InfoSec People Profile: Aster Key Co-Founder Brad Blumberg

By Roy Urrico

Finopotamus presents InfoSec People Profiles, a series spotlighting individuals working in information security (infosec), cybersecurity and/or information governance to protect data and transactions at credit unions, other financial institutions, and fintechs serving the financial services industry.

Aster Key Co-Founder Brad Blumberg sees his role in cybersecurity from a different perspective. “I actually call it data security, because we are protecting data as it moves through systems, which is a different way to think about security,” he told Finopotamus.

“Cybersecurity is both a technological and cultural challenge,” Blumberg said. “The C-suite, from small credit unions to mortgage firms of all sizes, must prioritize key actions to mitigate risks. They must implement strict access controls and enforce role-based access and least privilege for all employees. They also need to adopt multi-factor authentication and require it for all devices and systems.”

Blumberg grew up in Ventnor, N.J., which he describes as a beach town south of Atlantic City. He earned a bachelor's degree from Dickinson College in Carlisle, Penn.; and a master's degree from the University of Pennsylvania in Philadelphia.

He has served as managing partner in Blumberg Asset Management since 2000. Additionally, from 2008-2020, he was co-founder/CEO of Smarter Agent Mobile, a North American real estate SaaS (software as a service) platform in North America acquired by Keller Williams International.

Keeping Financial Data Safe

In 2022, Blumberg, co-founded Philadelphia-based Aster Key, an app that empowers consumers to anonymize, organize, and encrypt financial data on mobile phones. “In a world that takes your data, we make sure it is yours to keep—and profit from. Beautifully and securely organize all your financial data – off all servers, on the safest device you own – your mobile phone. Create encrypted financial statements stripped of personally identifiable information,” said Blumberg.

Consumer-facing technology often treats consumer data as a corporate asset, rather than respecting it as private, personal information temporarily entrusted to the company, according to Blumberg. Because of this people must share sensitive data too early in the lending process — such as Social Security numbers, banking accounts, income, and personal details — exposing it across multiple systems and increasing breach risks.

Security Falling Short

Industry-standard cybersecurity is falling short, suggested Blumberg. “Companies claim, ‘Your data is safe with us,’ but the truth is, data breaches are at an all-time high, and consumers are skeptical that their information is genuinely protected.”

Explained Blumberg, “The general movement is to let consumers empower their data more and get some control over who sees it (and) where it goes. If I have a Citibank, Capital One or Chase account, I can tell the large organizations to send my data wherever I want it to go.”

Aster Key, maintained Blumberg, is addressing the critical challenge of protecting consumer data throughout the homeownership journey, focusing on preventing the hacking of sensitive financial information used to secure a loan such as a mortgage.

Blumberg described Aster Key as a startup founded to protect consumer data when they apply for a loan with credit unions and financial institutions. “We create a digital wallet where consumers can store their personal and financial data – which is not on the credit’s unions servers, but which can be shared with the credit union by the consumer when they want to apply for a product,” said Blumberg.

“If I want to send it to something like what I am building on Aster Key, the rule is saying that the lender has to send your data, wherever you want and cannot put a bunch of barriers or fees in front of that. What that does, for me as a consumer, is it lets me control my data,” held Blumberg.

He also termed Aster Key’s method as “an innovative approach that looks at security from the consumer perspective as a way for credit unions to earn trust thru action.” He mentioned Google’s March 2025 purchase of the cybersecurity firm Wiz for $32 billion; and how Wiz customers felt protected from threats they did not know they needed. “Similarly, protecting consumer data off your system (with Aster Key) reduces the hacking surface – it’s a new way to think about security.”

Causing Sleepless Nights

“It’s not the threats, it’s the lack of perspective,” explained Blumberg about what keep him up at night regarding data security. He dived in deeper, “Cybersecurity tries to create fortresses to keep hackers out. We think that is a worthy goal, but impossible, as daily breaches in the news illustrate.”

Blumberg agreed with the cybersecurity basics. “Of course, you need the blocking and tackling of cybersecurity products, visibility into your systems, tracking of all connections and devices that enter. And the mix of technology and culture that every employee is mitigating risk as part of their mindset (yes do the two-factor, no personal stuff on office computers, scam awareness training).”

Nevertheless, Blumberg suggested what organizations such as financial institutions really need is a mindset reset, and tools that help with this, like Aster Key. “The reset is: consumer data is not your corporate asset! You are temporarily entrusted with it by your customers. You need to let them know and track ‘everything’ you do with it, where you send it. It should be opt in, not opt out. If you do not have a good reason (i.e., regulatory) why you want to use it, that will get them to opt-in, credit unions should not think you have the right to market to it.”

Top Cybersecurity Dangers

Blumberg recommends credit unions and other financial institutions should focus on the mix of culture and tech when it comes to cybersecurity. “I do think credit unions need more visibility into their systems to see what’s going on, detect strange things.”

He added, “they should look at services, like Aster Key, that solve problems in a complimentary fashion to what they are doing. That can become a marketing tool based on trust – like Apple does, when they try to protect their user in their systems as a fundamental consumer right.”

Blumberg also recommended, “Companies should explore more than ‘industry standard’ practices; they should embrace consumer empowerment, giving consumers control over their data with secure and private practices. Data sharing should be limited. Companies should be cautious when sharing data with vendors that do not meet security standards, and re-look at offshoring their customer's data. They should also advocate changes in outdated systems, such as credit bureau invasive practices and third-party tools that compromise data security.”