowitz.
He continued, “Likewise, there are vendors who get strong footholds in different industries. This could be because of word of mouth, and those vendors may not be working with the financial services industry because of their traction elsewhere. But their solutions can be very relevant to our problems or what we are trying to accomplish. I have met a different set of vendors this way, and when we bring them into our environment it is very refreshing and very educational.” In general, Abramowitz believes it is necessary to stay educated and be open to new solutions in order to keep pace with emerging threats and issues facing businesses today.
Subscribe
Stay up to date with cyber security trends and more