SymWest 2026: The Stickley Interview

By Steve Jensen

Finopotamus sat down with Jim Stickley, CEO of Stickley on Security, who spoke at SymWest 2026 in Salt Lake City, May 7, 2026. The topic: security for credit unions

Finopotamus: What led you to speak here at SymWest?

Stickley: I've spoken at SymWest since the beginning of it. In the early years, they were so generous to me when I was starting companies. They were kind and let me speak. Now, my career has advanced and they ask me [again]. I feel I need to give back and take care of those who took care of me. When I had nothing, they were good to me. I owe so much to them.

Finopotamus: What’s your background with Jack Henry and Symitar?

Stickley: I'm CEO of both Mahalo Banking and Stickley on Security. Since Symitar is based in San Diego, we have had a long-standing relationship with them. When Jack Henry acquired Symitar, yes, the relationship did change, but I've stayed friendly with them. I love the people that are part of the Symitar culture – and really the whole credit union culture. These are all my friends. We've been at events together for 30 years and I know them so well. In the credit union industry, you might change jobs, but you stay in the same industry. We're like family, and it's really cool.

Finopotamus: What did you talk about this time at SymWest that was unique?

Stickley: Every session is unique. It would be boring if people had to hear the same thing twice. For this one, I really wanted to focus on things that really don't make a lot of mainstream news. Right now, there are some risks – you might end up with files on your computer, and criminals trick you into putting the file on your computer. You don't even know it's there. And then they contact you telling you your computer has been compromised when it hasn't. It's just this file. And you think, this file is on my computer and I put it there! And it's a picture of you from your phone and [then] you think, they must have hacked into my phone! You got into my computer! And so people pay ransoms, when there was no actual breach. And it's not that hard to do, especially using social media. And then you trick them using social engineering. So, people fall victim to these things. I showed [the audience] all that, and ways that you could actually get malware on your computer.

The world has changed. It used to be that people would say, “If you click a link your computer will be compromised." That's pretty rare now. Most of the time if you click a link, it will take you to a site where they ask for your credentials. Then you'll be compromised that way. The one click where your computer is compromised – generally it takes something more now. And I show them what that "something more" is.

Finopotamus: What's one other trend you're tracking that you didn't necessarily talk about in this presentation?

Stickley: Bots are everywhere. Bot detection is becoming certainly weak, because of AI. There are demos on YouTube where they show every CAPTCHA you can think of, and then they'll show bots solving every CAPTCHA you can think of – whether the bicycles, or where you have to slide the image a little ways or change the shadows. That's all child's play now. It's really changing. Then there are the controls that try to detect bots and see identifiers that will make it look like a bot. There are companies who do rating systems where they say, "Anyone who connects to this site, we do a rating scale of whether it's a bot or not, so between 1-100 – one being it's a bot, and one hundred being it's a person.” And then you can choose the number. So, 80 would probably be a human, and so they let that through. With these new bots out there, they're getting like 97 or 98. Humans get less than that! So, what do you do, block the people? So yes, I think bot detection is becoming very limited in its capabilities.

Finopotamus: How would you tie-in that point? And was there anything else you shared with the audience regarding AI?

Stickley: We're trying to help people understand the risks that are seeming to be ignored in the media. Everybody loves the sexy stories – where the malware is installed, and it does all this stuff, and it's all magic, and you didn't do anything. But those are TV ones. Those aren't really happening in real life. The real-life ones are generally humans making the mistakes, where it's 90% human error, and 10% technology. And generally, the technology is just tied to human error.

I also talked a little about AI and what's happening with Claude Mythos, where they're showing there's all these vulnerabilities. That is going to be changing the world. But I don't think it's the way people think. It's still going to be a lot of human mistakes tied in with it. It's generally vulnerabilities and systems that can be exploited. But it still takes some sort of human interaction for the person to make the mistake with those.

Finopotamus: Anything else you'd want people to take away from SymWest, and from your session, about the credit union industry?

Stickley: This group in general – and credit union user groups for any core – their whole purpose is for knowledge. I'm one small kernel in that whole popcorn bag. My one small piece was giving them cybersecurity. They're learning a ton more while they're here. That's why I think these user groups are so great. Because it's not just the education from the sessions. It's them talking amongst themselves. And they talk about all these different things they're doing. "This credit union is doing this … this one is doing that … that's a great idea!" And I love it, because they're competitors, but they're not. They still work together. Sometimes in other industries they get together for these kinds of user groups, and they're very closed off, or very scared to share anything, because they feel "you'll steal my secret sauce." But credit unions are not that way. They seem to be marching to the same cause. Kind of cool.