Never daunted. Financial services wonk. Avid beekeeper.
March 23, 2021
As the Managing Director of Promontory Financial Group, Judith Pinto leads some of the most complex cybersecurity and technology risk assessments for leading companies in the financial services, consumer products, retail and manufacturing sectors. She joined IBM in 2016, after its acquisition of Promontory. Pinto was selected to be part of the Industry Academy’s inaugural class of Distinguished Industry Leaders, prestigious thinkers who are globally recognized for their industry-transforming work and leadership.
You consult companies that operate in highly-regulated industries—big financial services businesses, manufacturers, and consumer products—what’s the toughest part of your job?
The majority of my focus is in financial services, helping institutions understand how to customize for businesses they’re in. It’s hard to create a cookie-cutter widget and then go from bank to bank to bank to bank. Each one is different. One financial institution may be an investment bank that does trading and maintains a retail presence. The next bank might just be only in investment management. Another might only do trading. So you’re constantly having to listen and learn and understand the cultures of these organizations, as well as their size, and the businesses that they’re in when working to develop a solution.
And you’re also assessing cybersecurity issues for these companies, right?
Correct. And based on the businesses that they are in, the exposure to cyber risks will likely be different. And so to build different solutions we have to really understand—and I’m going to throw out a jargon term—their risk profiles. That means figuring out how susceptible to cyber risks based on what they do.
Are they collecting personally-identifiable information such as a person’s social security number or their address? Or is it an organization that’s making investments in, say, oil and gas? Or are they involved in mergers and acquisitions? Each of these have a very different risk profile and have varying susceptibility to cyber risks.
So does this work look different now than it did before the pandemic?
Oh yeah. Absolutely.
First of all, I’m sitting at home. I’m not working from a hotel or from a client site. But also cyber risks have been different during this period. Think about when organizations had to accommodate their employees when remote work was the only way to keep business moving. They had to shift from their own protected, on-site networks where they controlled everything to a situation where people are connected to their own wi-fi networks where they aren’t changing the default password. Or maybe they’re sharing their equipment with a family member or child for schoolwork. It’s very different now, and so the risk landscape has grown. It’s not just the one corporate network, it’s the network of every employee working from home.
And you’re seeing more cybersecurity attacks?
Absolutely. If you look at a lot of retail banks, a lot of them have gone back to having their branches open, but initially they closed all their branches and those people were working from home and they’d never been provisioned to work from home. They didn’t have laptops or computers, they didn’t have all the things a remote worker would typically have. And so we definitely have seen an uptick in phishing scams.
Did the pandemic force the world to pause?
What we’ve seen with our clients is a huge push for digitization during the pandemic, they’re moving away from manual processes that require workers in the office.
This is seen through the economy. One great example that has nothing to do with IBM or cyber is my daughter, who works for Scholastic, the classroom management publisher. Pre-pandemic, they did all their publishing and layouts on paper in an office. And then all the sudden BOOM they weren’t in the office anymore. Again, even on a small-scale like that, businesses were being transformed in the blink-of-an-eye, and needed to pivot to more digital platforms to have people stay connected.
Now imagine that in banking, where you’ve had to reduce your retail presence which impacts foot traffic. You need to up your game in terms of mobile and online presence and the functionality that’s available online.
In your spare time you tend to what’s been described as a ‘bustling beehive.’ Are there any lessons you’ve picked up from beekeeping that you’ve applied to your work?
You are not in control. You have to learn to work with the environment. You can influence, but ultimately you’re not in control. With the bees, you know, bees have been doing their thing for millions of years, and I can do certain things to influence them by virtue of providing them a habitat, but ultimately I can’t force them to make honey and I can’t force them to go out and collect pollen. So I need to study the culture. I have to study their behavior and then adapt my way of management based on that.
IBM has long advocated that businesses embrace open, collaborative strategies—what do you think is the biggest benefit of this?
It might sound counterintuitive, but by embracing an open mindset, businesses are actually doubling down on security. One benefit is that you get the best of all ideas. As soon as you bring more minds together it’s more likely that you’ll come up with more robust solutions to problems.
Just as a little history, think about how IBM’s financial services cloud that came together through our work with Bank of America. Banks had tried to do this on their own a couple years ago and just couldn’t get to a common agreement about certain requirements. So we finally just said, ‘You know what, we’re just going to take this on. We’re going to do it.’ Now, other banks are interested.
Sometimes it just takes the right leadership to strike out and do the tough work of building something, and once it’s successful and it’s working, more people come on board. Creating pockets of like-minded folks—CIOs, chief technology officers, chiefs of information security, risk officers—to come up with a structured idea exchange will be important when looking to expand the number of institutions joining the cloud.
In your discussions with clients, how do you convey the power and benefits of IBM technology and expertise? How do you convince clients that they should invest in Hybrid Cloud, AI, or Quantum technology?
When I talk to clients, I convey that trust is a central part of our character and DNA, and it’s what grounds our commitment to hybrid cloud architecture being the best way to modernize the banking industry. A hybrid cloud platform gives clients choice, flexibility, and the ability to navigate privacy and regulatory hurdles in a way that makes sense for their business, their operations, and their customers. It also carves an easier pathway to other technologies, such as AI and automation, that deliver more efficiency and value to parts of their business that need to tap into that kind of innovation.
We’ve been working with financial services companies for decades, so we get the regulated environment. What better partner to have than someone who understands that you can’t just try the latest widget. IBM spends a lot of time on research and making sure its secure before it goes out. Combined with the deep regulatory expertise at Promontory, it’s a pretty strong team.
You weren’t just named one of the Industry Academy’s Distinguished Industry Leaders, you were in the inaugural class. One of six. How did that make you feel?
First of all, it’s funny because I misunderstood the announcement initially. I thought I was one-of-six people picked within financial services. I didn’t realize I was one-of-six from across the entire company. I was stunned at that point. It was a huge honor and a major milestone in my career.