As a service provider, Celero knows that protecting our client’s environments and members is critical, and that mindset has to start at the top.
Celero’s leading-edge technologies are built to protect credit unions and their members. With security at our core, Celero recognizes the importance of employees having security top of mind. This mindset has to come from leadership and be disseminated throughout the entire organization. A Chief Information Security Officer (CISO) is the senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The CISO at Celero is instrumental in strengthening our security posture, so to close out Fraud Prevention Month (#FPM2021), we sat down with Celero’s CISO, Matt Laba to learn more about his strategic direction and to shed light on Celero’s security roadmap.
What do you bring to the credit union system in terms of cybersecurity?
Matt: I spent several years as Director of Cybersecurity and Security Program Manager in past roles, which has allowed me to develop strong leadership skills which are extremely valuable in leading a structured security program. Secondly, my technical skills and background bring a lot of value with 35+ years in security and IT as an architect across several technical domains. These roles I’ve held have provided great insight into the doing the right things for the business as well as being forward-looking for the ever-evolving security environment.
One of the things I am always focused on is successful delivery of various security initiatives. After doing the right amount of planning and architecture, I diligently work with the teams to ensure we deliver on our security strategy and meet the security needs of our customers. The past 7 years I have successfully delivered large cybersecurity programs for a mid-sized oil and gas firm, as well as a major Telco for their primary SuperNet contract with the Government of Alberta.
What is your vision for Celero as a cyber-secure organization?
Matt: My vision is for Celero to be seen by credit unions and the industry as a leader in security. I want our clients to have confidence that Celero is properly securing their assets. This does not happen overnight, and I know it will take a fair bit of work but I’m ready to build on the solid foundation we already have.
To achieve my vision, we first need to establish a solid security baseline and framework for the organization (Celero and the credit unions), along with an ongoing security program and roadmap that addresses all security domains.
The overall goal of an ongoing security strategy and program is threefold. We need to:
- Improve our security posture or maturity level across multiple security domains year-after-year
- Reduce the cybersecurity risk that exists within technology (infrastructure, systems, data), processes and people
- Incorporate a flexible security strategy and roadmap that evolves and addresses the ongoing threat evolution
What have you been working on since you have started working at Celero?
Matt: Well, it has been some of the busiest months of my life — so much is on the go. Aside from getting to know the company and my team, I have been building on what is already working at Celero and also preparing the organization for the new evolutions in cybersecurity. Threat actors are always evolving so this is something that you have to stay on top of. Conducting security monitoring and threat detection reviews and building on that practice is something that we have already started doing and will continue into the future.
Since starting with Celero, I have spent a lot of time meeting with different credit unions across Canada to understand their security concerns and what they expect from a service provider like Celero. Additionally, with the recent re-organization at Celero, restructuring the core security team has been essential to building a solid security foundation going forward.
A main focus since starting has been the 2020 PCI audit where we are looking for certification in core banking again as well as expanding our certification to Celero Xchange™. Since joining Celero, I have initiated the completion of a Security Strategy Assessment to establish the baseline for our security program and roadmap going forward. Along with go-to-market strategies for our suite of Celero Security Services, I have also been involved in the IBM Hybrid Cloud and data centre modernization project, the creation of an Incident Response Retainer and evolving our data governance and management strategies.
How does Celero’s security architecture and framework protect Celero and our clients from fraud threats?
Matt: Security isn’t just one area but is made up of many domains that we need to seriously address. Celero’s security program has 10 major domains, with approximately 40 different sub domains in total. To holistically cover these by identifying gaps and threats and then implement ways to remediating these threats is a big job. We need a solid architecture, roadmap and framework to establish our security program – and from that, assess and provide the required security controls in each area to best protect our environment.
Celero can’t only focus on one security area (e.g. Vulnerability Management), we need to look at security holistically, which a solid security architecture and framework provides for us. By doing that, we create multiple layers of security, close the gaps and reduce the risk of fraudulent attacks.
What should credit unions know about the security landscape a year into the pandemic?
Matt: One of the biggest changes over the past year is the proliferation of a remote workforce as employees have been told to work from home because of Covid-19. Over the past several years I have emphasized at other organizations and to peers in the industry (I even gave a presentation at a security conference) the concept that, “The End User is the Security Perimeter”.
In the past, the firewall was the block, but now with a remote workforce, many organizations are extending their networks. We need to properly protect our endpoints (desktops, cell phones, etc.) from getting malware on them and also provide secured connectivity via VPN into the Celero environment using MFA. We still need to protect the network perimeter (firewalls, etc.) but it doesn’t end there.
In general the threats from nation states and others keep growing in number and sophistication every year. For example, the Solar Winds attack back in December 2020 was a major breach of a cybersecurity company, FireEye, by nation-state hackers. With the increased digitization in recent years including the banking platform, threats have evolved and improving Celero’s security posture never ends.
If you are interested in learning more about Celero’s security solutions or framework, please contact us or talk to your Celero Account Executive.
Editors note: This blog was originally published in March 2021 and has been updated for accuracy.