InfoSec People Profile: LexisNexis Risk Solutions' Kimberly Sutherland
Vice President, Fraud and Identity, Helps Organizations Evolve Technologically While Protecting Critical Data
By Roy Urrico
Finopotamus presents InfoSec People Profiles, a series spotlighting individuals working in information security, cybersecurity and information governance to protect data and transactions at credit unions and other financial institutions.
Kimberly Sutherland, vice president, fraud and identity, at Atlanta-based LexisNexis Risk Solutions, focuses on helping organizations, including financial institutions, evolve technologically while protecting critical and personal information.
Sutherland grew up and graduated high school in Louisville, Ky. before heading to college at Vanderbilt University in Nashville, Tenn. “I was 100% focused on becoming an obstetrician. I was pre-med, but I also loved the dynamics of organizations and people.”
She was on a fast track. “I was in a hurry, and I finished my undergraduate program in about two and a half years.” However, she decided to go to graduate school and eventually decided against becoming a doctor. “I wanted to help the broader society.”
Sutherland then enrolled in a master's program at Vanderbilt in public policy focusing on health policy. “I focused a lot on at-risk populations, so those that had the least access to healthcare, those that had the least access to information.” She ended up working on her PhD heavily focused on policy evaluation, economic indicators and statistics. “Data was at the core of all of it.” She was working on her dissertation, when she decided to again redirect her career path.
“I did not finish my dissertation,” recalled Sutherland. “I wanted to really embrace technology.” She ended up with a master's degree in public policy (from Vanderbilt) and a master's degree in technology management (from Otterbein University in Westerville, Ohio). “I really kind of grew my career from that standpoint, combining my passion for policy and evaluation with my desire to understand how technology was changing the shape of our world.”
Making It a Career
“I saw how technology was changing the way individuals were interacting,” Sutherland recalled about the late 1990s and early 2000s when she entered the workforce. She noted only about half of American households even had a computer at the time. (Census Bureau figures showed that 54 million households, or 51% percent, had one or more computers in 2000.) “This was very early in the whole process of how we consumers were starting to embrace using technology; and companies were trying to figure out how they were going to empower consumers to engage with them. That was kind of what drove me in everything.”
Her first major job in the technology space was as a telecom manager at RCI in the late 1990s. Sutherland explained, “If you were going to do some level of self-service, it was actually through making a phone call, and an interactive voice response (IVR) unit.” She followed that stint with positions at Lucent Technology and Avaya as a consultant designing phone systems.
“That is when we started focusing on how do you give permissions to people to make certain types of changes in systems. How do you manage what you can do with all this data that is coming in to make better models.”
Sutherland added she worked with a lot of mathematicians and statisticians in this process. “Then I became more of a consultant on understanding the problems of businesses and helping them to define processes and technology solutions to solve them.” That included identifying the impact and risks of information access.
In 2006, Sutherland began her career journey with LexisNexis Risk Solutions, which uses data and advanced analytics to provide insights that help businesses and governmental entities reduce risk and improve decisions. She started out as a strategic product manager, looking to “build out our product roadmaps to help other businesses in this space.” She added, “I have always kept that as my core. How do we help the consumer and how do we help the business both, achieve their goals?”
Gaining a Different View of Security
Because she has worked with customers around the world, she was able to observe “challenges that emerged in one region of the world that had not yet happened in another region.” This helped her gain a global perspective and understanding of specific differences in countries and regions. “Some of that is driven by culture. Some of that is driven by technology adoption. Some of that is driven by laws. I have always tried to pay attention to things across industries as well. Something might be happening in financial services that has not started to happen yet in retail e-commerce, but that will eventually start to impact things.”
Sutherland explained she initially approached information security and identity fraud from a different angle. “Because it was really around how do we empower consumers to perform actions.”
She referred to the challenge of keeping up with the acceleration of consumer interactivity from computers to laptops, to smartphones, and then to wearables. “How do we continue to make things more convenient for consumers and empower them and at the same time make it a secure process for businesses and the consumers.”
In her current position as vice president of fraud and identity, Sutherland concentrates on identifying customer needs, ensuring LexisNexis Risk Solutions has a portfolio of solutions that can address those needs and then help them to identify the company’s future roadmap. “Everything for me now has been very focused on how do we identify the right user and then keep out the wrong user. How do we help companies do that?”
Sutherland added, “Our focus is: How do we help reduce, identify and reduce risk for businesses? Because we are a B2B (business-to-business) company, we work directly with other companies, government agencies, and organizations around the world to help them in identifying risks and improving their business processes.”
She explained actionable information contains risk signals and intelligence to help companies make better decisions. “That is what we put our focus around. Sometimes that may come in the form of how you interact with a device. It might come in the form of how do you verify a consumer or a business.”
Staying Alert and Avoiding Sleepless Nights
Sutherland pointed out when businesses first started looking at customer rights and privileges and giving access to systems, it was from an employee perspective. “How you interact with employees is very different than how you interact with consumers,” said Sutherland. “You can tell an employee that they have to do 10 million things to get access to a system; but if a consumer feels that the process is too complicated, they will go to a different business, right?”
As a result, Sutherland noted much of her attention addresses protecting information systems while giving consumers more access to perform tasks on their own. “Because consumers want convenience.; they want to be able to do self-service; they want to also understand the processes behind the scenes. So, LexisNexis helps establish the relationship and then ensure that the person interacting remotely is still the same individual.”
That means keeping up with the speed of innovation and empowering the consumer relationship while walking the tight line between convenience, and security and privacy. “That (line) is always shifting and trying to make sure that we are doing it right is what keeps me up (at night),” said Sutherland.
She added, “It is not necessarily one threat, but it is just constantly understanding that technology evolves, expectations evolve, and taking advantage of systems, is where fraud just come into play. The biggest thing that keeps me up is just staying at the speed of (tech) evolution. People will find a new way to want to do things and we wanna find a way to make it better.”
Adapting to Business
Sutherland emphasized every business has different requirements, risk tolerances and governance models. “Solutions have to be flexible enough to accommodate the culture of the organization as well as the compliance requirements that might be in place.”
What about financial institutions? “Financial institutions are such a critical portion of our society because that is where we all hold our assets. Bad actors want access to those assets. This is something that financial institutions deal with every minute of the day,” said Sutherland. She added, “At the same time, how do they give their customers the ability to manage their own accounts and access and grow their assets?”
Sutherland added, “From a fraud and identity standpoint, consumers trust financial institutions typically more than any other organization they interact with,” said Sutherland. “I think that financial institutions will continue to evolve and offer more types of services because that is the one place that most consumers have the highest level of trust.”