How a BISO can help accelerate Fintech innovation

Show notes

Overview of Podcast

For this 15th episode of Access Control Podcast, a podcast providing practical security advice for startups, Developer Relations Engineer at Teleport Ben Arent chats with Alyssa Miller. Alyssa is a seasoned hacker and highly experienced security executive. Alyssa began her career programming for a Wisconsin-based provider of financial software and services. Later moving into a leadership role within the ethical hacking team, conducting pen tests and app assessments. This was followed by working in consulting, which provided a unique perspective on the challenges of the security industry, and then working across multiple organizations and high-level executives to address security at a strategic level.

This brings us to today, where Alyssa directs security strategy for S&P Global Ratings as a Business Information Security Officer (BISO). S&P Global is a 162-year-old finance services company, with over 50k employees. Today we’ll dive into how Fintech companies can learn the best practices and navigate the regulatory landscape, and how to embed these security practices to truly shift left and empower developers.

Key topics on Access Control Podcast: Episode 15 - How a BISO Can Help Accelerate Fintech Innovation

  • BISO is a fairly young role within cybersecurity that gets structured differently across organizations. A BISO's primary goal is to provide a bridge between the cybersecurity function of the organization and the individual business lines.
  • S&P Global Ratings, part of S&P Global, is focused on credit ratings for organizations and sovereign nations.
  • When looking to adopt new technologies, you have to consider what this means in terms of the regulatory environment.
  • If you're starting up a fintech, you're going to be working with regulatory bodies. Regulators can help you understand what the right ways are to be compliant with specific regulations.
  • The best thing you can do with a regulator is give them reason to trust you, by showing them that you're thinking about the things that you should be thinking about, and by doing the right things.
  • Compliance can be broader than regulation. Regulators such as SEC, FCA and ESMA vary based on the environment that they're in. The key is to work with them proactively.
  • Getting software to production involves what can be described as a three-headed monster of responsibility: software has to be delivered efficiently, has to be stable and has to be secure.

New comment

Your name or nickname, will be shown publicly
At least 10 characters long
By submitting your comment you agree that the content of the field "Name or nickname" will be stored and shown publicly next to your comment. Using your real name is optional.