CISO Uses His Ethical Hacker and Information Systems Security Certifications to Help Company Security and Compliance Efforts
By Roy Urrico
Finopotamus presents InfoSec People Profiles, a series spotlighting individuals working in information security, cybersecurity and information governance to protect data and transactions at credit unions and other financial institutions.
Chief Information Security Officer (CISO) David Bryant, of the St. Petersburg, Fla.-based PSCU, billed as “the nation’s premier payments credit union service organization (CUSO),” truly knows the information security business inside and out. As a Certified Ethical Hacker (CEH) and Certified Information Systems Security Professional (CISSP), he has the documentation to prove it.
Computers were not in his career plans, at least early on. “Oddly enough, I was not that interested in computers or technology in high school. I took a BASIC (Beginners' All-Purpose Symbolic Instruction Code) class on the old Tandy TRS-80s (from Radio Shack) and can say that it did not interest me much,” said Bryant.
All that has since changed. “Now I have a home lab with multiple self-built computers running tons of different operating systems. I built my own hacking lab and use it often to practice the techniques the bad guys use. This helps me better defend against them,” Bryant explained.
Changing Career Focus to Infosec
Bryant grew up in Memphis, Tenn. in an area he described as “pretty rural” at the time. However, his small-farm upbringing heavily helped him learn the value of hard work. “That was a really great way to grow up in my opinion as it teaches one the ability to be self-sufficient and that it takes effort to achieve success. Plus, I knew how to drive a tractor before I could drive a car!”
Bryant described his early education as standard. He attended Bartlett (Tenn.) High School and later the State Technical Institute at Memphis, where he graduated with honors.
After moving to Florida in the 1990s, Bryant attended a few local colleges to round out his education. He pointed out that originally his career path focused on network engineering, including several Microsoft certifications, such as Microsoft Certified Systems Engineer.
“The company I was working for in the late 1990s had an opening for an information security engineer,” said Bryant. He added, “I had an interest in the topic and I thought it would be a good opportunity to explore. I applied for the position and interviewed with someone that would later become a mentor and a friend. This one interview set me on a path that would shape the rest of my career.”
PSCU Taps Into His Information Security Expertise
Bryant joined PSCU in 2013 as the information security principal; became PSCU’s CISO, and vice president of information security and compliance CISO in 2017; and has served as the company’s CISO, and MVP of information security and compliance since March 2022.
“PSCU values information security at all levels and we are involved in everything from project work to standard security operations activities. We leverage best-of-breed tools and employ some of the best folks in the space,” noted Bryant. “We have also leveraged some great business partners to help augment the program as well as give us a second set of eyes on everything.”
As the CISO for PSCU, which supports 1,900 credit unions representing nearly seven billion transactions annually, Bryant has two teams that report to him. “One is responsible for the technical information security, incident response, security engineering, and security architecture programs. The other owns the technical compliance, identity management, and technical audit coordination functions.” Bryant added, “I am lucky that both areas are led by strong and very experienced leaders that make my job successful.”
Another important aspect of the team’s success is the support for information security at all levels of the company. “I have the great fortune to work at a place that highly values the security function with leadership that supports us throughout our mission.”
The Biggest Challenges to Security
Like all CISOs, cybersecurity threats occupy Bryant’s thoughts. “Probably the one thing that is foremost in my mind is ensuring that the human part of the security equation is well covered,” he said. “You can have the best tech in the world and all it takes is an inattentive end user to make all of that meaningless. Keeping folks educated and aware is the biggest challenge in my opinion.”
He maintained security can be a confusing topic to the average end user and the bad guys are getting better every day. “We need to keep our employees engaged to protect the business and make sure they know what to look out for. We use regular security awareness campaigns internally and test our folks to make sure the message is getting out there. It is also important to track results and correct any trends in the wrong direction quickly.”
Another issue impacting the entire industry, he noted, is the competition for good information security and technology compliance folks. “Hiring and retaining quality individuals is a challenge we all face in a space that has negative unemployment. There are far more jobs than candidates at this point.”
He believes the only way to solve the battle for security personnel is to support and provide what potential employees find important in their profession. “Salary is always a factor but there are other motivations that encourage good people to stay. Work/life balance, for example, is something that I have found is really tough to manage for security people.”
That means ensuring organizations hire enough staff to ensure employees can take uninterrupted paid time off. Bryant said, “PTO is a great attraction. If your security folks are buried and feel they cannot disconnect for a while, you will soon have someone not performing at their best, unhappy, and looking to make a move. This is not good for the employee nor the company.”